Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/netdiag-1.2/netload-1.2.2/netload.c
Examining data/netdiag-1.2/netwatch-1.3.1-2/bump.c
Examining data/netdiag-1.2/netwatch-1.3.1-2/core.h
Examining data/netdiag-1.2/netwatch-1.3.1-2/curs.c
Examining data/netdiag-1.2/netwatch-1.3.1-2/curs.h
Examining data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c
Examining data/netdiag-1.2/netwatch-1.3.1-2/gh.c
Examining data/netdiag-1.2/netwatch-1.3.1-2/lookdata.c
Examining data/netdiag-1.2/netwatch-1.3.1-2/netresolv.c
Examining data/netdiag-1.2/netwatch-1.3.1-2/netresolv.h
Examining data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c
Examining data/netdiag-1.2/netwatch-1.3.1-2/netwatch.h
Examining data/netdiag-1.2/netwatch-1.3.1-2/processinetrc.c
Examining data/netdiag-1.2/netwatch-1.3.1-2/semaphore.c
Examining data/netdiag-1.2/netwatch-1.3.1-2/semaphore.h
Examining data/netdiag-1.2/netwatch-1.3.1-2/services.c
Examining data/netdiag-1.2/netwatch-1.3.1-2/warning.c
Examining data/netdiag-1.2/statnet-3.8/curs.c
Examining data/netdiag-1.2/statnet-3.8/curs.h
Examining data/netdiag-1.2/statnet-3.8/getservent.c
Examining data/netdiag-1.2/statnet-3.8/if_getstats.c
Examining data/netdiag-1.2/statnet-3.8/inetprivate.h
Examining data/netdiag-1.2/statnet-3.8/interface.c
Examining data/netdiag-1.2/statnet-3.8/itstime.c
Examining data/netdiag-1.2/statnet-3.8/services.c
Examining data/netdiag-1.2/statnet-3.8/set_null.c
Examining data/netdiag-1.2/statnet-3.8/stat.h
Examining data/netdiag-1.2/statnet-3.8/stat_delta.c
Examining data/netdiag-1.2/statnet-3.8/stat_ntoh.c
Examining data/netdiag-1.2/statnet-3.8/statnet.c
Examining data/netdiag-1.2/statnet-3.8/statnetd.c
Examining data/netdiag-1.2/statnet-3.8/tally.c
Examining data/netdiag-1.2/statnet-3.8/tally_delta.c
Examining data/netdiag-1.2/statnet-3.8/tally_init.c
Examining data/netdiag-1.2/statnet-3.8/tally_label.c
Examining data/netdiag-1.2/statnet-3.8/tally_ntoh.c
Examining data/netdiag-1.2/statnet-3.8/win_show_stat.c
Examining data/netdiag-1.2/tcpblast-20011111/compat.h
Examining data/netdiag-1.2/tcpblast-20011111/daemon.c
Examining data/netdiag-1.2/tcpblast-20011111/discard.c
Examining data/netdiag-1.2/tcpblast-20011111/docs/orig/pieters/discard.c
Examining data/netdiag-1.2/tcpblast-20011111/docs/orig/pieters/tcpblast.c
Examining data/netdiag-1.2/tcpblast-20011111/docs/orig/tcpblast.bsd.c
Examining data/netdiag-1.2/tcpblast-20011111/docs/orig/tcpblast.c
Examining data/netdiag-1.2/tcpblast-20011111/docs/orig/udpblast.c
Examining data/netdiag-1.2/tcpblast-20011111/getopt.c
Examining data/netdiag-1.2/tcpblast-20011111/getopt.h
Examining data/netdiag-1.2/tcpblast-20011111/getopt1.c
Examining data/netdiag-1.2/tcpblast-20011111/strsep.c
Examining data/netdiag-1.2/tcpblast-20011111/tcpblast.c
Examining data/netdiag-1.2/tcpspray/tcpspray.c
Examining data/netdiag-1.2/trafshow-5.2.3/addrtoname.c
Examining data/netdiag-1.2/trafshow-5.2.3/addrtoname.h
Examining data/netdiag-1.2/trafshow-5.2.3/cisco_netflow.c
Examining data/netdiag-1.2/trafshow-5.2.3/cisco_netflow.h
Examining data/netdiag-1.2/trafshow-5.2.3/colormask.c
Examining data/netdiag-1.2/trafshow-5.2.3/colormask.h
Examining data/netdiag-1.2/trafshow-5.2.3/domain_resolver.c
Examining data/netdiag-1.2/trafshow-5.2.3/domain_resolver.h
Examining data/netdiag-1.2/trafshow-5.2.3/ethertype.h
Examining data/netdiag-1.2/trafshow-5.2.3/events.c
Examining data/netdiag-1.2/trafshow-5.2.3/events.h
Examining data/netdiag-1.2/trafshow-5.2.3/getkey.c
Examining data/netdiag-1.2/trafshow-5.2.3/getkey.h
Examining data/netdiag-1.2/trafshow-5.2.3/hashtab.c
Examining data/netdiag-1.2/trafshow-5.2.3/hashtab.h
Examining data/netdiag-1.2/trafshow-5.2.3/help_page.c
Examining data/netdiag-1.2/trafshow-5.2.3/help_page.h
Examining data/netdiag-1.2/trafshow-5.2.3/lookupa.c
Examining data/netdiag-1.2/trafshow-5.2.3/lookupa.h
Examining data/netdiag-1.2/trafshow-5.2.3/netstat.c
Examining data/netdiag-1.2/trafshow-5.2.3/netstat.h
Examining data/netdiag-1.2/trafshow-5.2.3/parse_dl.c
Examining data/netdiag-1.2/trafshow-5.2.3/parse_dl.h
Examining data/netdiag-1.2/trafshow-5.2.3/parse_ip.c
Examining data/netdiag-1.2/trafshow-5.2.3/parse_ip.h
Examining data/netdiag-1.2/trafshow-5.2.3/recycle.c
Examining data/netdiag-1.2/trafshow-5.2.3/recycle.h
Examining data/netdiag-1.2/trafshow-5.2.3/screen.c
Examining data/netdiag-1.2/trafshow-5.2.3/screen.h
Examining data/netdiag-1.2/trafshow-5.2.3/selector.c
Examining data/netdiag-1.2/trafshow-5.2.3/selector.h
Examining data/netdiag-1.2/trafshow-5.2.3/session.c
Examining data/netdiag-1.2/trafshow-5.2.3/session.h
Examining data/netdiag-1.2/trafshow-5.2.3/show_dump.c
Examining data/netdiag-1.2/trafshow-5.2.3/show_dump.h
Examining data/netdiag-1.2/trafshow-5.2.3/show_if.c
Examining data/netdiag-1.2/trafshow-5.2.3/show_if.h
Examining data/netdiag-1.2/trafshow-5.2.3/show_stat.c
Examining data/netdiag-1.2/trafshow-5.2.3/show_stat.h
Examining data/netdiag-1.2/trafshow-5.2.3/sll.h
Examining data/netdiag-1.2/trafshow-5.2.3/snprintf.c
Examining data/netdiag-1.2/trafshow-5.2.3/snprintf.h
Examining data/netdiag-1.2/trafshow-5.2.3/standard.h
Examining data/netdiag-1.2/trafshow-5.2.3/strcasecmp.c
Examining data/netdiag-1.2/trafshow-5.2.3/strftime.c
Examining data/netdiag-1.2/trafshow-5.2.3/trafshow.c
Examining data/netdiag-1.2/trafshow-5.2.3/trafshow.h
Examining data/netdiag-1.2/trafshow-5.2.3/util.c
Examining data/netdiag-1.2/trafshow-5.2.3/util.h
FINAL RESULTS:
data/netdiag-1.2/netload-1.2.2/netload.c:114:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (mask,argv[1]);
data/netdiag-1.2/netload-1.2.2/netload.c:387:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (mask,device);
data/netdiag-1.2/netload-1.2.2/netload.c:509:8: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
mail = popen (MAILER, "w");
data/netdiag-1.2/netwatch-1.3.1-2/bump.c:35:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(version,argv[1]);
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:306:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s,
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:338:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (db,
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:605:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tmpbuf, ctime (&mnew));
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:729:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (burst, ctime (&bursttime));
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:954:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (&status_lines[7][3],
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:958:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (&status_lines[8][3],
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:962:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (&status_lines[9][3], " Log file (" "P" " Command): %s ", mylog);
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:965:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (&status_lines[10][3],
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1008:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (simstr, simfmt,
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1353:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ttt,
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1357:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (&status_lines[3][3], "%s", ttt);
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1382:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ttt, "%*s %6ld %6ld", -curshosttrim - 1, thost,
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1386:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ttt, "%*s %6ld %6ld", -curshosttrim - 1, thost,
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1390:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ttt, "%*s %6ld %6ld", -curshosttrim - 1, thost,
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1396:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ttt, "%*s %8s %10s ", -cursproto, thost,
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1403:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ttt, "%*s %8s %5d ", -cursdest, thost,
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1409:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ttt, "%*s %u.%u.%u.%u ", -cursdest, thost,
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1416:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ttt, "%*s %u.%u.%u.%u ", -cursdest, thost,
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1421:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ttt, "%*s %10lu %10lu", -cursproto, thost,
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1426:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ttt, "%*s %10lu %10lu", -cursproto, thost,
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1431:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ttt, "%*s %10lu %10lu", -cursproto, thost,
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1437:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ttt, "%*s %02x:%02x:%02x:%02x:%02x:%02x", -cursproto,
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1443:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ttt, "%*s %02x:%02x:%02x:%02x:%02x:%02x", -cursproto,
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1448:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ttt, "%*s %-25s", -cursproto, thost, current->server);
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1452:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ttt, "%*s %-25s", -cursproto, thost,
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1459:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ttt, "%*s %15.2lf", -cursdest, thost,
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1464:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ttt, "%*s %15lu", -cursdest, thost,
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1472:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ttt, "%*s %15.2lf", -cursdest, thost,
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1477:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ttt, "%*s %15lu", -cursdest, thost,
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1483:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ttt, "%*s %-25s", -cursproto, thost, current->lastget);
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1615:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ttt,
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1647:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ttt, "%*s %6ld %6ld", -curshosttrim - 1, thost,
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1652:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ttt, "%*s %8s %10s ", -cursproto, thost,
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1659:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ttt, "%*s %8s %5d ", -cursdest, thost,
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1665:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ttt, "%*s %u.%u.%u.%u ", -cursdest, thost,
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1672:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ttt, "%*s %u.%u.%u.%u ", -cursdest, thost,
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1679:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ttt, "%*s %10lu %10lu", -cursproto, thost,
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1685:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ttt, "%*s %02x:%02x:%02x:%02x:%02x:%02x", -cursproto,
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1691:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ttt, "%*s %02x:%02x:%02x:%02x:%02x:%02x", -cursproto,
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1696:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ttt, "%*s %-25s", -cursproto, thost, current->server);
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1700:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ttt, "%*s %-25s", -cursproto, thost,
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1707:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ttt, "%*s %15.2lf", -cursdest, thost,
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1712:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ttt, "%*s %15lu", -cursdest, thost,
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1720:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ttt, "%*s %15.2lf", -cursdest, thost,
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1725:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ttt, "%*s %15lu", -cursdest, thost,
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1731:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ttt, "%*s %-25s", -cursproto, thost, current->lastget);
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1772:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ttt, "%s.%03d", speclogfile, speclogext);
data/netdiag-1.2/netwatch-1.3.1-2/gh.c:68:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (testname, home);
data/netdiag-1.2/netwatch-1.3.1-2/gh.c:70:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (testname, version);
data/netdiag-1.2/netwatch-1.3.1-2/gh.c:106:8: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
pp = popen("hostname --fqdn","r");
data/netdiag-1.2/netwatch-1.3.1-2/gh.c:110:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(&s[2],"Rpm:%s %s",version,saddr);
data/netdiag-1.2/netwatch-1.3.1-2/gh.c:117:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (saddr, "%u.%u.%u.%u Ver Rpm:%s with %s", maddr[0], maddr[1], maddr[2], maddr[3],
data/netdiag-1.2/netwatch-1.3.1-2/gh.c:122:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(saddr,"%s.%s %s",utsbf.nodename,utsbf.domainname,utsbf.machine);
data/netdiag-1.2/netwatch-1.3.1-2/gh.c:124:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(saddr,"%s.%s %s",utsbf.nodename,utsbf.__domainname,utsbf.machine);
data/netdiag-1.2/netwatch-1.3.1-2/gh.c:126:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (&s[2], "%s <%s> Host:%s \n",
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:735:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((narg = sscanf (tmpbuf, "%s %s %s %s", w1, w2, w3, w4)) >= 2)
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:1163:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (oldifr.ifr_name, ethdevname);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:1259:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (newstatsfile, statsfile);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:1263:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (newstatsfile, "%s.%s", statsfile, tarr);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:1268:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tmpbuf, ctime (&here));
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:1292:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (newstatsfile, statsfile);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:1295:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (newstatsfile, "%s.router.%s", statsfile, tarr);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:1482:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (debugstr, hexasc);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:1940:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (&status_lines[11][3],
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:1998:7: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp ("netresolv", "netresolv", NULL);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:2191:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(ssh_env,"%s %u %u",ssh_orig_addr_asc,&ssh_orig_port,&ssh_dest_port)!=3)
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:2206:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (progtitle, version);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:2267:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (oldifr.ifr_name, ethdevname);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:2301:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tif.ifr_name, ethdevname);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:2340:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ifr.ifr_name, ethdevname);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:2393:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s.%03d", speclogfile, speclogext);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:2492:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (oldifr.ifr_name, ethdevname);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:2900:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (work->ip_pr, ip_protocol_types[x]);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:2921:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmpbuf, "NetBus from %s to %s with len=%d", tpr, topr, wlen);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:2922:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (&status_lines[1][3], "%s", tmpbuf);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:2965:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmpbuf, "B.O. from %s to %s with len=%d", tpr, topr, wlen);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:2966:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (&status_lines[2][3], "%s", tmpbuf);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:3072:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (ss + 11, "%s %s", space, ftpversion);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:3363:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (ss + 11, "%s %s", space, ftpversion);
data/netdiag-1.2/netwatch-1.3.1-2/processinetrc.c:92:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
num = sscanf (buf, "%s %s %s %s %s %s %s %s %s",
data/netdiag-1.2/netwatch-1.3.1-2/services.c:62:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(place->name,name);
data/netdiag-1.2/netwatch-1.3.1-2/warning.c:60:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command,"mail %s < %s&",warnto,tmpname);
data/netdiag-1.2/netwatch-1.3.1-2/warning.c:61:4: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(command);
data/netdiag-1.2/statnet-3.8/interface.c:331:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ifr.ifr_name, ifname);
data/netdiag-1.2/statnet-3.8/interface.c:336:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ifr.ifr_name, ifname);
data/netdiag-1.2/statnet-3.8/interface.c:344:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ifr.ifr_name, ifname);
data/netdiag-1.2/statnet-3.8/interface.c:350:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ifr.ifr_name, ifname);
data/netdiag-1.2/statnet-3.8/interface.c:360:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ifr.ifr_name, ifname);
data/netdiag-1.2/statnet-3.8/interface.c:367:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ifr.ifr_name, ifname);
data/netdiag-1.2/statnet-3.8/interface.c:374:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ifr.ifr_name, ifname);
data/netdiag-1.2/statnet-3.8/interface.c:380:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ifr.ifr_name, ifname);
data/netdiag-1.2/statnet-3.8/interface.c:387:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ifr.ifr_name, ifname);
data/netdiag-1.2/statnet-3.8/interface.c:399:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ifr.ifr_name, ifname);
data/netdiag-1.2/statnet-3.8/interface.c:405:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ifr.ifr_name, ifname);
data/netdiag-1.2/statnet-3.8/interface.c:411:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ifr.ifr_name, ifname);
data/netdiag-1.2/statnet-3.8/interface.c:417:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ifr.ifr_name, ifname);
data/netdiag-1.2/statnet-3.8/interface.c:429:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ifr.ifr_name, ifname);
data/netdiag-1.2/statnet-3.8/interface.c:441:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ifr.ifr_name, ifname);
data/netdiag-1.2/statnet-3.8/interface.c:446:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ifr.ifr_name, ifname);
data/netdiag-1.2/statnet-3.8/interface.c:451:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ifr.ifr_name, ifname);
data/netdiag-1.2/statnet-3.8/interface.c:456:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ifr.ifr_name, ifname);
data/netdiag-1.2/statnet-3.8/interface.c:468:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ifr.ifr_name, ifname);
data/netdiag-1.2/statnet-3.8/statnetd.c:137:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( interface_name, ETH);
data/netdiag-1.2/statnet-3.8/statnetd.c:196:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( interface_name, ETH);
data/netdiag-1.2/statnet-3.8/statnetd.c:345:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (oldifr.ifr_name, interface_name);
data/netdiag-1.2/tcpblast-20011111/tcpblast.c:539:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(verstr, vdate);
data/netdiag-1.2/tcpblast-20011111/tcpblast.c:598:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(srate, optarg); break;
data/netdiag-1.2/trafshow-5.2.3/colormask.c:122:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if ((b = strchr(strcpy(f, s), ':')) != NULL) *b++ = '\0';
data/netdiag-1.2/trafshow-5.2.3/colormask.c:283:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
cp = strcpy(buf, str);
data/netdiag-1.2/trafshow-5.2.3/colormask.c:378:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(buf, cp);
data/netdiag-1.2/trafshow-5.2.3/colormask.c:382:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(buf, progname);
data/netdiag-1.2/trafshow-5.2.3/colormask.c:385:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(buf, progname);
data/netdiag-1.2/trafshow-5.2.3/colormask.c:415:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
num = sscanf(buf, "%s %s %s %s\n", s1, s2, s3, s4);
data/netdiag-1.2/trafshow-5.2.3/getkey.c:615:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(cut_buf, prompt_buf);
data/netdiag-1.2/trafshow-5.2.3/getkey.c:638:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(cut_buf, &prompt_buf[cur]);
data/netdiag-1.2/trafshow-5.2.3/screen.c:178:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf+2, fmt, ap);
data/netdiag-1.2/trafshow-5.2.3/session.c:472:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
rest = strlen(strcpy(buf, sd->buf));
data/netdiag-1.2/trafshow-5.2.3/show_dump.c:137:30: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
live_pcap = pcap_open_live(strcpy(name, ph->name),
data/netdiag-1.2/trafshow-5.2.3/show_dump.c:150:22: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (pcap_lookupnet(strcpy(name, ph->name), &net, &mask, buf) < 0) {
data/netdiag-1.2/trafshow-5.2.3/show_dump.c:418:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(src_addr, intoa(ns->ip_src_addr.ip_addr.s_addr));
data/netdiag-1.2/trafshow-5.2.3/show_dump.c:419:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(dst_addr, intoa(ns->ip_dst_addr.ip_addr.s_addr));
data/netdiag-1.2/trafshow-5.2.3/show_dump.c:428:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(src_addr, etheraddr_string(ns->eth_src_addr));
data/netdiag-1.2/trafshow-5.2.3/show_dump.c:429:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(dst_addr, etheraddr_string(ns->eth_dst_addr));
data/netdiag-1.2/trafshow-5.2.3/show_stat.c:182:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(dst, buf);
data/netdiag-1.2/trafshow-5.2.3/show_stat.c:183:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else (void)strcpy(&dst[size - len - 1], buf);
data/netdiag-1.2/trafshow-5.2.3/show_stat.c:208:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(dst, buf);
data/netdiag-1.2/trafshow-5.2.3/show_stat.c:209:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else (void)strcpy(&dst[size - len - 1], buf);
data/netdiag-1.2/trafshow-5.2.3/snprintf.c:457:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int snprintf (char *str, size_t sz, const char *format, ...)
data/netdiag-1.2/trafshow-5.2.3/snprintf.c:463:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
ret = vsnprintf (str, sz, format, args);
data/netdiag-1.2/trafshow-5.2.3/snprintf.c:512:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int vsnprintf (char *str, size_t sz, const char *format, va_list args)
data/netdiag-1.2/trafshow-5.2.3/snprintf.h:38:21: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
extern int vsnprintf (char *str, size_t sz, const char *format, va_list args);
data/netdiag-1.2/trafshow-5.2.3/snprintf.h:39:21: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
extern int snprintf (char *str, size_t sz, const char *format, ...);
data/netdiag-1.2/trafshow-5.2.3/strftime.c:391:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void) sprintf(buf, format, n);
data/netdiag-1.2/trafshow-5.2.3/trafshow.c:369:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(cp, linkaddr_string((u_char *)ifr.ifr_hwaddr.sa_data,
data/netdiag-1.2/trafshow-5.2.3/trafshow.c:490:22: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (pcap_lookupnet(strcpy(name, ph->name), &net, &mask, buf) < 0) {
data/netdiag-1.2/trafshow-5.2.3/trafshow.h:74:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf x;\
data/netdiag-1.2/netload-1.2.2/netload.c:384:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
netrc = getenv ("HOME");
data/netdiag-1.2/netwatch-1.3.1-2/gh.c:58:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((hostp = getenv ("HOSTNAME")) == NULL)
data/netdiag-1.2/netwatch-1.3.1-2/gh.c:64:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((homep = getenv ("HOME")) == NULL)
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:2037:18: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((op = getopt (argc, argv, "kH:R:L:S:bfzi:m:ns:l:hu:tc:e:")) != EOF)
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:2183:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ssh_env = getenv("SSH_CLIENT");
data/netdiag-1.2/statnet-3.8/statnet.c:134:20: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((op = getopt (argc, argv, "acghik:pstu")) != EOF)
data/netdiag-1.2/statnet-3.8/statnetd.c:178:20: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((op = getopt (argc, argv, "acdghik:n:pstuw:")) != EOF)
data/netdiag-1.2/tcpblast-20011111/discard.c:161:18: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
if ((optchar = getopt_long (argc, argv, "46fhim:p:tu", long_options, NULL)) == -1) break;
data/netdiag-1.2/tcpblast-20011111/docs/orig/pieters/tcpblast.c:118:20: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((optchar = getopt_long (argc, argv, "tup:rs:b:d:T:Vh", long_options, NULL)) != EOF)
data/netdiag-1.2/tcpblast-20011111/docs/orig/pieters/tcpblast.c:123:13: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
case 'r': srand(0 /* may be an option */); randomb=1; break;
data/netdiag-1.2/tcpblast-20011111/getopt.c:210:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
#ifndef getenv
data/netdiag-1.2/tcpblast-20011111/getopt.c:211:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
extern char *getenv ();
data/netdiag-1.2/tcpblast-20011111/getopt.c:403:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
posixly_correct = getenv ("POSIXLY_CORRECT");
data/netdiag-1.2/tcpblast-20011111/getopt.c:975:1: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
getopt (argc, argv, optstring)
data/netdiag-1.2/tcpblast-20011111/getopt.c:1005:11: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt (argc, argv, "abc:d:0123456789");
data/netdiag-1.2/tcpblast-20011111/getopt.h:145:12: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
extern int getopt (int __argc, char *const *__argv, const char *__shortopts);
data/netdiag-1.2/tcpblast-20011111/getopt.h:147:12: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
extern int getopt ();
data/netdiag-1.2/tcpblast-20011111/getopt.h:151:12: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
extern int getopt_long (int __argc, char *const *__argv, const char *__shortopts,
data/netdiag-1.2/tcpblast-20011111/getopt.h:164:12: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
extern int getopt ();
data/netdiag-1.2/tcpblast-20011111/getopt.h:166:12: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
extern int getopt_long ();
data/netdiag-1.2/tcpblast-20011111/getopt1.c:67:1: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
getopt_long (argc, argv, options, long_options, opt_index)
data/netdiag-1.2/tcpblast-20011111/getopt1.c:123:11: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "abc:d:0123456789",
data/netdiag-1.2/tcpblast-20011111/tcpblast.c:567:18: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
if ((optchar = getopt_long (argc, argv, "46ab:c:d:hi:l:mop:qrR:s:S:t:vVx:", long_options, NULL)) == -1) break;
data/netdiag-1.2/tcpblast-20011111/tcpblast.c:774:15: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (randomb) srand(t0.tv_usec); /* more less... */
data/netdiag-1.2/tcpspray/tcpspray.c:103:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "vehb:n:f:d:")) != -1) {
data/netdiag-1.2/trafshow-5.2.3/colormask.c:377:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cp = getenv("HOME")) != 0) {
data/netdiag-1.2/trafshow-5.2.3/events.c:120:23: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
tvp->tv_usec = (long)random() % 1000000L;
data/netdiag-1.2/trafshow-5.2.3/screen.c:88:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cp = getenv("LINES")) != NULL)
data/netdiag-1.2/trafshow-5.2.3/screen.c:93:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cp = getenv("COLUMNS")) != NULL)
data/netdiag-1.2/trafshow-5.2.3/trafshow.c:115:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((op = getopt(argc, argv, "a:bc:i:ns:u:pF:R:P:vh?")) != EOF) {
data/netdiag-1.2/netload-1.2.2/netload.c:72:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char content [PROC_DEV_SIZE];
data/netdiag-1.2/netload-1.2.2/netload.c:77:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mask [6];
data/netdiag-1.2/netload-1.2.2/netload.c:96:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dormant = atoi (argv [3]);
data/netdiag-1.2/netload-1.2.2/netload.c:126:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((source=fopen ("/proc/net/dev","r")) == NULL)
data/netdiag-1.2/netload-1.2.2/netload.c:163:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device [5];
data/netdiag-1.2/netload-1.2.2/netload.c:352:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (c==4 && strcmp (v[2],"-t") == 0 && atoi (v[3]) == 0)
data/netdiag-1.2/netload-1.2.2/netload.c:374:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char content [10000];
data/netdiag-1.2/netload-1.2.2/netload.c:375:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mask [6];
data/netdiag-1.2/netload-1.2.2/netload.c:385:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
netrc = strcat ( netrc,"/.netloadrc");
data/netdiag-1.2/netload-1.2.2/netload.c:397:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((source=fopen (netrc,"r")) == NULL)
data/netdiag-1.2/netload-1.2.2/netload.c:404:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((source=fopen (netrc,"w+")) == NULL )
data/netdiag-1.2/netload-1.2.2/netload.c:459:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
aperiod = atoi (period) * 60;
data/netdiag-1.2/netload-1.2.2/netload.c:483:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sfactor = atoi (line);
data/netdiag-1.2/netload-1.2.2/netload.c:517:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
source = fopen (netrc,"r");
data/netdiag-1.2/netwatch-1.3.1-2/bump.c:19:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char version[180];
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:103:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char status_lines[MAXSTATUS][STATUSSIZE];
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:137:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char progtitle[60];
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:161:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MAGNABUFSIZE];
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:169:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char magnamatch[RESOLVE_MAX];
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:184:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char nw_allname[256];
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:187:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char nw_remname[256];
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:190:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char nw_locname[256];
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:193:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char nw_indivmain[256];
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:196:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char nw_simfile[256];
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:218:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sn[80];
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:222:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sn, "UNK %d", port);
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:288:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s,
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:298:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s, "\\3UDP DPORT:\\2%5d\\3 SPORT:\\2%5d", ntohs (p->dest),
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:318:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char darr[20];
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:320:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sarr[20];
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:396:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bform[1024];
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:501:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmbuf[80];
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:502:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmpbuf[512];
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:508:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char burst[512];
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:525:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ttt[512];
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:526:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char thost[256];
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:571:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char simstr[20];
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:713:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (&status_lines[0][scrmid - 12], " ROUTER %13.3g kbits/sec ",
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:917:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (&status_lines[0][MCOLS - 15], " Eth:%8ld ", ethcnt);
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:927:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (&status_lines[4][3],
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:932:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (&status_lines[5][3],
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:939:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (&status_lines[6][3],
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:946:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (&status_lines[6][3],
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:951:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (&status_lines[6][3], " < NO RELOADING INITIALIZED >");
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:974:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (&status_lines[12][3], "REPEATS=%d", dupcount);
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:976:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (&status_lines[12][3], "USING FIFO=%d FIFOVAL=%d",
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1773:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpspeclog = fopen (ttt, "w");
data/netdiag-1.2/netwatch-1.3.1-2/gh.c:30:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[256];
data/netdiag-1.2/netwatch-1.3.1-2/gh.c:34:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char home[256];
data/netdiag-1.2/netwatch-1.3.1-2/gh.c:35:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char testname[128];
data/netdiag-1.2/netwatch-1.3.1-2/gh.c:36:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lhostname[80];
data/netdiag-1.2/netwatch-1.3.1-2/gh.c:38:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned char localaddr[4];
data/netdiag-1.2/netwatch-1.3.1-2/gh.c:51:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char maddr[40];
data/netdiag-1.2/netwatch-1.3.1-2/gh.c:52:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char saddr[256];
data/netdiag-1.2/netwatch-1.3.1-2/gh.c:59:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (lhostname, "LOCAL");
data/netdiag-1.2/netwatch-1.3.1-2/gh.c:69:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (testname, "/.netwatch.");
data/netdiag-1.2/netwatch-1.3.1-2/gh.c:71:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (testname, "r")) != NULL)
data/netdiag-1.2/netwatch-1.3.1-2/gh.c:81:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (testname, "w");
data/netdiag-1.2/netwatch-1.3.1-2/gh.c:92:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy (mh->h_addr, maddr, mh->h_length);
data/netdiag-1.2/netwatch-1.3.1-2/gh.c:101:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy (hc, &name.sin_addr, 4);
data/netdiag-1.2/netwatch-1.3.1-2/lookdata.c:18:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/netdiag-1.2/netwatch-1.3.1-2/lookdata.c:22:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2048];
data/netdiag-1.2/netwatch-1.3.1-2/lookdata.c:154:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(argv[1],"r"))==NULL)
data/netdiag-1.2/netwatch-1.3.1-2/netresolv.c:84:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[40]; /* Worst case scenario for %u conversions */
data/netdiag-1.2/netwatch-1.3.1-2/netresolv.c:87:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%u.%u.%u.%u",p[0],p[1],p[2],p[3]);
data/netdiag-1.2/netwatch-1.3.1-2/netresolv.c:244:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dfp = fopen("dbugfile","w");
data/netdiag-1.2/netwatch-1.3.1-2/netresolv.h:15:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[RESOLVE_MAX];
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:159:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char progtitle[60];
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:160:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mylog[MAXFILENAME] = "/root/.log";
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:161:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char specconfigfile[MAXFILENAME] = "/root/.netwatch.conf";
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:281:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssh_orig_addr_asc[40];
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:307:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmstring[256] = "%Y.%m.%d.%H.%M";
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:337:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char status_lines[MAXSTATUS][STATUSSIZE];
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:343:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char configfile[MAXFILENAME] = "/etc/rc.d/rc.inet1";
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:344:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statsfile[MAXFILENAME] = "/etc/netwatch.stats";
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:345:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newstatsfile[MAXFILENAME];
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:347:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ethdevname[64] = "eth0";
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:364:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MAGNABUFSIZE];
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:372:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magnamatch[RESOLVE_MAX];
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:383:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char netmask[4] = { 255, 255, 255, 0 };
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:384:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char localaddr[4];
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:428:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[512];
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:429:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char speclogfile[MAXFILENAME] = "/root/.watchlog";
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:462:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char repeatbuf[512];
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:473:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char workingmac[ETH_ALEN];
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:485:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[SN_RCV_BIGBUFSIZE + 1];
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:486:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rbuf[SN_RCV_BIGBUFSIZE + 1];
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:495:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char filler[20];
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:499:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char filler2[12];
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:541:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nw_allname[256] = "/root/nw_allpackets";
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:544:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nw_remname[256] = "/root/nw_rempackets";
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:547:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nw_locname[256] = "/root/nw_locpackets";
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:550:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nw_indivmain[256] = "/root/nw_indiv.";
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:553:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nw_simfile[256] = "";
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:566:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char userwarn[512] = "noone@xxx.xxx.xxx"; /* ENTER your MAIL Address here.. */
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:567:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fishstring[512] = "";
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:587:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fifoname[256] = "/root/.netwatch.pipe";
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:723:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char w1[140], w2[140], w3[140], w4[140];
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:727:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (specconfigfile, "r")))
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:756:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sYELLOWTIME = atoi (w2);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:758:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sREDTIME = atoi (w2);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:760:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sGREENTIME = atoi (w2);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:838:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
simkeyrate = atoi (w2);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:873:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
reload_timer_sec = 60 * atoi (w4);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:885:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
reload_timer_sec = 60 * atoi (w2);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:930:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (&status_lines[11][3],
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:951:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (&status_lines[3][3],
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:959:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (&status_lines[3][3],
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:978:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (&status_lines[3][3],
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:1185:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmphost[RESOLVE_MAX];
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:1192:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (tmphost, "<unresolved>");
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:1249:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tarr[80];
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:1265:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (newstatsfile, "a");
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:1297:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (newstatsfile, "a");
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:1413:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p[MAXSTAT];
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:1416:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mess[512];
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:1463:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char debugstr[1024];
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:1464:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hexasc[10];
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:1480:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (hexasc, " %02X ", key);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:1675:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
simfp = fopen (nw_simfile, "r");
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:1936:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (&status_lines[1][3], " < NO NetBus attacks found to date > ");
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:1937:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (&status_lines[2][3],
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:1939:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (&status_lines[3][3], " < NO BAD MAC Addresses seen to date > ");
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:2146:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
simkeyrate = atoi (optarg);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:2205:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (progtitle, "NETWATCH Simulator ");
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:2385:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fifo = open (fifoname, O_RDWR);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:2394:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpspeclog = fopen (buf, "w");
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:2552:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ascii, "%u.%u.%u.%u ", naddr[0], naddr[1], naddr[2],
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:2646:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fishbuf[256];
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:2746:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tpr[30];
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:2747:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char topr[30];
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:2748:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nam[256];
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:2766:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
work->plog = open (nam, O_APPEND | O_WRONLY);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:2769:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
work->plog = open (nam, O_APPEND | O_CREAT | O_WRONLY,00660);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:2902:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (work->ip_pr, "UNK %d", x);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:2904:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (work->ip_pr, "ILL %d", x);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:3005:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char space[512];
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:3006:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ftpversion[512];
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:3099:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (work->mac, fillmac, sizeof (fillmac));
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:3100:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (work->badmac, fillmac, sizeof (fillmac));
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:3123:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (work->mac, workingmac, ETH_ALEN);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:3127:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (work->name, "%u.%u.%u.%u", pk[0], pk[1], pk[2], pk[3]);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:3159:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (work->badmac, workingmac, ETH_ALEN);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:3168:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (work->mac, workingmac, ETH_ALEN);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:3216:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (magna[magnacnt++].buf, buf, wlen);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:3275:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (work->badmac, fillmac, sizeof (fillmac));
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:3280:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (work->mac, workingmac, ETH_ALEN);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:3286:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (work->mac, fillmac, sizeof (fillmac));
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:3289:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (work->name, "%u.%u.%u.%u", pk[0], pk[1], pk[2], pk[3]);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:3318:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (work->badmac, workingmac, ETH_ALEN);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:3408:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (magna[magnacnt++].buf, buf, wlen);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:3441:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
nw_fprem = fopen (nw_remname, "a");
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:3492:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
nw_fploc = fopen (nw_locname, "a");
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:3661:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (workingmac, ((struct ether_head *) buf)->h_source, ETH_ALEN);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:3666:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
nw_fpall = fopen (nw_allname, "a");
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:3796:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char devnames[MAXDEVS][MAXDEVNAME]; /* init to empty... in initialization */
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:3921:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (rbuf, buf, length);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:3979:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
repeatcount = atoi (repeatbuf);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:4360:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
simfp = fopen (nw_simfile, "r");
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.h:193:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXTERN_DEF char ip_protocol_types[SN_MAX_IP_PORT+1][SN_PORT_TYPE_LEN+1];
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.h:198:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXTERN_DEF char sap_port_types[SN_MAX_SAP+1][SN_PORT_TYPE_LEN+1];
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.h:199:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXTERN_DEF char protocol_types[SN_MAX_PROTO_DESC+1][SN_PORT_TYPE_LEN+1];
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.h:201:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXTERN_DEF char icmp_types[ICMPMAX+2][SN_PORT_TYPE_LEN+1];
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.h:225:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char addr[4];
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.h:226:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char othaddr[4];
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.h:227:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[RESOLVE_MAX];
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.h:228:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip_pr[15];
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.h:229:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mac[6]; /* ETH_ALEN!!!! */
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.h:230:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char badmac[6]; /* ETH_ALEN!!!! */
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.h:237:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char server[26];
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.h:238:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lastget[26];
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.h:239:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ftpserver[26];
data/netdiag-1.2/netwatch-1.3.1-2/processinetrc.c:16:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[256];
data/netdiag-1.2/netwatch-1.3.1-2/processinetrc.c:17:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char temp[200];
data/netdiag-1.2/netwatch-1.3.1-2/processinetrc.c:81:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[255];
data/netdiag-1.2/netwatch-1.3.1-2/processinetrc.c:84:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devname[10], dest[20], gateway[20], flags[10], ref[10];
data/netdiag-1.2/netwatch-1.3.1-2/processinetrc.c:85:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char met[10], use[10], mask[20], rest[80];
data/netdiag-1.2/netwatch-1.3.1-2/processinetrc.c:97:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((atoi (flags) & 1) == 1) /* Thanks Dave...! */
data/netdiag-1.2/netwatch-1.3.1-2/processinetrc.c:131:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen ("/proc/net/route", "r")))
data/netdiag-1.2/netwatch-1.3.1-2/processinetrc.c:137:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (configfile, "r");
data/netdiag-1.2/netwatch-1.3.1-2/services.c:26:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(icmp_types[ICMPMAX+1],"UNK-ICMP");
data/netdiag-1.2/netwatch-1.3.1-2/services.c:90:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ip_protocol_types[temp_int], "%d:", temp_int);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:195:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sap_port_types[temp_int], "0x%02X:", temp_int);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:266:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (protocol_types[temp_int], "%d", temp_int);
data/netdiag-1.2/netwatch-1.3.1-2/warning.c:7:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmpname[256];
data/netdiag-1.2/netwatch-1.3.1-2/warning.c:8:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char command[256];
data/netdiag-1.2/netwatch-1.3.1-2/warning.c:9:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char warnto[256] = { 0 };
data/netdiag-1.2/netwatch-1.3.1-2/warning.c:42:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpfp = fopen(tmpname,"w");
data/netdiag-1.2/statnet-3.8/getservent.c:53:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[BUFSIZ+1];
data/netdiag-1.2/statnet-3.8/getservent.c:55:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *serv_aliases[MAXALIASES];
data/netdiag-1.2/statnet-3.8/getservent.c:66:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
servf = fopen(LOCALDB, "r" ); /* Open services file inn current directory when magic number given. */
data/netdiag-1.2/statnet-3.8/getservent.c:71:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
servf = fopen(STATDB, "r" ); /* Open Statnet services file when magic number given. */
data/netdiag-1.2/statnet-3.8/getservent.c:73:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
servf = fopen(SERVDB, "r" );
data/netdiag-1.2/statnet-3.8/getservent.c:121:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
serv.s_port = htons((u_short)atoi(p));
data/netdiag-1.2/statnet-3.8/if_getstats.c:40:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen ("/proc/net/dev", "r");
data/netdiag-1.2/statnet-3.8/if_getstats.c:41:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/netdiag-1.2/statnet-3.8/interface.c:251:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/netdiag-1.2/statnet-3.8/interface.c:255:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fh = fopen(_PATH_PROCNET_DEV, "r");
data/netdiag-1.2/statnet-3.8/interface.c:340:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ife->hwaddr, ifr.ifr_hwaddr.sa_data, 8);
data/netdiag-1.2/statnet-3.8/interface.c:378:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ife->map, &ifr.ifr_map, sizeof(struct ifmap));
data/netdiag-1.2/statnet-3.8/services.c:28:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ip_protocol_types[temp_int], "%d:", temp_int);
data/netdiag-1.2/statnet-3.8/services.c:131:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (udp_port_types[temp_int], "%d:", temp_int);
data/netdiag-1.2/statnet-3.8/services.c:138:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tcp_port_types[temp_int], "%d:", temp_int);
data/netdiag-1.2/statnet-3.8/services.c:145:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tcp_port_types[temp_int], "X11");
data/netdiag-1.2/statnet-3.8/services.c:148:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (udp_port_types[temp_int], "X11");
data/netdiag-1.2/statnet-3.8/services.c:172:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sap_port_types[temp_int], "0x%02X:", temp_int);
data/netdiag-1.2/statnet-3.8/services.c:243:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (protocol_types[temp_int], "%d", temp_int);
data/netdiag-1.2/statnet-3.8/services.c:593:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tcp_port_types[temp_port], "%.*s:", SN_PORT_TYPE_LEN-1, serv->s_name );
data/netdiag-1.2/statnet-3.8/services.c:604:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( udp_port_types[temp_port], "%.*s:", SN_PORT_TYPE_LEN-1, serv->s_name );
data/netdiag-1.2/statnet-3.8/services.c:623:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tcp_port_types[temp_port], "%.*s:", SN_PORT_TYPE_LEN-1, serv->s_name );
data/netdiag-1.2/statnet-3.8/services.c:634:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( udp_port_types[temp_port], "%.*s:", SN_PORT_TYPE_LEN-1, serv->s_name );
data/netdiag-1.2/statnet-3.8/services.c:653:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tcp_port_types[temp_port], "%.*s:", SN_PORT_TYPE_LEN-1, serv->s_name );
data/netdiag-1.2/statnet-3.8/services.c:664:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( udp_port_types[temp_port], "%.*s:", SN_PORT_TYPE_LEN-1, serv->s_name );
data/netdiag-1.2/statnet-3.8/services.c:690:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( ip_protocol_types[temp_proto], "%.*s:", SN_PORT_TYPE_LEN-1, proto->p_aliases[0] );
data/netdiag-1.2/statnet-3.8/services.c:694:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( ip_protocol_types[temp_proto], "%.*s:", SN_PORT_TYPE_LEN-1, proto->p_name );
data/netdiag-1.2/statnet-3.8/stat.h:126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char servername[STATNETD_NAME_LEN+1]; /* machine running statnetd */
data/netdiag-1.2/statnet-3.8/stat.h:187:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXTERN_DEF char ip_protocol_types[SN_MAX_IP_PORT + 1][SN_PORT_TYPE_LEN + 1];
data/netdiag-1.2/statnet-3.8/stat.h:188:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXTERN_DEF char tcp_port_types[SN_MAX_TCP_PORTS + 1][SN_PORT_TYPE_LEN + 1];
data/netdiag-1.2/statnet-3.8/stat.h:189:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXTERN_DEF char udp_port_types[SN_MAX_UDP_PORTS + 1][SN_PORT_TYPE_LEN + 1];
data/netdiag-1.2/statnet-3.8/stat.h:190:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXTERN_DEF char sap_port_types[SN_MAX_SAP + 1][SN_PORT_TYPE_LEN + 1];
data/netdiag-1.2/statnet-3.8/stat.h:191:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXTERN_DEF char protocol_types[SN_MAX_PROTO_DESC + 1][SN_PORT_TYPE_LEN + 1];
data/netdiag-1.2/statnet-3.8/statnet.c:159:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if( optarg == (char *)NULL) usage(argv[0]);
data/netdiag-1.2/statnet-3.8/statnet.c:201:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Prev.prot.t_labels = (char *)protocol_types[0];
data/netdiag-1.2/statnet-3.8/statnet.c:206:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Prev.ip_types.c_labels = (char *)ip_protocol_types[0];
data/netdiag-1.2/statnet-3.8/statnet.c:209:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Prev.tcp_port.c_labels = (char *)tcp_port_types[0];
data/netdiag-1.2/statnet-3.8/statnet.c:212:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Prev.udp_port.c_labels = (char *)udp_port_types[0];
data/netdiag-1.2/statnet-3.8/statnet.c:216:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Prev.sap_types.c_labels = (char *)sap_port_types[0];
data/netdiag-1.2/statnet-3.8/statnet.c:228:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tcp_port_types[0], "fragment ");
data/netdiag-1.2/statnet-3.8/statnet.c:229:43: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(tcp_port_types[42],"name:")) strcpy(tcp_port_types[42], "DNS:");
data/netdiag-1.2/statnet-3.8/statnet.c:230:49: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(tcp_port_types[42],"nameserver:")) strcpy(tcp_port_types[42], "DNS:");
data/netdiag-1.2/statnet-3.8/statnet.c:231:49: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(tcp_port_types[101],"hostnames:")) strcpy(tcp_port_types[101], "NIC Host NS:");
data/netdiag-1.2/statnet-3.8/statnet.c:232:48: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(tcp_port_types[101],"hostname:")) strcpy(tcp_port_types[101], "NIC Host NS:");
data/netdiag-1.2/statnet-3.8/statnet.c:233:46: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(tcp_port_types[111],"sunrpc:")) strcpy(tcp_port_types[111], "RPC/NFS:");
data/netdiag-1.2/statnet-3.8/statnet.c:234:50: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(tcp_port_types[137],"netbios-ns:")) strcpy(tcp_port_types[137], "NetB NS:"); /* NetBIOS Name Service */
data/netdiag-1.2/statnet-3.8/statnet.c:235:51: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(tcp_port_types[138],"netbios-dgm:")) strcpy(tcp_port_types[138], "NetB Dg:"); /* NetBIOS Datagram */
data/netdiag-1.2/statnet-3.8/statnet.c:236:51: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(tcp_port_types[139],"netbios-ssn:")) strcpy(tcp_port_types[139], "NetBIOS:"); /* NetBIOS Session Service */
data/netdiag-1.2/statnet-3.8/statnet.c:237:46: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(tcp_port_types[520],"router:")) strcpy(tcp_port_types[520], "RIP:");
data/netdiag-1.2/statnet-3.8/statnet.c:240:43: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(udp_port_types[42],"name:")) strcpy(udp_port_types[42], "DNS:");
data/netdiag-1.2/statnet-3.8/statnet.c:241:49: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(udp_port_types[42],"nameserver:")) strcpy(udp_port_types[42], "DNS:");
data/netdiag-1.2/statnet-3.8/statnet.c:242:49: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(udp_port_types[101],"hostnames:")) strcpy(udp_port_types[101], "NIC Host NS:");
data/netdiag-1.2/statnet-3.8/statnet.c:243:48: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(udp_port_types[101],"hostname:")) strcpy(udp_port_types[101], "NIC Host NS:");
data/netdiag-1.2/statnet-3.8/statnet.c:244:46: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(udp_port_types[111],"sunrpc:")) strcpy(udp_port_types[111], "RPC/NFS:");
data/netdiag-1.2/statnet-3.8/statnet.c:245:50: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(udp_port_types[137],"netbios-ns:")) strcpy(udp_port_types[137], "NetB NS:"); /* NetBIOS Name Service */
data/netdiag-1.2/statnet-3.8/statnet.c:246:51: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(udp_port_types[138],"netbios-dgm:")) strcpy(udp_port_types[138], "NetB Dg:"); /* NetBIOS Datagram */
data/netdiag-1.2/statnet-3.8/statnet.c:247:51: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(udp_port_types[139],"netbios-ssn:")) strcpy(udp_port_types[139], "NetBIOS:"); /* NetBIOS Session Service */
data/netdiag-1.2/statnet-3.8/statnet.c:248:46: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(udp_port_types[520],"router:")) strcpy(udp_port_types[520], "RIP:");
data/netdiag-1.2/statnet-3.8/statnet.c:280:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &Prev, StatMem, sizeof( struct StatMemStruct ) ); /* initialize */
data/netdiag-1.2/statnet-3.8/statnet.c:283:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Prev.prot.t_labels = (char *)protocol_types[0];
data/netdiag-1.2/statnet-3.8/statnet.c:288:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Prev.ip_types.c_labels = (char *)ip_protocol_types[0];
data/netdiag-1.2/statnet-3.8/statnet.c:292:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Prev.tcp_port.c_labels = (char *)tcp_port_types[0];
data/netdiag-1.2/statnet-3.8/statnet.c:296:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Prev.udp_port.c_labels = (char *)udp_port_types[0];
data/netdiag-1.2/statnet-3.8/statnet.c:300:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Prev.sap_types.c_labels = (char *)sap_port_types[0];
data/netdiag-1.2/statnet-3.8/statnet.c:306:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &Now, StatMem, sizeof( struct StatMemStruct ) );
data/netdiag-1.2/statnet-3.8/statnet.c:309:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Now.prot.t_labels = (char *)protocol_types[0];
data/netdiag-1.2/statnet-3.8/statnet.c:314:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Now.ip_types.c_labels = (char *)ip_protocol_types[0];
data/netdiag-1.2/statnet-3.8/statnet.c:318:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Now.tcp_port.c_labels = (char *)tcp_port_types[0];
data/netdiag-1.2/statnet-3.8/statnet.c:322:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Now.udp_port.c_labels = (char *)udp_port_types[0];
data/netdiag-1.2/statnet-3.8/statnet.c:326:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Now.sap_types.c_labels = (char *)sap_port_types[0];
data/netdiag-1.2/statnet-3.8/statnet.c:340:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &Prev, &Now, sizeof( struct StatMemStruct ) );
data/netdiag-1.2/statnet-3.8/statnet.c:343:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Prev.prot.t_labels = (char *)protocol_types[0];
data/netdiag-1.2/statnet-3.8/statnet.c:348:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Prev.ip_types.c_labels = (char *)ip_protocol_types[0];
data/netdiag-1.2/statnet-3.8/statnet.c:352:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Prev.tcp_port.c_labels = (char *)tcp_port_types[0];
data/netdiag-1.2/statnet-3.8/statnet.c:356:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Prev.udp_port.c_labels = (char *)udp_port_types[0];
data/netdiag-1.2/statnet-3.8/statnet.c:360:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Prev.sap_types.c_labels = (char *)sap_port_types[0];
data/netdiag-1.2/statnet-3.8/statnet.c:438:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char eth[20];
data/netdiag-1.2/statnet-3.8/statnet.c:692:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Now->ip_types.c_labels = (char *)ip_protocol_types[0];
data/netdiag-1.2/statnet-3.8/statnet.c:703:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Now->tcp_port.c_labels = (char *)tcp_port_types[0];
data/netdiag-1.2/statnet-3.8/statnetd.c:99:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char filler[20];
data/netdiag-1.2/statnet-3.8/statnetd.c:102:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char filler2[12];
data/netdiag-1.2/statnet-3.8/statnetd.c:106:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char filler2[12];
data/netdiag-1.2/statnet-3.8/statnetd.c:125:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char interface_name[STATNETD_IFACE_LEN+1]; /* name of interface */
data/netdiag-1.2/statnet-3.8/statnetd.c:126:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char server_label[STATNETD_NAME_LEN+1]; /* name of this server */
data/netdiag-1.2/statnet-3.8/statnetd.c:130:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[SN_RCV_BUF_SIZE];
data/netdiag-1.2/statnet-3.8/statnetd.c:143:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( server_label, "unknown server" );
data/netdiag-1.2/statnet-3.8/statnetd.c:201:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( server_label, "unknown server" );
data/netdiag-1.2/statnet-3.8/statnetd.c:218:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if( optarg == (char *)NULL) usage(argv[0]);
data/netdiag-1.2/statnet-3.8/statnetd.c:222:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if( optarg == (char *)NULL) usage(argv[0]);
data/netdiag-1.2/statnet-3.8/statnetd.c:239:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if( optarg == (char *)NULL) usage(argv[0]);
data/netdiag-1.2/statnet-3.8/statnetd.c:329:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fileDesc = open( "/dev/null", O_RDWR); /* stdin */
data/netdiag-1.2/statnet-3.8/statnetd.c:354:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &ifr, &oldifr, sizeof( struct ifreq ) );
data/netdiag-1.2/tcpblast-20011111/daemon.c:62:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!noclose && (fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
data/netdiag-1.2/tcpblast-20011111/discard.c:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/netdiag-1.2/tcpblast-20011111/discard.c:64:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(buf, buf+CHARGEN_STOP-CHARGEN_START+1, CHARGEN_STOP-CHARGEN_START+1);
data/netdiag-1.2/tcpblast-20011111/discard.c:137:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[100], *name = NULL;
data/netdiag-1.2/tcpblast-20011111/discard.c:172:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'p': opt_port = atoi(optarg);
data/netdiag-1.2/tcpblast-20011111/docs/orig/pieters/discard.c:50:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/netdiag-1.2/tcpblast-20011111/docs/orig/pieters/tcpblast.c:45:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char greet[MAXBLKSIZE], *ind;
data/netdiag-1.2/tcpblast-20011111/docs/orig/pieters/tcpblast.c:124:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 's': blksize=abs(atoi(optarg)); break;
data/netdiag-1.2/tcpblast-20011111/docs/orig/pieters/tcpblast.c:125:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'b': setbufsize=abs(atoi(optarg)); break;
data/netdiag-1.2/tcpblast-20011111/docs/orig/pieters/tcpblast.c:126:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'd': dots=abs(atoi(optarg)); break;
data/netdiag-1.2/tcpblast-20011111/docs/orig/pieters/tcpblast.c:127:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'p': port=abs(atoi(optarg)); break;
data/netdiag-1.2/tcpblast-20011111/docs/orig/pieters/tcpblast.c:128:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'T': timeout=abs(atoi(optarg)); break;
data/netdiag-1.2/tcpblast-20011111/docs/orig/pieters/tcpblast.c:159:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nblocks = atoi(argv[optind+1]);
data/netdiag-1.2/tcpblast-20011111/docs/orig/pieters/tcpblast.c:200:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(host->h_addr, &sock_in.sin_addr, host->h_length);
data/netdiag-1.2/tcpblast-20011111/docs/orig/tcpblast.bsd.c:35:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char greet[BLKSIZE] = "Hi!";
data/netdiag-1.2/tcpblast-20011111/docs/orig/tcpblast.bsd.c:51:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nblocks = atoi(argv[2]);
data/netdiag-1.2/tcpblast-20011111/docs/orig/tcpblast.bsd.c:73:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(host->h_addr, &sock_in.sin_addr, host->h_length);
data/netdiag-1.2/tcpblast-20011111/docs/orig/tcpblast.c:21:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char greet[BLKSIZE] = "Hi!";
data/netdiag-1.2/tcpblast-20011111/docs/orig/tcpblast.c:39:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nblocks = atoi(argv[2]);
data/netdiag-1.2/tcpblast-20011111/docs/orig/tcpblast.c:72:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(host->h_addr, &sin.sin_addr, host->h_length);
data/netdiag-1.2/tcpblast-20011111/docs/orig/udpblast.c:21:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char greet[BLKSIZE] = "Hi!";
data/netdiag-1.2/tcpblast-20011111/docs/orig/udpblast.c:39:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nblocks = atoi(argv[2]);
data/netdiag-1.2/tcpblast-20011111/docs/orig/udpblast.c:67:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(host->h_addr, &sin.sin_addr, host->h_length);
data/netdiag-1.2/tcpblast-20011111/tcpblast.c:14:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char verstr[30]="FreeBSD + rzm ", *vdate=VERSION;
data/netdiag-1.2/tcpblast-20011111/tcpblast.c:38:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define strerror(x) atoi(x)
data/netdiag-1.2/tcpblast-20011111/tcpblast.c:77:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wbuff[MAXBLKSIZE], rbuff[MAXBLKSIZE], *ind, port[30]="9";
data/netdiag-1.2/tcpblast-20011111/tcpblast.c:514:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[100], *srate=NULL /* for gcc */, fname[256], *name, *rpar, *pport;
data/netdiag-1.2/tcpblast-20011111/tcpblast.c:531:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fname, "tcpblast");
data/netdiag-1.2/tcpblast-20011111/tcpblast.c:582:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'd': dots=abs(atoi(optarg)); continuous=0; break;
data/netdiag-1.2/tcpblast-20011111/tcpblast.c:585:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'i': delay=abs(atoi(optarg)); break;
data/netdiag-1.2/tcpblast-20011111/tcpblast.c:586:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'l': lastnwb=lastnrb=abs(atoi(optarg))+1; break; /* split later */
data/netdiag-1.2/tcpblast-20011111/tcpblast.c:590:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'p': lport=atoi(optarg);
data/netdiag-1.2/tcpblast-20011111/tcpblast.c:624:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'x': maxseg=atoi(optarg); break;
data/netdiag-1.2/tcpblast-20011111/tcpblast.c:748:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(host->h_addr, &sock_in.sin_addr, host->h_length);
data/netdiag-1.2/tcpblast-20011111/tcpblast.c:760:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (service==NULL) sock_in.sin_port = htons(abs(atoi(port)));
data/netdiag-1.2/tcpspray/tcpspray.c:118:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nblks = atoi(optarg);
data/netdiag-1.2/tcpspray/tcpspray.c:122:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
blksize = atoi(optarg);
data/netdiag-1.2/tcpspray/tcpspray.c:127:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((infile = fopen(optarg, "r")) == NULL) {
data/netdiag-1.2/tcpspray/tcpspray.c:134:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
delay = atoi(optarg);
data/netdiag-1.2/tcpspray/tcpspray.c:138:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout.tv_usec = atoi(optarg) ;
data/netdiag-1.2/tcpspray/tcpspray.c:170:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(hp->h_addr, &sin.sin_addr, hp->h_length);
data/netdiag-1.2/trafshow-5.2.3/addrtoname.c:153:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/netdiag-1.2/trafshow-5.2.3/addrtoname.c:189:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[sizeof(".xxx.xxx.xxx.xxx")];
data/netdiag-1.2/trafshow-5.2.3/addrtoname.c:289:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ntop_buf[INET6_ADDRSTRLEN];
data/netdiag-1.2/trafshow-5.2.3/addrtoname.c:389:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tp->e_bs, bs, nlen);
data/netdiag-1.2/trafshow-5.2.3/addrtoname.c:432:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)tp->e_nsap, (const char *)nsap, nlen + 1);
data/netdiag-1.2/trafshow-5.2.3/addrtoname.c:474:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof("00:00:00:00:00:00")];
data/netdiag-1.2/trafshow-5.2.3/addrtoname.c:481:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[128];
data/netdiag-1.2/trafshow-5.2.3/addrtoname.c:541:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof("0000")];
data/netdiag-1.2/trafshow-5.2.3/addrtoname.c:567:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof("00:00:00:00:00")];
data/netdiag-1.2/trafshow-5.2.3/addrtoname.c:593:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof("sap-00")];
data/netdiag-1.2/trafshow-5.2.3/addrtoname.c:637:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof("00000")];
data/netdiag-1.2/trafshow-5.2.3/addrtoname.c:656:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof("00000")];
data/netdiag-1.2/trafshow-5.2.3/addrtoname.c:689:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof("0000")];
data/netdiag-1.2/trafshow-5.2.3/addrtoname.c:824:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&protoid[3], (char *)&etype, 2);
data/netdiag-1.2/trafshow-5.2.3/addrtoname.c:868:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/netdiag-1.2/trafshow-5.2.3/addrtoname.c:874:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(PCAP_ETHERS_FILE, "r");
data/netdiag-1.2/trafshow-5.2.3/addrtoname.c:1190:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof("00000")];
data/netdiag-1.2/trafshow-5.2.3/addrtoname.c:1284:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof("0000")];
data/netdiag-1.2/trafshow-5.2.3/addrtoname.c:1345:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof("0000")];
data/netdiag-1.2/trafshow-5.2.3/cisco_netflow.c:185:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/netdiag-1.2/trafshow-5.2.3/cisco_netflow.c:201:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "netflow%d", cnt);
data/netdiag-1.2/trafshow-5.2.3/cisco_netflow.c:204:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Netflow V%d", ntohs(((CNF_HDR_V1 *)data)->version));
data/netdiag-1.2/trafshow-5.2.3/cisco_netflow.c:213:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ap->addr, from, sizeof(struct sockaddr));
data/netdiag-1.2/trafshow-5.2.3/cisco_netflow.c:416:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!dump_file || (fp = fopen(dump_file, "a")) == 0)
data/netdiag-1.2/trafshow-5.2.3/cisco_netflow.c:452:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!dump_file || (fp = fopen(dump_file, "a")) == 0)
data/netdiag-1.2/trafshow-5.2.3/cisco_netflow.c:493:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!dump_file || (fp = fopen(dump_file, "a")) == 0)
data/netdiag-1.2/trafshow-5.2.3/colormask.c:113:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f[100], *b;
data/netdiag-1.2/trafshow-5.2.3/colormask.c:114:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *ctab[8] = { "black", "red", "green", "yellow",
data/netdiag-1.2/trafshow-5.2.3/colormask.c:129:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fc = atoi(f);
data/netdiag-1.2/trafshow-5.2.3/colormask.c:144:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bc = atoi(b);
data/netdiag-1.2/trafshow-5.2.3/colormask.c:174:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(color_mask + (n_masks-1), m, sizeof(struct cm_entry));
data/netdiag-1.2/trafshow-5.2.3/colormask.c:223:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num = atoi(str);
data/netdiag-1.2/trafshow-5.2.3/colormask.c:251:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num = atoi(str);
data/netdiag-1.2/trafshow-5.2.3/colormask.c:272:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256], *cp, *mp, *pp;
data/netdiag-1.2/trafshow-5.2.3/colormask.c:351:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
op = atoi(mp);
data/netdiag-1.2/trafshow-5.2.3/colormask.c:369:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, buf[1024];
data/netdiag-1.2/trafshow-5.2.3/colormask.c:370:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s1[256], s2[256], s3[256], s4[256];
data/netdiag-1.2/trafshow-5.2.3/colormask.c:383:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(buf, "r")) == NULL) {
data/netdiag-1.2/trafshow-5.2.3/colormask.c:384:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void)strcpy(buf, "/etc/");
data/netdiag-1.2/trafshow-5.2.3/colormask.c:386:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(buf, "r")) == NULL) return 0;
data/netdiag-1.2/trafshow-5.2.3/colormask.c:390:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(color_conf, "r")) == NULL) {
data/netdiag-1.2/trafshow-5.2.3/domain_resolver.c:100:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *rcode2text[6] = {
data/netdiag-1.2/trafshow-5.2.3/domain_resolver.c:116:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipaddr[50];
data/netdiag-1.2/trafshow-5.2.3/domain_resolver.c:137:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, buf[1024];
data/netdiag-1.2/trafshow-5.2.3/domain_resolver.c:153:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(_PATH_RESCONF, "r")) != 0) {
data/netdiag-1.2/trafshow-5.2.3/domain_resolver.c:467:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXDNAME];
data/netdiag-1.2/trafshow-5.2.3/domain_resolver.c:498:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dt->name, domain, sizeof(in_addr_t));
data/netdiag-1.2/trafshow-5.2.3/domain_resolver.c:522:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipaddr[50];
data/netdiag-1.2/trafshow-5.2.3/domain_resolver.c:601:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipaddr[50];
data/netdiag-1.2/trafshow-5.2.3/domain_resolver.c:609:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipaddr[50];
data/netdiag-1.2/trafshow-5.2.3/domain_resolver.c:620:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipaddr[50];
data/netdiag-1.2/trafshow-5.2.3/domain_resolver.c:669:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXDNAME+1];
data/netdiag-1.2/trafshow-5.2.3/events.c:230:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char at_time[50];
data/netdiag-1.2/trafshow-5.2.3/getkey.c:48:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char prompt_buf[MAX_PARAM_LEN], cut_buf[MAX_PARAM_LEN];
data/netdiag-1.2/trafshow-5.2.3/getkey.c:120:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ch = atoi(prompt_buf);
data/netdiag-1.2/trafshow-5.2.3/getkey.c:129:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ch = atoi(prompt_buf);
data/netdiag-1.2/trafshow-5.2.3/getkey.c:166:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ch = atoi(prompt_buf);
data/netdiag-1.2/trafshow-5.2.3/getkey.c:305:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/netdiag-1.2/trafshow-5.2.3/getkey.c:316:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void)strcpy(buf, "Aggregation netmask length: ");
data/netdiag-1.2/trafshow-5.2.3/getkey.c:629:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cut_buf, &prompt_buf[i], cur - i);
data/netdiag-1.2/trafshow-5.2.3/netstat.c:125:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dp, ns, sizeof(NETSTAT));
data/netdiag-1.2/trafshow-5.2.3/netstat.c:194:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ns_buf, ns, sizeof(NETSTAT));
data/netdiag-1.2/trafshow-5.2.3/parse_dl.c:111:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((u_char *)&type, p, sizeof(type));
data/netdiag-1.2/trafshow-5.2.3/parse_dl.c:133:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ns->eth_src_addr,
data/netdiag-1.2/trafshow-5.2.3/parse_dl.c:135:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ns->eth_dst_addr,
data/netdiag-1.2/trafshow-5.2.3/parse_dl.c:138:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ns->eth_src_addr,
data/netdiag-1.2/trafshow-5.2.3/parse_dl.c:140:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ns->eth_dst_addr,
data/netdiag-1.2/trafshow-5.2.3/parse_dl.c:279:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ns->eth_src_addr,
data/netdiag-1.2/trafshow-5.2.3/screen.c:80:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open("/dev/tty", 0)) != -1) {
data/netdiag-1.2/trafshow-5.2.3/screen.c:89:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
new_rows = atoi(cp);
data/netdiag-1.2/trafshow-5.2.3/screen.c:94:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
new_cols = atoi(cp);
data/netdiag-1.2/trafshow-5.2.3/screen.c:174:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/netdiag-1.2/trafshow-5.2.3/screen.c:177:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void)strcpy(buf, "[ ");
data/netdiag-1.2/trafshow-5.2.3/screen.c:180:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void)strcat(buf, " ]");
data/netdiag-1.2/trafshow-5.2.3/selector.c:105:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, buf[1024];
data/netdiag-1.2/trafshow-5.2.3/selector.c:203:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, buf[1024];
data/netdiag-1.2/trafshow-5.2.3/session.c:85:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sd->peer, peer, sizeof(struct sockaddr));
data/netdiag-1.2/trafshow-5.2.3/session.c:407:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_SIZE];
data/netdiag-1.2/trafshow-5.2.3/session.c:414:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (len) memcpy(buf, data, len);
data/netdiag-1.2/trafshow-5.2.3/session.c:455:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, *line, buf[BUF_SIZE];
data/netdiag-1.2/trafshow-5.2.3/session.c:494:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sd->from, &from, slen);
data/netdiag-1.2/trafshow-5.2.3/session.h:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char __ss_pad1[_SS_PAD1SIZE];
data/netdiag-1.2/trafshow-5.2.3/session.h:48:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char __ss_pad2[_SS_PAD2SIZE];
data/netdiag-1.2/trafshow-5.2.3/show_dump.c:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_buf[100], dst_buf[100], proto_buf[20];
data/netdiag-1.2/trafshow-5.2.3/show_dump.c:120:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[100], buf[256];
data/netdiag-1.2/trafshow-5.2.3/show_dump.c:132:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dump_match, ns, sizeof(NETSTAT));
data/netdiag-1.2/trafshow-5.2.3/show_dump.c:181:12: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if ((op = mkstemp(buf)) < 0) {
data/netdiag-1.2/trafshow-5.2.3/show_dump.c:220:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
} else if ((file_netflow = fopen(dump_file, "r")) == 0) {
data/netdiag-1.2/trafshow-5.2.3/show_dump.c:328:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, buf[256];
data/netdiag-1.2/trafshow-5.2.3/show_dump.c:412:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_addr[100], dst_addr[100];
data/netdiag-1.2/trafshow-5.2.3/show_dump.c:457:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_buf[100], src_buf[100], dst_buf[100], proto_buf[20];
data/netdiag-1.2/trafshow-5.2.3/show_dump.c:520:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexstuff[HEXDUMP_SHORTS_PER_LINE*HEXDUMP_HEXSTUFF_PER_SHORT+1], *hsp;
data/netdiag-1.2/trafshow-5.2.3/show_dump.c:521:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char asciistuff[100], *asp;
data/netdiag-1.2/trafshow-5.2.3/show_stat.c:125:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/netdiag-1.2/trafshow-5.2.3/show_stat.c:144:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pb[20];
data/netdiag-1.2/trafshow-5.2.3/show_stat.c:149:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pb, "%d", ntohs(addr->ip_port));
data/netdiag-1.2/trafshow-5.2.3/show_stat.c:155:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pb, "%d", ntohs(addr->ip_port));
data/netdiag-1.2/trafshow-5.2.3/show_stat.c:161:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pb, "%04x", addr->ip_port - 1);
data/netdiag-1.2/trafshow-5.2.3/show_stat.c:168:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pb, "%04x", addr->ip_port - 1);
data/netdiag-1.2/trafshow-5.2.3/show_stat.c:174:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pb, "%d", ntohs(addr->ip_port));
data/netdiag-1.2/trafshow-5.2.3/show_stat.c:195:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/netdiag-1.2/trafshow-5.2.3/show_stat.c:203:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&buf[1], "sap-%02x", sap & 0xff);
data/netdiag-1.2/trafshow-5.2.3/show_stat.c:306:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_buf[100], dst_buf[100];
data/netdiag-1.2/trafshow-5.2.3/show_stat.c:315:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void)strcpy(src_buf, "Source");
data/netdiag-1.2/trafshow-5.2.3/show_stat.c:316:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void)strcpy(dst_buf, "Destination");
data/netdiag-1.2/trafshow-5.2.3/show_stat.c:318:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(src_buf + strlen(src_buf), "/%d", ph->masklen);
data/netdiag-1.2/trafshow-5.2.3/show_stat.c:319:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst_buf + strlen(dst_buf), "/%d", ph->masklen);
data/netdiag-1.2/trafshow-5.2.3/show_stat.c:356:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_buf[100], dst_buf[100], proto_buf[20], data_buf[20], rate_buf[20];
data/netdiag-1.2/trafshow-5.2.3/show_stat.c:422:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stat_buf[50], data_buf[20], rate_buf[20];
data/netdiag-1.2/trafshow-5.2.3/show_stat.c:568:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_buf[100], dst_buf[100], proto_buf[20];
data/netdiag-1.2/trafshow-5.2.3/strftime.c:389:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INT_STRLEN_MAXIMUM(int) + 1];
data/netdiag-1.2/trafshow-5.2.3/trafshow.c:93:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256], *dev_name = 0, *filter = 0;
data/netdiag-1.2/trafshow-5.2.3/trafshow.c:105:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void)strcpy(buf, "localhost");
data/netdiag-1.2/trafshow-5.2.3/trafshow.c:118:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
aggregate = atoi(optarg);
data/netdiag-1.2/trafshow-5.2.3/trafshow.c:138:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
udp_port = atoi(optarg);
data/netdiag-1.2/trafshow-5.2.3/trafshow.c:147:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((refresh_time = atoi(optarg)) < 1)
data/netdiag-1.2/trafshow-5.2.3/trafshow.c:151:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((purge_time = atoi(optarg)) < 1)
data/netdiag-1.2/trafshow-5.2.3/trafshow.c:309:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, buf[256];
data/netdiag-1.2/trafshow-5.2.3/trafshow.c:428:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ph->maskhdr, nh, sizeof(struct netstat_header));
data/netdiag-1.2/trafshow-5.2.3/trafshow.c:482:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[100], buf[256];
data/netdiag-1.2/trafshow-5.2.3/trafshow.c:646:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&nh, &ns->ns_hdr, sizeof(struct netstat_header));
data/netdiag-1.2/trafshow-5.2.3/trafshow.h:69:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Dbuf[50];\
data/netdiag-1.2/trafshow-5.2.3/util.c:103:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(name, O_RDONLY)) < 0) {
data/netdiag-1.2/netload-1.2.2/netload.c:115:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
argument_length = strlen (argv[1]);
data/netdiag-1.2/netload-1.2.2/netload.c:388:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
argument_length = strlen (device);
data/netdiag-1.2/netwatch-1.3.1-2/bump.c:36:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(version)<4)
data/netdiag-1.2/netwatch-1.3.1-2/bump.c:41:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lastspot = strlen(version) -1;
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:334:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (darr, w, 16);
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:337:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (sarr, w, 16);
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:347:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_tcp (dp, left, &db[strlen (db)]);
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:350:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_udp (dp, left, &db[strlen (db)]);
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:353:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_icmp (dp, left, &db[strlen (db)]);
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:356:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
whole = strlen (db);
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:730:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
burst[strlen (burst) - 1] = 0;
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:918:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
status_lines[0][strlen (status_lines[0])] = '~';
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1311:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (thost, current->name, curshosttrim);
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1334:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (magnamatch, current->name, RESOLVE_MAX);
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1576:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (thost, current->name, curshosttrim);
data/netdiag-1.2/netwatch-1.3.1-2/dispdata.c:1597:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (magnamatch, current->name, RESOLVE_MAX);
data/netdiag-1.2/netwatch-1.3.1-2/gh.c:61:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (lhostname, hostp, 79);
data/netdiag-1.2/netwatch-1.3.1-2/gh.c:65:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (home, "/");
data/netdiag-1.2/netwatch-1.3.1-2/gh.c:67:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (home, homep, 256);
data/netdiag-1.2/netwatch-1.3.1-2/gh.c:130:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendto (sock, s, strlen (s), 0, (struct sockaddr *) &name, sizeof (name));
data/netdiag-1.2/netwatch-1.3.1-2/netresolv.c:166:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(0,&entries[addedentries],sizeof(struct resolvaddr));
data/netdiag-1.2/netwatch-1.3.1-2/netresolv.c:310:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(finalentry.name,res->h_name,RESOLVE_MAX1);
data/netdiag-1.2/netwatch-1.3.1-2/netresolv.c:370:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:638:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (fifo, &look, 1) < 0)
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:653:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (fifo, &id, INTSIZE);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:654:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (fifo, &length, INTSIZE);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:657:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (fifo, keycomm, length * INTSIZE);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:661:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (fifo, &look, 1) < 0)
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:734:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmpbuf[strlen (tmpbuf) - 1] = 0;
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:744:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (userwarn, w2, 256);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:762:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (speclogfile, w2, MAXFILENAME);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:764:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (tmstring, w2, 256);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:766:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (statsfile, w2, MAXFILENAME);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:786:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (w2))
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:798:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (w2))
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:799:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (nw_remname, w2, 256);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:804:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (w2))
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:805:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (nw_locname, w2, 256);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:810:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (w2))
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:811:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (nw_indivmain, w2, 256);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:815:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (w2))
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:816:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (nw_indivmain, w2, 256);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:821:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (w2))
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:822:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (nw_allname, w2, 256);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:856:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (w2))
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:857:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (nw_simfile, w2, 256);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:863:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (fishstring, &tmpbuf[11], 256);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:864:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fishstringlen = strlen (fishstring);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:1006:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
st = read (osocket[0], &one, sizeof (one));
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:1018:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (one.where, one.name, RESOLVE_MAX);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:1190:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (tmphost, hostent->h_name, RESOLVE_MAX);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:1419:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (mess, mss, 512);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:1421:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mess_len = strlen (pw);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:1430:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mess_len = strlen (pw);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:1438:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
center = strlen (header) >> 1;
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:1452:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mess_len = strlen (p[i]);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:1673:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (nw_simfile))
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:2084:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (mylog, optarg, MAXFILENAME);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:2089:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (speclogfile, optarg, MAXFILENAME);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:2092:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (configfile, optarg, MAXFILENAME);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:2096:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (userwarn, optarg, 256);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:2099:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (ethdevname, optarg, 64);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:2129:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (nw_simfile, optarg, 256);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:2713:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = dest + strlen (dest) - 1;
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:2761:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (nam, nw_indivmain, 239);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:2765:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (nam, inet_ntoa (mw), 17);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:3134:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (work->name, phost->h_name, 79);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:3178:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (work->server, fishbuf, 25);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:3184:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (work->lastget, fishbuf, 25);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:3195:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (work->ftpserver, ftpversion, 25);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:3376:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (work->server, fishbuf, 25);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:3380:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (work->lastget, fishbuf, 25);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:3388:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (work->ftpserver, ftpversion, 25);
data/netdiag-1.2/netwatch-1.3.1-2/netwatch.c:3880:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (devnames[saddr.sll_ifindex], ethdevname, MAXDEVNAME);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:61:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
place->name = malloc(strlen(name)+1);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:93:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[1], "ICMP:", SN_PORT_TYPE_LEN); /* Internet Control Message [RFC792,JBP] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:94:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[2], "IGMP:", SN_PORT_TYPE_LEN); /* Internet Group Management [RFC1112,JBP] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:95:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[3], "GGP:", SN_PORT_TYPE_LEN); /* Gateway-to-Gateway [RFC823,MB] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:96:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[4], "IP:", SN_PORT_TYPE_LEN); /* IP in IP (encasulation) [JBP] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:97:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[5], "ST:", SN_PORT_TYPE_LEN); /* Stream [RFC1190,IEN119,JWF] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:98:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[6], "TCP:", SN_PORT_TYPE_LEN); /* Transmission Control [RFC793,JBP] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:99:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[7], "UCL:", SN_PORT_TYPE_LEN); /* UCL [PK] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:100:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[8], "EGP:", SN_PORT_TYPE_LEN); /* Exterior Gateway Protocol [RFC888,DLM1] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:101:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[9], "IGP:", SN_PORT_TYPE_LEN); /* any private interior gateway [JBP] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:102:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[10], "BBN-RCC-MON:", SN_PORT_TYPE_LEN); /* BBN RCC Monitoring [SGC] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:103:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[11], "NVP-II:", SN_PORT_TYPE_LEN); /* Network Voice Protocol [RFC741,SC3] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:104:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[12], "PUP:", SN_PORT_TYPE_LEN); /* PUP [PUP,XEROX] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:105:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[13], "ARGUS:", SN_PORT_TYPE_LEN); /* ARGUS [RWS4] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:106:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[14], "EMCON:", SN_PORT_TYPE_LEN); /* EMCON [BN7] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:107:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[15], "XNET:", SN_PORT_TYPE_LEN); /* Cross Net Debugger [IEN158,JFH2] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:108:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[16], "CHAOS:", SN_PORT_TYPE_LEN); /* Chaos [NC3] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:109:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[17], "UDP:", SN_PORT_TYPE_LEN); /* User Datagram [RFC768,JBP] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:110:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[18], "MUX:", SN_PORT_TYPE_LEN); /* Multiplexing [IEN90,JBP] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:111:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[19], "DCN-MEAS:", SN_PORT_TYPE_LEN); /* DCN Measurement Subsystems [DLM1] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:112:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[20], "HMP:", SN_PORT_TYPE_LEN); /* Host Monitoring [RFC869,RH6] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:113:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[21], "PRM:", SN_PORT_TYPE_LEN); /* Packet Radio Measurement [ZSU] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:114:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[22], "XNS-IDP:", SN_PORT_TYPE_LEN); /* XEROX NS IDP [ETHERNET,XEROX] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:115:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[23], "TRUNK-1:", SN_PORT_TYPE_LEN); /* Trunk-1 [BWB6] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:116:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[24], "TRUNK-2:", SN_PORT_TYPE_LEN); /* Trunk-2 [BWB6] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:117:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[25], "LEAF-1:", SN_PORT_TYPE_LEN); /* Leaf-1 [BWB6] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:118:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[26], "LEAF-2:", SN_PORT_TYPE_LEN); /* Leaf-2 [BWB6] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:119:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[27], "RDP:", SN_PORT_TYPE_LEN); /* Reliable Data Protocol [RFC908,RH6] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:120:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[28], "IRTP:", SN_PORT_TYPE_LEN); /* Internet Reliable Transaction [RFC938,TXM] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:121:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[29], "ISO-TP4:", SN_PORT_TYPE_LEN); /* ISO Transport Protocol Class 4 [RFC905,RC77] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:122:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[30], "NETBLT:", SN_PORT_TYPE_LEN); /* Bulk Data Transfer Protocol [RFC969,DDC1] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:123:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[31], "MFE-NSP:", SN_PORT_TYPE_LEN); /* MFE Network Services Protocol [MFENET,BCH2] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:124:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[32], "MERIT-INP:", SN_PORT_TYPE_LEN); /* MERIT Internodal Protocol [HWB] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:125:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[33], "SEP:", SN_PORT_TYPE_LEN); /* Sequential Exchange Protocol [JC120] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:126:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[34], "PC:", SN_PORT_TYPE_LEN); /* Third Party Connect Protocol [SAF3] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:127:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[35], "IDPR:", SN_PORT_TYPE_LEN); /* Inter-Domain Policy Routing Protocol [MXS1] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:128:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[36], "XTP:", SN_PORT_TYPE_LEN); /* XTP [GXC] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:129:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[37], "DDP:", SN_PORT_TYPE_LEN); /* Datagram Delivery Protocol [WXC] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:130:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[38], "IDPR-CMTP:", SN_PORT_TYPE_LEN); /* IDPR Control Message Transport Proto [MXS1] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:131:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[39], "TP++:", SN_PORT_TYPE_LEN); /* TP++ Transport Protocol [DXF] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:132:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[40], "IL:", SN_PORT_TYPE_LEN); /* IL Transport Protocol [DXP2] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:133:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[41], "SIP:", SN_PORT_TYPE_LEN); /* Simple Internet Protocol [SXD] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:134:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[42], "SDRP:", SN_PORT_TYPE_LEN); /* Source Demand Routing Protocol [DXE1] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:135:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[43], "SIP-SR:", SN_PORT_TYPE_LEN); /* SIP Source Route [SXD] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:136:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[44], "SIP-FRAG:", SN_PORT_TYPE_LEN); /* SIP Fragment [SXD] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:137:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[45], "IDRP:", SN_PORT_TYPE_LEN); /* Inter-Domain Routing Protocol [Sue Hares] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:138:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[46], "RSVP:", SN_PORT_TYPE_LEN); /* Reservation Protocol [Bob Braden] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:139:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[47], "GRE:", SN_PORT_TYPE_LEN); /* General Routing Encapsulation [Tony Li] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:140:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[48], "MHRP:", SN_PORT_TYPE_LEN); /* Mobile Host Routing Protocol[David Johnson] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:141:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[49], "BNA:", SN_PORT_TYPE_LEN); /* BNA [Gary Salamon] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:142:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[50], "SIPP-ESP:", SN_PORT_TYPE_LEN); /* SIPP Encap Security Payload [Steve Deering] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:143:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[51], "SIPP-AH:", SN_PORT_TYPE_LEN); /* SIPP Authentication Header [Steve Deering] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:144:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[52], "I-NLSP:", SN_PORT_TYPE_LEN); /* Integrated Net Layer Security TUBA [GLENN] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:145:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[53], "SWIPE:", SN_PORT_TYPE_LEN); /* IP with Encryption [JI6] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:146:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[54], "NHRP:", SN_PORT_TYPE_LEN); /* NBMA Next Hop Resolution Protocol */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:147:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[61], "anyhost:", SN_PORT_TYPE_LEN); /* any host internal protocol [JBP] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:148:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[62], "CFTP:", SN_PORT_TYPE_LEN); /* CFTP [CFTP,HCF2] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:149:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[63], "anylan:", SN_PORT_TYPE_LEN); /* any local network [JBP] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:150:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[64], "SAT-EXPAK:", SN_PORT_TYPE_LEN); /* SATNET and Backroom EXPAK [SHB] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:151:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[65], "KRYPTOLAN:", SN_PORT_TYPE_LEN); /* Kryptolan [PXL1] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:152:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[66], "RVD:", SN_PORT_TYPE_LEN); /* MIT Remote Virtual Disk Protocol [MBG] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:153:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[67], "IPPC:", SN_PORT_TYPE_LEN); /* Internet Pluribus Packet Core [SHB] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:154:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[68], "dfs:", SN_PORT_TYPE_LEN); /* any distributed file system [JBP] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:155:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[69], "SAT-MON:", SN_PORT_TYPE_LEN); /* SATNET Monitoring [SHB] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:156:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[70], "VISA:", SN_PORT_TYPE_LEN); /* VISA Protocol [GXT1] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:157:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[71], "IPCV:", SN_PORT_TYPE_LEN); /* Internet Packet Core Utility [SHB] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:158:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[72], "CPNX:", SN_PORT_TYPE_LEN); /* Computer Protocol Network Executive [DXM2] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:159:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[73], "CPHB:", SN_PORT_TYPE_LEN); /* Computer Protocol Heart Beat [DXM2] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:160:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[74], "WSN:", SN_PORT_TYPE_LEN); /* Wang Span Network [VXD] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:161:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[75], "PVP:", SN_PORT_TYPE_LEN); /* Packet Video Protocol [SC3] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:162:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[76], "BR-SAT-MON:", SN_PORT_TYPE_LEN); /* Backroom SATNET Monitoring [SHB] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:163:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[77], "SUN-ND:", SN_PORT_TYPE_LEN); /* SUN ND PROTOCOL-Temporary [WM3] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:164:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[78], "WB-MON:", SN_PORT_TYPE_LEN); /* WIDEBAND Monitoring [SHB] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:165:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[79], "WB-EXPAK:", SN_PORT_TYPE_LEN); /* WIDEBAND EXPAK [SHB] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:166:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[80], "ISO-IP:", SN_PORT_TYPE_LEN); /* ISO Internet Protocol [MTR] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:167:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[81], "VMTP:", SN_PORT_TYPE_LEN); /* VMTP [DRC3] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:168:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[82], "SECURE-VMTP:", SN_PORT_TYPE_LEN); /* SECURE-VMTP [DRC3] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:169:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[83], "VINES:", SN_PORT_TYPE_LEN); /* VINES [BXH] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:170:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[84], "TTP:", SN_PORT_TYPE_LEN); /* TTP [JXS] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:171:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[85], "NSFNET-IGP:", SN_PORT_TYPE_LEN); /* NSFNET-IGP [HWB] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:172:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[86], "DGP:", SN_PORT_TYPE_LEN); /* Dissimilar Gateway Protocol [DGP,ML109] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:173:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[87], "TCF:", SN_PORT_TYPE_LEN); /* TCF [GAL5] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:174:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[88], "IGRP:", SN_PORT_TYPE_LEN); /* IGRP [CISCO,GXS] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:175:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[89], "OSPFIGP:", SN_PORT_TYPE_LEN); /* OSPFIGP [RFC1583,JTM4] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:176:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[90], "Sprite-RPC:", SN_PORT_TYPE_LEN); /* Sprite RPC Protocol [SPRITE,BXW] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:177:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[91], "LARP:", SN_PORT_TYPE_LEN); /* Locus Address Resolution Protocol [BXH] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:178:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[92], "MTP:", SN_PORT_TYPE_LEN); /* Multicast Transport Protocol [SXA] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:179:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[93], "AX.25:", SN_PORT_TYPE_LEN); /* AX.25 Frames [BK29] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:180:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[94], "IPIP:", SN_PORT_TYPE_LEN); /* IP-within-IP Encapsulation Protocol [JI6] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:181:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[95], "MICP:", SN_PORT_TYPE_LEN); /* Mobile Internetworking Control Pro. [JI6] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:182:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[96], "SCC-SP:", SN_PORT_TYPE_LEN); /* Semaphore Communications Sec. Pro. [HXH] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:183:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[97], "ETHERIP:", SN_PORT_TYPE_LEN); /* Ethernet-within-IP Encapsulation [RXH1] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:184:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[98], "ENCAP:", SN_PORT_TYPE_LEN); /* Encapsulation Header [RFC1241,RXB3] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:185:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[99], "encrypt:", SN_PORT_TYPE_LEN); /* any private encryption scheme [JBP] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:186:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[100], "GMTP:", SN_PORT_TYPE_LEN); /* GMTP [RXB5] */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:206:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x00], "Null:", SN_PORT_TYPE_LEN); /* Null LSAP */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:207:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x01], "Null grp:", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:208:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x02], "LLC Mgt:", SN_PORT_TYPE_LEN); /* Individual LLC Sublayer Mgmt Function */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:209:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x03], "LLCgMgt:", SN_PORT_TYPE_LEN); /* Group LLC Sublayer Mgmt Function */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:210:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x06], "IP:", SN_PORT_TYPE_LEN); /* ARPANET Internet Protocol (IP) */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:211:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x07], "IP grp:", SN_PORT_TYPE_LEN); /* ARPANET Internet Protocol (IP) */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:212:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x0E], "PROWAY Mgt:", SN_PORT_TYPE_LEN); /* PROWAY (IEC955) Network Mgmt & Initialization */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:213:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x0F], "PROWAYgMgt:", SN_PORT_TYPE_LEN); /* PROWAY (IEC955) Network Mgmt & Initialization */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:214:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x42], "SpanTree:", SN_PORT_TYPE_LEN); /* IEEE 802.1 Bridge Spanning Tree Protocol */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:215:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x43], "SpanT grp:", SN_PORT_TYPE_LEN); /* IEEE 802.1 Bridge Spanning Tree Protocol */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:216:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x4E], "ManMsg:", SN_PORT_TYPE_LEN); /* EIA RS-511 Manufacturing Message Service */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:217:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x4F], "ManMsg grp:", SN_PORT_TYPE_LEN); /* EIA RS-511 Manufacturing Message Service */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:218:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x7E], "X.25:", SN_PORT_TYPE_LEN); /* ISO 8208 (X.25 over IEEE 802.2 Type 2 LLC) */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:219:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x7F], "X.25 grp:", SN_PORT_TYPE_LEN); /* ISO 8208 (X.25 over IEEE 802.2 Type 2 LLC) */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:220:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x8E], "POWAY Stn:", SN_PORT_TYPE_LEN); /* PROWAY (IEC955) Active Station List Maintenance */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:221:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x8F], "POWAYgStn:", SN_PORT_TYPE_LEN); /* PROWAY (IEC955) Active Station List Maintenance */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:222:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0xAA], "SNAP:", SN_PORT_TYPE_LEN); /* Sub-Network Access Protocol (SNAP) */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:223:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0xAB], "SNAP grp:", SN_PORT_TYPE_LEN); /* Sub-Network Access Protocol (SNAP) */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:224:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0xFE], "ISO Net:", SN_PORT_TYPE_LEN); /* ISO Network Layer Protocol */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:225:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0xFF], "Global:", SN_PORT_TYPE_LEN); /* Global LSAP */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:228:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x04], "SNA:", SN_PORT_TYPE_LEN); /* IBM SNA Path Control (individual) */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:229:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x05], "SNA grp:", SN_PORT_TYPE_LEN); /* IBM SNA Path Control (group) */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:230:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x18], "TI:", SN_PORT_TYPE_LEN); /* Texas Instruments */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:231:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x19], "TI grp:", SN_PORT_TYPE_LEN); /* Texas Instruments */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:232:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x80], "XNS:", SN_PORT_TYPE_LEN); /* Xerox Network Systems (XNS) */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:233:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x81], "XNS grp:", SN_PORT_TYPE_LEN); /* Xerox Network Systems (XNS) */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:234:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x86], "Nestar:", SN_PORT_TYPE_LEN); /* Nestar */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:235:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x87], "Nestar grp:", SN_PORT_TYPE_LEN); /* Nestar */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:236:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x98], "ARP:", SN_PORT_TYPE_LEN); /* ARPANET Address Resolution Protocol (ARP) */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:237:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x99], "ARP grp:", SN_PORT_TYPE_LEN); /* ARPANET Address Resolution Protocol (ARP) */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:238:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0xBC], "VINES:", SN_PORT_TYPE_LEN); /* Banyan VINES */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:239:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0xBD], "VINES grp:", SN_PORT_TYPE_LEN); /* Banyan VINES */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:240:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0xE0], "NetWare:", SN_PORT_TYPE_LEN); /* Novell Netware */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:241:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0xE1], "NetW grp:", SN_PORT_TYPE_LEN); /* Novell Netware */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:242:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0xF0], "NetBIOS:", SN_PORT_TYPE_LEN); /* IBM NetBIOS */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:243:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0xF1], "NetB grp:", SN_PORT_TYPE_LEN); /* IBM NetBIOS */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:244:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0xF4], "LAN Mgt:", SN_PORT_TYPE_LEN); /* IBM LAN Management (individual) */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:245:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0xF5], "LANgMgt:", SN_PORT_TYPE_LEN); /* IBM LAN Management (group) */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:246:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0xF8], "RPL:", SN_PORT_TYPE_LEN); /* IBM Remote Program Load (RPL) */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:247:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0xF9], "RPL grp:", SN_PORT_TYPE_LEN); /* IBM Remote Program Load (RPL) */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:248:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0xFA], "UB:", SN_PORT_TYPE_LEN); /* Ungermann-Bass */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:249:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0xFB], "UB grp:", SN_PORT_TYPE_LEN); /* Ungermann-Bass */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:252:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x0C], "xSNA:", SN_PORT_TYPE_LEN); /* SNA */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:253:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x0D], "xSNA grp:", SN_PORT_TYPE_LEN); /* SNA */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:254:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x10], "xNetWare:", SN_PORT_TYPE_LEN); /* Netware */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:255:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x11], "xNetW grp:", SN_PORT_TYPE_LEN); /* Netware */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:256:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0xFC], "xRPL:", SN_PORT_TYPE_LEN); /* RPL */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:257:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0xFD], "xRPL grp:", SN_PORT_TYPE_LEN); /* RPL */
data/netdiag-1.2/netwatch-1.3.1-2/services.c:270:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[0], "IEEE802.3", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:272:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[1], "Experimental", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:274:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[2], "XEROX PUP", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:276:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[3], "PUP Addr Trans", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:278:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[4], "Nixdorf", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:280:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[5], "XEROX NS IDP", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:282:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[6], "DLOG", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:284:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[7], "DLOG", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:286:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[8], "Ethernet", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:288:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[9], "X.75", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:290:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[10], "NBS", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:292:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[11], "ECMA", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:294:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[12], "Chaosnet", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:296:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[13], "X.25", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:298:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[14], "ARP", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:300:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[15], "XNS Compat", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:302:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[16], "Symbolics", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:304:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[17], "Xyplex", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:306:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[18], "UB netdebug", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:308:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[19], "IEEE802.3 PUP", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:310:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[20], "PUP Addr Trans", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:312:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[21], "VINES", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:314:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[22], "Berk Trailer neg", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:316:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[23], "Berk Trailer encap/IP", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:318:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[24], "Valid Sys", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:320:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[25], "PCS Basic Block Protocol", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:322:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[26], "BBN Simnet", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:324:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[27], "DEC Unassigned", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:326:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[28], "DEC MOP Dump/Load", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:328:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[29], "DEC MOP Remote Console", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:330:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[30], "DEC DECNET Phase IV Route", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:332:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[31], "DEC LAT", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:334:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[32], "DEC Diag", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:336:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[33], "DEC Customer", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:338:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[34], "DEC LAVC, SCA", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:340:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[35], "DEC Unassigned", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:342:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[36], "3Com", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:344:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[37], "UB downld", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:346:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[38], "UB dia/loop", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:348:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[39], "LRT", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:350:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[40], "Proteon", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:352:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[41], "Cabletron", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:354:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[42], "Cronus VLN", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:356:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[43], "Cronus Direct", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:358:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[44], "HP Probe", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:360:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[45], "Nestar", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:362:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[46], "AT&T", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:364:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[47], "Excelan", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:366:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[48], "SGI diagnostics", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:368:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[49], "SGI net games", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:370:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[50], "SGI reserved", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:372:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[51], "SGI bounce server", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:374:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[52], "Apollo", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:376:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[53], "Tymshare", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:378:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[54], "Tigan", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:380:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[55], "RARP", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:382:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[56], "Aeonic Systems", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:384:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[57], "DEC LANBridge", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:386:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[58], "DEC Unassigned", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:388:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[59], "DEC Encryption", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:390:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[60], "DEC Unassigned", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:392:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[61], "DEC LAN Monitor", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:394:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[62], "DEC Unassigned", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:396:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[63], "Planning Research", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:398:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[64], "AT&T", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:400:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[65], "AT&T", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:402:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[66], "ExperData", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:404:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[67], "Stanford V Kernel exp.", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:406:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[68], "Stanford V Kernel prod.", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:408:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[69], "Evans & Sutherland", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:410:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[70], "Little Machines", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:412:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[71], "Counterpoint", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:414:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[72], "Univ. of Mass. @ Amherst", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:416:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[73], "Univ. of Mass. @ Amherst", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:418:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[74], "Veeco Integrated Auto.", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:420:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[75], "General Dynamics", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:422:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[76], "AT&T", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:424:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[77], "Autophon", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:426:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[78], "ComDesign", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:428:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[79], "Computgraphic", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:430:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[80], "Landmark Graphics", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:432:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[81], "Matra", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:434:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[82], "Dansk Data Elektronik", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:436:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[83], "Merit Internodal", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:438:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[84], "Vitalink Communications", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:440:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[85], "Vitalink TransLAN III", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:442:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[86], "Counterpoint", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:444:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[87], "Appletalk", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:446:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[88], "Datability", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:448:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[89], "Spider Systems", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:450:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[90], "Nixdorf2", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:452:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[91], "Siemens Gammasonics", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:454:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[92], "DCA Data Exchange Cluster", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:456:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[93], "Banyan", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:458:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[94], "Banyan", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:460:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[95], "Pacer Software", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:462:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[96], "Applitek", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:464:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[97], "Intergraph", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:466:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[98], "Harris", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:468:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[99], "Taylor Instrument", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:470:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[100], "Rosemount Corporation", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:472:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[101], "SNA/Ether", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:474:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[102], "Varian Associates", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:476:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[103], "Integrated Solutions TRFS", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:478:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[104], "Allen-Bradley", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:480:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[105], "Datability", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:482:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[106], "Retix", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:484:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[107], "AppleTalk AARP (Kinetics)", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:486:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[108], "Kinetics", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:488:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[109], "Apollo", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:490:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[110], "Wellfleet", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:492:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[111], "Symbolics Private", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:494:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[112], "Hayes", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:496:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[113], "VG Laboratory Systems", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:498:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[114], "Bridge Communications", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:500:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[115], "Novell", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:502:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[116], "KTI", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:504:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[117], "Logicraft", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:506:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[118], "NCD", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:508:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[119], "Alpha Micro", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:510:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[120], "SNMP", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:512:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[121], "BIIN", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:514:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[122], "BIIN", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:516:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[123], "Technically Elite Concept", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:518:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[124], "Rational", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:520:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[125], "Qualcomm", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:522:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[126], "Computer Protocol Pty", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:524:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[127], "Charles River", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:526:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[128], "Protocol Engines", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:528:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[129], "Motorola", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:530:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[130], "Qualcomm", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:532:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[131], "ARAI Bunkichi", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:534:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[132], "RAD Network Devices", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:536:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[133], "Xyplex", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:538:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[134], "Apricot", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:540:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[135], "Artisoft", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:542:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[136], "Polygon", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:544:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[137], "Comsat Labs", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:546:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[138], "SAIC", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:548:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[139], "VG Analytical", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:550:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[140], "Quantum Software", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:552:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[141], "Ascom Banking", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:554:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[142], "AdvEncrypSys", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:556:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[143], "Athena Programming", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:558:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[144], "Charles River Data System", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:560:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[145], "Inst Ind Info Tech", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:562:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[146], "Taurus Controls", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:564:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[147], "Walker Richer & Quinn", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:566:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[148], "Idea Courier", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:568:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[149], "Computer Network Tech", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:570:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[150], "Gateway Comm", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:572:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[151], "SECTRA", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:574:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[152], "Delta Controls", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:576:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[153], "ATOMIC", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:578:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[154], "Landis & Gyr Powers", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:580:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[155], "Motorola", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:582:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[156], "Invisible Software", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:584:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[157], "Loopback", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:586:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[158], "3Com(Bridge) XNS Sys Mgmt", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:588:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[159], "3Com(Bridge) TCP-IP Sys", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:590:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[160], "3Com(Bridge) loop detect", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:592:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[161], "BBN VITAL-LanBridge cache", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:595:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[SN_PROT_IEEE802_3], "IEEE802.3", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:597:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[SN_PROT_SLIP], "SLIP", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:599:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[SN_PROT_PPP], "PPP", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/services.c:601:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[SN_PROT_LOOP], "Loop int", SN_PORT_TYPE_LEN);
data/netdiag-1.2/netwatch-1.3.1-2/warning.c:41:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(tmpname,"~/.nw.warning",256);
data/netdiag-1.2/netwatch-1.3.1-2/warning.c:57:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(warnto,userwarn,256);
data/netdiag-1.2/statnet-3.8/if_getstats.c:50:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp (bp, ifname, strlen (ifname)) == 0 && bp[strlen (ifname)] == ':')
data/netdiag-1.2/statnet-3.8/if_getstats.c:50:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp (bp, ifname, strlen (ifname)) == 0 && bp[strlen (ifname)] == ':')
data/netdiag-1.2/statnet-3.8/services.c:31:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[1], "ICMP:", SN_PORT_TYPE_LEN); /* Internet Control Message [RFC792,JBP] */
data/netdiag-1.2/statnet-3.8/services.c:32:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[2], "IGMP:", SN_PORT_TYPE_LEN); /* Internet Group Management [RFC1112,JBP] */
data/netdiag-1.2/statnet-3.8/services.c:33:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[3], "GGP:", SN_PORT_TYPE_LEN); /* Gateway-to-Gateway [RFC823,MB] */
data/netdiag-1.2/statnet-3.8/services.c:34:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[4], "IP:", SN_PORT_TYPE_LEN); /* IP in IP (encasulation) [JBP] */
data/netdiag-1.2/statnet-3.8/services.c:35:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[5], "ST:", SN_PORT_TYPE_LEN); /* Stream [RFC1190,IEN119,JWF] */
data/netdiag-1.2/statnet-3.8/services.c:36:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[6], "TCP:", SN_PORT_TYPE_LEN); /* Transmission Control [RFC793,JBP] */
data/netdiag-1.2/statnet-3.8/services.c:37:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[7], "UCL:", SN_PORT_TYPE_LEN); /* UCL [PK] */
data/netdiag-1.2/statnet-3.8/services.c:38:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[8], "EGP:", SN_PORT_TYPE_LEN); /* Exterior Gateway Protocol [RFC888,DLM1] */
data/netdiag-1.2/statnet-3.8/services.c:39:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[9], "IGP:", SN_PORT_TYPE_LEN); /* any private interior gateway [JBP] */
data/netdiag-1.2/statnet-3.8/services.c:40:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[10], "BBN-RCC-MON:", SN_PORT_TYPE_LEN); /* BBN RCC Monitoring [SGC] */
data/netdiag-1.2/statnet-3.8/services.c:41:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[11], "NVP-II:", SN_PORT_TYPE_LEN); /* Network Voice Protocol [RFC741,SC3] */
data/netdiag-1.2/statnet-3.8/services.c:42:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[12], "PUP:", SN_PORT_TYPE_LEN); /* PUP [PUP,XEROX] */
data/netdiag-1.2/statnet-3.8/services.c:43:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[13], "ARGUS:", SN_PORT_TYPE_LEN); /* ARGUS [RWS4] */
data/netdiag-1.2/statnet-3.8/services.c:44:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[14], "EMCON:", SN_PORT_TYPE_LEN); /* EMCON [BN7] */
data/netdiag-1.2/statnet-3.8/services.c:45:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[15], "XNET:", SN_PORT_TYPE_LEN); /* Cross Net Debugger [IEN158,JFH2] */
data/netdiag-1.2/statnet-3.8/services.c:46:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[16], "CHAOS:", SN_PORT_TYPE_LEN); /* Chaos [NC3] */
data/netdiag-1.2/statnet-3.8/services.c:47:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[17], "UDP:", SN_PORT_TYPE_LEN); /* User Datagram [RFC768,JBP] */
data/netdiag-1.2/statnet-3.8/services.c:48:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[18], "MUX:", SN_PORT_TYPE_LEN); /* Multiplexing [IEN90,JBP] */
data/netdiag-1.2/statnet-3.8/services.c:49:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[19], "DCN-MEAS:", SN_PORT_TYPE_LEN); /* DCN Measurement Subsystems [DLM1] */
data/netdiag-1.2/statnet-3.8/services.c:50:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[20], "HMP:", SN_PORT_TYPE_LEN); /* Host Monitoring [RFC869,RH6] */
data/netdiag-1.2/statnet-3.8/services.c:51:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[21], "PRM:", SN_PORT_TYPE_LEN); /* Packet Radio Measurement [ZSU] */
data/netdiag-1.2/statnet-3.8/services.c:52:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[22], "XNS-IDP:", SN_PORT_TYPE_LEN); /* XEROX NS IDP [ETHERNET,XEROX] */
data/netdiag-1.2/statnet-3.8/services.c:53:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[23], "TRUNK-1:", SN_PORT_TYPE_LEN); /* Trunk-1 [BWB6] */
data/netdiag-1.2/statnet-3.8/services.c:54:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[24], "TRUNK-2:", SN_PORT_TYPE_LEN); /* Trunk-2 [BWB6] */
data/netdiag-1.2/statnet-3.8/services.c:55:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[25], "LEAF-1:", SN_PORT_TYPE_LEN); /* Leaf-1 [BWB6] */
data/netdiag-1.2/statnet-3.8/services.c:56:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[26], "LEAF-2:", SN_PORT_TYPE_LEN); /* Leaf-2 [BWB6] */
data/netdiag-1.2/statnet-3.8/services.c:57:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[27], "RDP:", SN_PORT_TYPE_LEN); /* Reliable Data Protocol [RFC908,RH6] */
data/netdiag-1.2/statnet-3.8/services.c:58:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[28], "IRTP:", SN_PORT_TYPE_LEN); /* Internet Reliable Transaction [RFC938,TXM] */
data/netdiag-1.2/statnet-3.8/services.c:59:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[29], "ISO-TP4:", SN_PORT_TYPE_LEN); /* ISO Transport Protocol Class 4 [RFC905,RC77] */
data/netdiag-1.2/statnet-3.8/services.c:60:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[30], "NETBLT:", SN_PORT_TYPE_LEN); /* Bulk Data Transfer Protocol [RFC969,DDC1] */
data/netdiag-1.2/statnet-3.8/services.c:61:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[31], "MFE-NSP:", SN_PORT_TYPE_LEN); /* MFE Network Services Protocol [MFENET,BCH2] */
data/netdiag-1.2/statnet-3.8/services.c:62:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[32], "MERIT-INP:", SN_PORT_TYPE_LEN); /* MERIT Internodal Protocol [HWB] */
data/netdiag-1.2/statnet-3.8/services.c:63:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[33], "SEP:", SN_PORT_TYPE_LEN); /* Sequential Exchange Protocol [JC120] */
data/netdiag-1.2/statnet-3.8/services.c:64:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[34], "PC:", SN_PORT_TYPE_LEN); /* Third Party Connect Protocol [SAF3] */
data/netdiag-1.2/statnet-3.8/services.c:65:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[35], "IDPR:", SN_PORT_TYPE_LEN); /* Inter-Domain Policy Routing Protocol [MXS1] */
data/netdiag-1.2/statnet-3.8/services.c:66:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[36], "XTP:", SN_PORT_TYPE_LEN); /* XTP [GXC] */
data/netdiag-1.2/statnet-3.8/services.c:67:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[37], "DDP:", SN_PORT_TYPE_LEN); /* Datagram Delivery Protocol [WXC] */
data/netdiag-1.2/statnet-3.8/services.c:68:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[38], "IDPR-CMTP:", SN_PORT_TYPE_LEN); /* IDPR Control Message Transport Proto [MXS1] */
data/netdiag-1.2/statnet-3.8/services.c:69:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[39], "TP++:", SN_PORT_TYPE_LEN); /* TP++ Transport Protocol [DXF] */
data/netdiag-1.2/statnet-3.8/services.c:70:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[40], "IL:", SN_PORT_TYPE_LEN); /* IL Transport Protocol [DXP2] */
data/netdiag-1.2/statnet-3.8/services.c:71:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[41], "SIP:", SN_PORT_TYPE_LEN); /* Simple Internet Protocol [SXD] */
data/netdiag-1.2/statnet-3.8/services.c:72:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[42], "SDRP:", SN_PORT_TYPE_LEN); /* Source Demand Routing Protocol [DXE1] */
data/netdiag-1.2/statnet-3.8/services.c:73:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[43], "SIP-SR:", SN_PORT_TYPE_LEN); /* SIP Source Route [SXD] */
data/netdiag-1.2/statnet-3.8/services.c:74:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[44], "SIP-FRAG:", SN_PORT_TYPE_LEN); /* SIP Fragment [SXD] */
data/netdiag-1.2/statnet-3.8/services.c:75:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[45], "IDRP:", SN_PORT_TYPE_LEN); /* Inter-Domain Routing Protocol [Sue Hares] */
data/netdiag-1.2/statnet-3.8/services.c:76:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[46], "RSVP:", SN_PORT_TYPE_LEN); /* Reservation Protocol [Bob Braden] */
data/netdiag-1.2/statnet-3.8/services.c:77:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[47], "GRE:", SN_PORT_TYPE_LEN); /* General Routing Encapsulation [Tony Li] */
data/netdiag-1.2/statnet-3.8/services.c:78:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[48], "MHRP:", SN_PORT_TYPE_LEN); /* Mobile Host Routing Protocol[David Johnson] */
data/netdiag-1.2/statnet-3.8/services.c:79:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[49], "BNA:", SN_PORT_TYPE_LEN); /* BNA [Gary Salamon] */
data/netdiag-1.2/statnet-3.8/services.c:80:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[50], "SIPP-ESP:", SN_PORT_TYPE_LEN); /* SIPP Encap Security Payload [Steve Deering] */
data/netdiag-1.2/statnet-3.8/services.c:81:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[51], "SIPP-AH:", SN_PORT_TYPE_LEN); /* SIPP Authentication Header [Steve Deering] */
data/netdiag-1.2/statnet-3.8/services.c:82:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[52], "I-NLSP:", SN_PORT_TYPE_LEN); /* Integrated Net Layer Security TUBA [GLENN] */
data/netdiag-1.2/statnet-3.8/services.c:83:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[53], "SWIPE:", SN_PORT_TYPE_LEN); /* IP with Encryption [JI6] */
data/netdiag-1.2/statnet-3.8/services.c:84:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[54], "NHRP:", SN_PORT_TYPE_LEN); /* NBMA Next Hop Resolution Protocol */
data/netdiag-1.2/statnet-3.8/services.c:85:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[61], "anyhost:", SN_PORT_TYPE_LEN); /* any host internal protocol [JBP] */
data/netdiag-1.2/statnet-3.8/services.c:86:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[62], "CFTP:", SN_PORT_TYPE_LEN); /* CFTP [CFTP,HCF2] */
data/netdiag-1.2/statnet-3.8/services.c:87:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[63], "anylan:", SN_PORT_TYPE_LEN); /* any local network [JBP] */
data/netdiag-1.2/statnet-3.8/services.c:88:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[64], "SAT-EXPAK:", SN_PORT_TYPE_LEN); /* SATNET and Backroom EXPAK [SHB] */
data/netdiag-1.2/statnet-3.8/services.c:89:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[65], "KRYPTOLAN:", SN_PORT_TYPE_LEN); /* Kryptolan [PXL1] */
data/netdiag-1.2/statnet-3.8/services.c:90:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[66], "RVD:", SN_PORT_TYPE_LEN); /* MIT Remote Virtual Disk Protocol [MBG] */
data/netdiag-1.2/statnet-3.8/services.c:91:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[67], "IPPC:", SN_PORT_TYPE_LEN); /* Internet Pluribus Packet Core [SHB] */
data/netdiag-1.2/statnet-3.8/services.c:92:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[68], "dfs:", SN_PORT_TYPE_LEN); /* any distributed file system [JBP] */
data/netdiag-1.2/statnet-3.8/services.c:93:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[69], "SAT-MON:", SN_PORT_TYPE_LEN); /* SATNET Monitoring [SHB] */
data/netdiag-1.2/statnet-3.8/services.c:94:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[70], "VISA:", SN_PORT_TYPE_LEN); /* VISA Protocol [GXT1] */
data/netdiag-1.2/statnet-3.8/services.c:95:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[71], "IPCV:", SN_PORT_TYPE_LEN); /* Internet Packet Core Utility [SHB] */
data/netdiag-1.2/statnet-3.8/services.c:96:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[72], "CPNX:", SN_PORT_TYPE_LEN); /* Computer Protocol Network Executive [DXM2] */
data/netdiag-1.2/statnet-3.8/services.c:97:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[73], "CPHB:", SN_PORT_TYPE_LEN); /* Computer Protocol Heart Beat [DXM2] */
data/netdiag-1.2/statnet-3.8/services.c:98:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[74], "WSN:", SN_PORT_TYPE_LEN); /* Wang Span Network [VXD] */
data/netdiag-1.2/statnet-3.8/services.c:99:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[75], "PVP:", SN_PORT_TYPE_LEN); /* Packet Video Protocol [SC3] */
data/netdiag-1.2/statnet-3.8/services.c:100:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[76], "BR-SAT-MON:", SN_PORT_TYPE_LEN); /* Backroom SATNET Monitoring [SHB] */
data/netdiag-1.2/statnet-3.8/services.c:101:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[77], "SUN-ND:", SN_PORT_TYPE_LEN); /* SUN ND PROTOCOL-Temporary [WM3] */
data/netdiag-1.2/statnet-3.8/services.c:102:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[78], "WB-MON:", SN_PORT_TYPE_LEN); /* WIDEBAND Monitoring [SHB] */
data/netdiag-1.2/statnet-3.8/services.c:103:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[79], "WB-EXPAK:", SN_PORT_TYPE_LEN); /* WIDEBAND EXPAK [SHB] */
data/netdiag-1.2/statnet-3.8/services.c:104:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[80], "ISO-IP:", SN_PORT_TYPE_LEN); /* ISO Internet Protocol [MTR] */
data/netdiag-1.2/statnet-3.8/services.c:105:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[81], "VMTP:", SN_PORT_TYPE_LEN); /* VMTP [DRC3] */
data/netdiag-1.2/statnet-3.8/services.c:106:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[82], "SECURE-VMTP:", SN_PORT_TYPE_LEN); /* SECURE-VMTP [DRC3] */
data/netdiag-1.2/statnet-3.8/services.c:107:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[83], "VINES:", SN_PORT_TYPE_LEN); /* VINES [BXH] */
data/netdiag-1.2/statnet-3.8/services.c:108:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[84], "TTP:", SN_PORT_TYPE_LEN); /* TTP [JXS] */
data/netdiag-1.2/statnet-3.8/services.c:109:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[85], "NSFNET-IGP:", SN_PORT_TYPE_LEN); /* NSFNET-IGP [HWB] */
data/netdiag-1.2/statnet-3.8/services.c:110:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[86], "DGP:", SN_PORT_TYPE_LEN); /* Dissimilar Gateway Protocol [DGP,ML109] */
data/netdiag-1.2/statnet-3.8/services.c:111:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[87], "TCF:", SN_PORT_TYPE_LEN); /* TCF [GAL5] */
data/netdiag-1.2/statnet-3.8/services.c:112:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[88], "IGRP:", SN_PORT_TYPE_LEN); /* IGRP [CISCO,GXS] */
data/netdiag-1.2/statnet-3.8/services.c:113:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[89], "OSPFIGP:", SN_PORT_TYPE_LEN); /* OSPFIGP [RFC1583,JTM4] */
data/netdiag-1.2/statnet-3.8/services.c:114:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[90], "Sprite-RPC:", SN_PORT_TYPE_LEN); /* Sprite RPC Protocol [SPRITE,BXW] */
data/netdiag-1.2/statnet-3.8/services.c:115:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[91], "LARP:", SN_PORT_TYPE_LEN); /* Locus Address Resolution Protocol [BXH] */
data/netdiag-1.2/statnet-3.8/services.c:116:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[92], "MTP:", SN_PORT_TYPE_LEN); /* Multicast Transport Protocol [SXA] */
data/netdiag-1.2/statnet-3.8/services.c:117:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[93], "AX.25:", SN_PORT_TYPE_LEN); /* AX.25 Frames [BK29] */
data/netdiag-1.2/statnet-3.8/services.c:118:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[94], "IPIP:", SN_PORT_TYPE_LEN); /* IP-within-IP Encapsulation Protocol [JI6] */
data/netdiag-1.2/statnet-3.8/services.c:119:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[95], "MICP:", SN_PORT_TYPE_LEN); /* Mobile Internetworking Control Pro. [JI6] */
data/netdiag-1.2/statnet-3.8/services.c:120:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[96], "SCC-SP:", SN_PORT_TYPE_LEN); /* Semaphore Communications Sec. Pro. [HXH] */
data/netdiag-1.2/statnet-3.8/services.c:121:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[97], "ETHERIP:", SN_PORT_TYPE_LEN); /* Ethernet-within-IP Encapsulation [RXH1] */
data/netdiag-1.2/statnet-3.8/services.c:122:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[98], "ENCAP:", SN_PORT_TYPE_LEN); /* Encapsulation Header [RFC1241,RXB3] */
data/netdiag-1.2/statnet-3.8/services.c:123:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[99], "encrypt:", SN_PORT_TYPE_LEN); /* any private encryption scheme [JBP] */
data/netdiag-1.2/statnet-3.8/services.c:124:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (ip_protocol_types[100], "GMTP:", SN_PORT_TYPE_LEN); /* GMTP [RXB5] */
data/netdiag-1.2/statnet-3.8/services.c:142:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (tcp_port_types[6000 - 6063], "x11:", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:157:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (tcp_port_types[0], "fragment ", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:164:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (udp_port_types[0], "fragment ", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:183:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x00], "Null:", SN_PORT_TYPE_LEN); /* Null LSAP */
data/netdiag-1.2/statnet-3.8/services.c:184:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x01], "Null grp:", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:185:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x02], "LLC Mgt:", SN_PORT_TYPE_LEN); /* Individual LLC Sublayer Mgmt Function */
data/netdiag-1.2/statnet-3.8/services.c:186:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x03], "LLCgMgt:", SN_PORT_TYPE_LEN); /* Group LLC Sublayer Mgmt Function */
data/netdiag-1.2/statnet-3.8/services.c:187:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x06], "IP:", SN_PORT_TYPE_LEN); /* ARPANET Internet Protocol (IP) */
data/netdiag-1.2/statnet-3.8/services.c:188:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x07], "IP grp:", SN_PORT_TYPE_LEN); /* ARPANET Internet Protocol (IP) */
data/netdiag-1.2/statnet-3.8/services.c:189:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x0E], "PROWAY Mgt:", SN_PORT_TYPE_LEN); /* PROWAY (IEC955) Network Mgmt & Initialization */
data/netdiag-1.2/statnet-3.8/services.c:190:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x0F], "PROWAYgMgt:", SN_PORT_TYPE_LEN); /* PROWAY (IEC955) Network Mgmt & Initialization */
data/netdiag-1.2/statnet-3.8/services.c:191:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x42], "SpanTree:", SN_PORT_TYPE_LEN); /* IEEE 802.1 Bridge Spanning Tree Protocol */
data/netdiag-1.2/statnet-3.8/services.c:192:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x43], "SpanT grp:", SN_PORT_TYPE_LEN); /* IEEE 802.1 Bridge Spanning Tree Protocol */
data/netdiag-1.2/statnet-3.8/services.c:193:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x4E], "ManMsg:", SN_PORT_TYPE_LEN); /* EIA RS-511 Manufacturing Message Service */
data/netdiag-1.2/statnet-3.8/services.c:194:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x4F], "ManMsg grp:", SN_PORT_TYPE_LEN); /* EIA RS-511 Manufacturing Message Service */
data/netdiag-1.2/statnet-3.8/services.c:195:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x7E], "X.25:", SN_PORT_TYPE_LEN); /* ISO 8208 (X.25 over IEEE 802.2 Type 2 LLC) */
data/netdiag-1.2/statnet-3.8/services.c:196:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x7F], "X.25 grp:", SN_PORT_TYPE_LEN); /* ISO 8208 (X.25 over IEEE 802.2 Type 2 LLC) */
data/netdiag-1.2/statnet-3.8/services.c:197:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x8E], "POWAY Stn:", SN_PORT_TYPE_LEN); /* PROWAY (IEC955) Active Station List Maintenance */
data/netdiag-1.2/statnet-3.8/services.c:198:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x8F], "POWAYgStn:", SN_PORT_TYPE_LEN); /* PROWAY (IEC955) Active Station List Maintenance */
data/netdiag-1.2/statnet-3.8/services.c:199:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0xAA], "SNAP:", SN_PORT_TYPE_LEN); /* Sub-Network Access Protocol (SNAP) */
data/netdiag-1.2/statnet-3.8/services.c:200:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0xAB], "SNAP grp:", SN_PORT_TYPE_LEN); /* Sub-Network Access Protocol (SNAP) */
data/netdiag-1.2/statnet-3.8/services.c:201:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0xFE], "ISO Net:", SN_PORT_TYPE_LEN); /* ISO Network Layer Protocol */
data/netdiag-1.2/statnet-3.8/services.c:202:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0xFF], "Global:", SN_PORT_TYPE_LEN); /* Global LSAP */
data/netdiag-1.2/statnet-3.8/services.c:205:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x04], "SNA:", SN_PORT_TYPE_LEN); /* IBM SNA Path Control (individual) */
data/netdiag-1.2/statnet-3.8/services.c:206:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x05], "SNA grp:", SN_PORT_TYPE_LEN); /* IBM SNA Path Control (group) */
data/netdiag-1.2/statnet-3.8/services.c:207:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x18], "TI:", SN_PORT_TYPE_LEN); /* Texas Instruments */
data/netdiag-1.2/statnet-3.8/services.c:208:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x19], "TI grp:", SN_PORT_TYPE_LEN); /* Texas Instruments */
data/netdiag-1.2/statnet-3.8/services.c:209:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x80], "XNS:", SN_PORT_TYPE_LEN); /* Xerox Network Systems (XNS) */
data/netdiag-1.2/statnet-3.8/services.c:210:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x81], "XNS grp:", SN_PORT_TYPE_LEN); /* Xerox Network Systems (XNS) */
data/netdiag-1.2/statnet-3.8/services.c:211:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x86], "Nestar:", SN_PORT_TYPE_LEN); /* Nestar */
data/netdiag-1.2/statnet-3.8/services.c:212:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x87], "Nestar grp:", SN_PORT_TYPE_LEN); /* Nestar */
data/netdiag-1.2/statnet-3.8/services.c:213:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x98], "ARP:", SN_PORT_TYPE_LEN); /* ARPANET Address Resolution Protocol (ARP) */
data/netdiag-1.2/statnet-3.8/services.c:214:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x99], "ARP grp:", SN_PORT_TYPE_LEN); /* ARPANET Address Resolution Protocol (ARP) */
data/netdiag-1.2/statnet-3.8/services.c:215:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0xBC], "VINES:", SN_PORT_TYPE_LEN); /* Banyan VINES */
data/netdiag-1.2/statnet-3.8/services.c:216:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0xBD], "VINES grp:", SN_PORT_TYPE_LEN); /* Banyan VINES */
data/netdiag-1.2/statnet-3.8/services.c:217:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0xE0], "NetWare:", SN_PORT_TYPE_LEN); /* Novell Netware */
data/netdiag-1.2/statnet-3.8/services.c:218:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0xE1], "NetW grp:", SN_PORT_TYPE_LEN); /* Novell Netware */
data/netdiag-1.2/statnet-3.8/services.c:219:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0xF0], "NetBIOS:", SN_PORT_TYPE_LEN); /* IBM NetBIOS */
data/netdiag-1.2/statnet-3.8/services.c:220:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0xF1], "NetB grp:", SN_PORT_TYPE_LEN); /* IBM NetBIOS */
data/netdiag-1.2/statnet-3.8/services.c:221:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0xF4], "LAN Mgt:", SN_PORT_TYPE_LEN); /* IBM LAN Management (individual) */
data/netdiag-1.2/statnet-3.8/services.c:222:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0xF5], "LANgMgt:", SN_PORT_TYPE_LEN); /* IBM LAN Management (group) */
data/netdiag-1.2/statnet-3.8/services.c:223:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0xF8], "RPL:", SN_PORT_TYPE_LEN); /* IBM Remote Program Load (RPL) */
data/netdiag-1.2/statnet-3.8/services.c:224:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0xF9], "RPL grp:", SN_PORT_TYPE_LEN); /* IBM Remote Program Load (RPL) */
data/netdiag-1.2/statnet-3.8/services.c:225:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0xFA], "UB:", SN_PORT_TYPE_LEN); /* Ungermann-Bass */
data/netdiag-1.2/statnet-3.8/services.c:226:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0xFB], "UB grp:", SN_PORT_TYPE_LEN); /* Ungermann-Bass */
data/netdiag-1.2/statnet-3.8/services.c:229:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x0C], "xSNA:", SN_PORT_TYPE_LEN); /* SNA */
data/netdiag-1.2/statnet-3.8/services.c:230:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x0D], "xSNA grp:", SN_PORT_TYPE_LEN); /* SNA */
data/netdiag-1.2/statnet-3.8/services.c:231:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x10], "xNetWare:", SN_PORT_TYPE_LEN); /* Netware */
data/netdiag-1.2/statnet-3.8/services.c:232:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0x11], "xNetW grp:", SN_PORT_TYPE_LEN); /* Netware */
data/netdiag-1.2/statnet-3.8/services.c:233:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0xFC], "xRPL:", SN_PORT_TYPE_LEN); /* RPL */
data/netdiag-1.2/statnet-3.8/services.c:234:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (sap_port_types[0xFD], "xRPL grp:", SN_PORT_TYPE_LEN); /* RPL */
data/netdiag-1.2/statnet-3.8/services.c:247:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy (protocol_types[0], "0", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:249:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[1], "Experimental", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:251:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[2], "XEROX PUP", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:253:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[3], "PUP Addr Trans", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:255:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[4], "Nixdorf", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:257:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[5], "XEROX NS IDP", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:259:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[6], "DLOG", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:261:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[7], "DLOG", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:263:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[8], "Ethernet", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:265:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[9], "X.75", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:267:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[10], "NBS", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:269:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[11], "ECMA", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:271:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[12], "Chaosnet", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:273:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[13], "X.25", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:275:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[14], "ARP", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:277:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[15], "XNS Compat", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:279:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[16], "Symbolics", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:281:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[17], "Xyplex", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:283:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[18], "UB netdebug", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:285:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[19], "IEEE802.3 PUP", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:287:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[20], "PUP Addr Trans", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:289:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[21], "VINES", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:291:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[22], "Berk Trailer neg", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:293:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[23], "Berk Trailer encap/IP", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:295:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[24], "Valid Sys", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:297:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[25], "PCS Basic Block Protocol", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:299:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[26], "BBN Simnet", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:301:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[27], "DEC Unassigned", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:303:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[28], "DEC MOP Dump/Load", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:305:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[29], "DEC MOP Remote Console", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:307:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[30], "DEC DECNET Phase IV Route", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:309:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[31], "DEC LAT", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:311:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[32], "DEC Diag", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:313:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[33], "DEC Customer", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:315:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[34], "DEC LAVC, SCA", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:317:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[35], "DEC Unassigned", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:319:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[36], "3Com", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:321:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[37], "UB downld", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:323:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[38], "UB dia/loop", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:325:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[39], "LRT", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:327:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[40], "Proteon", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:329:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[41], "Cabletron", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:331:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[42], "Cronus VLN", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:333:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[43], "Cronus Direct", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:335:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[44], "HP Probe", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:337:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[45], "Nestar", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:339:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[46], "AT&T", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:341:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[47], "Excelan", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:343:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[48], "SGI diagnostics", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:345:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[49], "SGI net games", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:347:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[50], "SGI reserved", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:349:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[51], "SGI bounce server", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:351:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[52], "Apollo", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:353:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[53], "Tymshare", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:355:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[54], "Tigan", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:357:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[55], "RARP", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:359:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[56], "Aeonic Systems", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:361:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[57], "DEC LANBridge", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:363:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[58], "DEC Unassigned", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:365:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[59], "DEC Encryption", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:367:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[60], "DEC Unassigned", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:369:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[61], "DEC LAN Monitor", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:371:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[62], "DEC Unassigned", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:373:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[63], "Planning Research", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:375:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[64], "AT&T", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:377:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[65], "AT&T", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:379:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[66], "ExperData", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:381:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[67], "Stanford V Kernel exp.", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:383:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[68], "Stanford V Kernel prod.", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:385:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[69], "Evans & Sutherland", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:387:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[70], "Little Machines", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:389:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[71], "Counterpoint", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:391:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[72], "Univ. of Mass. @ Amherst", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:393:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[73], "Univ. of Mass. @ Amherst", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:395:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[74], "Veeco Integrated Auto.", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:397:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[75], "General Dynamics", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:399:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[76], "AT&T", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:401:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[77], "Autophon", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:403:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[78], "ComDesign", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:405:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[79], "Computgraphic", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:407:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[80], "Landmark Graphics", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:409:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[81], "Matra", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:411:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[82], "Dansk Data Elektronik", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:413:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[83], "Merit Internodal", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:415:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[84], "Vitalink Communications", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:417:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[85], "Vitalink TransLAN III", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:419:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[86], "Counterpoint", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:421:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[87], "Appletalk", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:423:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[88], "Datability", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:425:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[89], "Spider Systems", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:427:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[90], "Nixdorf2", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:429:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[91], "Siemens Gammasonics", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:431:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[92], "DCA Data Exchange Cluster", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:433:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[93], "Banyan", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:435:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[94], "Banyan", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:437:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[95], "Pacer Software", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:439:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[96], "Applitek", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:441:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[97], "Intergraph", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:443:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[98], "Harris", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:445:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[99], "Taylor Instrument", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:447:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[100], "Rosemount Corporation", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:449:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[101], "SNA/Ether", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:451:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[102], "Varian Associates", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:453:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[103], "Integrated Solutions TRFS", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:455:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[104], "Allen-Bradley", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:457:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[105], "Datability", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:459:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[106], "Retix", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:461:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[107], "AppleTalk AARP (Kinetics)", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:463:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[108], "Kinetics", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:465:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[109], "Apollo", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:467:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[110], "Wellfleet", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:469:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[111], "Symbolics Private", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:471:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[112], "Hayes", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:473:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[113], "VG Laboratory Systems", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:475:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[114], "Bridge Communications", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:477:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[115], "Novell", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:479:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[116], "KTI", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:481:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[117], "Logicraft", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:483:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[118], "NCD", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:485:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[119], "Alpha Micro", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:487:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[120], "SNMP", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:489:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[121], "BIIN", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:491:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[122], "BIIN", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:493:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[123], "Technically Elite Concept", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:495:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[124], "Rational", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:497:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[125], "Qualcomm", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:499:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[126], "Computer Protocol Pty", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:501:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[127], "Charles River", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:503:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[128], "Protocol Engines", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:505:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[129], "Motorola", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:507:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[130], "Qualcomm", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:509:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[131], "ARAI Bunkichi", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:511:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[132], "RAD Network Devices", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:513:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[133], "Xyplex", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:515:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[134], "Apricot", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:517:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[135], "Artisoft", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:519:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[136], "Polygon", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:521:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[137], "Comsat Labs", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:523:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[138], "SAIC", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:525:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[139], "VG Analytical", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:527:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[140], "Quantum Software", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:529:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[141], "Ascom Banking", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:531:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[142], "AdvEncrypSys", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:533:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[143], "Athena Programming", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:535:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[144], "Charles River Data System", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:537:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[145], "Inst Ind Info Tech", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:539:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[146], "Taurus Controls", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:541:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[147], "Walker Richer & Quinn", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:543:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[148], "Idea Courier", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:545:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[149], "Computer Network Tech", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:547:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[150], "Gateway Comm", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:549:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[151], "SECTRA", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:551:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[152], "Delta Controls", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:553:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[153], "ATOMIC", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:555:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[154], "Landis & Gyr Powers", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:557:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[155], "Motorola", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:559:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[156], "Invisible Software", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:561:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[157], "Loopback", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:563:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[158], "3Com(Bridge) XNS Sys Mgmt", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:565:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[159], "3Com(Bridge) TCP-IP Sys", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:567:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[160], "3Com(Bridge) loop detect", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:569:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[161], "BBN VITAL-LanBridge cache", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:572:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[SN_PROT_IEEE802_3], "IEEE802.3", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:574:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[SN_PROT_SLIP], "SLIP", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:576:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[SN_PROT_PPP], "PPP", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:578:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[SN_PROT_LOOP], "Loop int", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:674:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy (protocol_types[0], "0", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/services.c:676:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (protocol_types[1], "Experimental", SN_PORT_TYPE_LEN);
data/netdiag-1.2/statnet-3.8/statnet.c:463:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( COLS < 25 + min( 25, strlen( StatMem->servername ) ) )
data/netdiag-1.2/statnet-3.8/statnet.c:465:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mvprintw (0, (COLS - min( 25, strlen( StatMem->servername ) )) / 2,
data/netdiag-1.2/statnet-3.8/statnet.c:470:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( ((COLS/2) + 14) > COLS - min( 25, strlen( StatMem->servername )+1 ) )
data/netdiag-1.2/statnet-3.8/statnet.c:473:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mvprintw (0, (COLS - min( 25, strlen( StatMem->servername )+1 )),
data/netdiag-1.2/statnet-3.8/statnet.c:479:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mvprintw (0, (COLS - min( 25, strlen( StatMem->servername )+1 )),
data/netdiag-1.2/statnet-3.8/statnetd.c:147:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( server_label, utsbuf.nodename, STATNETD_NAME_LEN );
data/netdiag-1.2/statnet-3.8/statnetd.c:205:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( server_label, utsbuf.nodename, STATNETD_NAME_LEN );
data/netdiag-1.2/statnet-3.8/statnetd.c:224:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( server_label, optarg, STATNETD_NAME_LEN );
data/netdiag-1.2/statnet-3.8/statnetd.c:241:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( interface_name, optarg, STATNETD_IFACE_LEN );
data/netdiag-1.2/statnet-3.8/statnetd.c:274:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( StatMem->servername, server_label, STATNETD_NAME_LEN );
data/netdiag-1.2/tcpblast-20011111/discard.c:57:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((bytes = read(fdin, buf, sizeof(buf))) <= 0) break;
data/netdiag-1.2/tcpblast-20011111/discard.c:73:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(buf, "Just a template for new services.\r\n", sizeof(buf));
data/netdiag-1.2/tcpblast-20011111/discard.c:74:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(fdout, buf, strlen(buf));
data/netdiag-1.2/tcpblast-20011111/discard.c:78:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((bytes = read(fdin, buf, sizeof(buf))) <= 0) break;
data/netdiag-1.2/tcpblast-20011111/discard.c:140:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fname, argv[0], sizeof(fname));
data/netdiag-1.2/tcpblast-20011111/docs/orig/pieters/discard.c:53:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((bytes = read(sock, buf, sizeof(buf))) <= 0)
data/netdiag-1.2/tcpblast-20011111/getopt.c:233:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# if (!defined __STDC__ || !__STDC__) && !defined strlen
data/netdiag-1.2/tcpblast-20011111/getopt.c:236:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extern int strlen (const char *);
data/netdiag-1.2/tcpblast-20011111/getopt.c:434:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = nonoption_flags_max_len = strlen (orig_str);
data/netdiag-1.2/tcpblast-20011111/getopt.c:662:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
== (unsigned int) strlen (p->name))
data/netdiag-1.2/tcpblast-20011111/getopt.c:686:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/netdiag-1.2/tcpblast-20011111/getopt.c:718:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/netdiag-1.2/tcpblast-20011111/getopt.c:734:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/netdiag-1.2/tcpblast-20011111/getopt.c:739:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/netdiag-1.2/tcpblast-20011111/getopt.c:850:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((unsigned int) (nameend - nextchar) == strlen (p->name))
data/netdiag-1.2/tcpblast-20011111/getopt.c:873:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/netdiag-1.2/tcpblast-20011111/getopt.c:893:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/netdiag-1.2/tcpblast-20011111/getopt.c:907:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/netdiag-1.2/tcpblast-20011111/getopt.c:911:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/netdiag-1.2/tcpblast-20011111/tcpblast.c:366:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (errptr == NULL) || (strlen(errptr) == 0) ) return val;
data/netdiag-1.2/tcpblast-20011111/tcpblast.c:368:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uleft = strlen(errptr);
data/netdiag-1.2/tcpblast-20011111/tcpblast.c:371:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(errptr+uleft-strlen(unitsmth[i].unit), unitsmth[i].unit, strlen(unitsmth[i].unit))==0) {
data/netdiag-1.2/tcpblast-20011111/tcpblast.c:371:76: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(errptr+uleft-strlen(unitsmth[i].unit), unitsmth[i].unit, strlen(unitsmth[i].unit))==0) {
data/netdiag-1.2/tcpblast-20011111/tcpblast.c:373:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uleft -= strlen(unitsmth[i].unit);
data/netdiag-1.2/tcpblast-20011111/tcpblast.c:384:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(errptr, unitmult[i].unit, strlen(unitmult[i].unit)) == 0) {
data/netdiag-1.2/tcpblast-20011111/tcpblast.c:385:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(unitmult[i].unit) != uleft) continue;
data/netdiag-1.2/tcpblast-20011111/tcpblast.c:387:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uleft -= strlen(unitmult[i].unit);
data/netdiag-1.2/tcpblast-20011111/tcpblast.c:529:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fname, argv[0], sizeof(fname));
data/netdiag-1.2/tcpblast-20011111/tcpblast.c:595:25: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
case 'r': reading=1; strcpy(port,"7"); break;
data/netdiag-1.2/tcpblast-20011111/tcpblast.c:596:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
case 'R': rate=1; srate = malloc(strlen(optarg)+1);
data/netdiag-1.2/tcpblast-20011111/tcpblast.c:657:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(hostname, argv[optind], sizeof(hostname)-1);
data/netdiag-1.2/tcpblast-20011111/tcpblast.c:687:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(hostname, hostname+1, strlen(hostname+1)+1);
data/netdiag-1.2/tcpblast-20011111/tcpblast.c:695:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (pport) strncpy(port, pport, sizeof(port)-1);
data/netdiag-1.2/tcpblast-20011111/tcpblast.c:795:24: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
if (delay && !rate) usleep(delay);
data/netdiag-1.2/tcpblast-20011111/tcpblast.c:811:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(tdiff.tv_sec*1000000 + tdiff.tv_usec);
data/netdiag-1.2/tcpblast-20011111/tcpblast.c:843:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read1=read(f, rbuff+read1, (size_t)blksize-read1);
data/netdiag-1.2/tcpspray/tcpspray.c:235:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((cnt = read(sock, buf, bytes_left)) == -1) {
data/netdiag-1.2/tcpspray/tcpspray.c:262:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((cnt = read(sock, buf, bytes_left)) == -1) {
data/netdiag-1.2/tcpspray/tcpspray.c:290:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((cnt = read(fd[0], (char *) &delta, sizeof(delta))) == -1) {
data/netdiag-1.2/tcpspray/tcpspray.c:320:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(delay);
data/netdiag-1.2/tcpspray/tcpspray.c:356:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(delay);
data/netdiag-1.2/trafshow-5.2.3/addrtoname.c:175:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(dst, cp, size);
data/netdiag-1.2/trafshow-5.2.3/colormask.c:379:10: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(void)strcat(buf, "/");
data/netdiag-1.2/trafshow-5.2.3/colormask.c:381:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(void)strcat(buf, ".");
data/netdiag-1.2/trafshow-5.2.3/domain_resolver.c:491:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(buf, domain, sizeof(buf));
data/netdiag-1.2/trafshow-5.2.3/getkey.c:269:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(prompt_buf, expression, sizeof(prompt_buf));
data/netdiag-1.2/trafshow-5.2.3/getkey.c:283:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(prompt_buf, search, sizeof(prompt_buf));
data/netdiag-1.2/trafshow-5.2.3/getkey.c:506:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bartop = strlen(prompter);
data/netdiag-1.2/trafshow-5.2.3/getkey.c:519:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nb = strlen(prompt_buf);
data/netdiag-1.2/trafshow-5.2.3/getkey.c:556:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(&prompt_buf[cur]) < barlen)
data/netdiag-1.2/trafshow-5.2.3/getkey.c:642:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(cut_buf);
data/netdiag-1.2/trafshow-5.2.3/getkey.c:643:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (i && (buf_size - 1) - strlen(prompt_buf) >= i) {
data/netdiag-1.2/trafshow-5.2.3/help_page.c:142:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(topic);
data/netdiag-1.2/trafshow-5.2.3/help_page.c:147:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(dst + i, topic, size - i);
data/netdiag-1.2/trafshow-5.2.3/screen.c:183:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mvaddstr(LINES-2, COLS/2 - strlen(buf)/2, buf);
data/netdiag-1.2/trafshow-5.2.3/session.c:468:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rlen = read(sd->sock, buf, sizeof(buf));
data/netdiag-1.2/trafshow-5.2.3/session.c:472:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rest = strlen(strcpy(buf, sd->buf));
data/netdiag-1.2/trafshow-5.2.3/session.c:476:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rlen = read(sd->sock, &buf[rest], (sizeof(buf)-1) - rest);
data/netdiag-1.2/trafshow-5.2.3/session.c:522:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rest = strlen(cp);
data/netdiag-1.2/trafshow-5.2.3/session.c:531:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cp) > MAX_STR_LEN) {
data/netdiag-1.2/trafshow-5.2.3/show_dump.c:243:15: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
if (op < 1) usleep(1000); /* 1ms idle to prevent deadloop */
data/netdiag-1.2/trafshow-5.2.3/show_if.c:81:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(cp);
data/netdiag-1.2/trafshow-5.2.3/show_if.c:93:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(cp);
data/netdiag-1.2/trafshow-5.2.3/show_if.c:140:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(dst, hostname, size);
data/netdiag-1.2/trafshow-5.2.3/show_stat.c:139:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(dst, cp, size);
data/netdiag-1.2/trafshow-5.2.3/show_stat.c:178:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(&buf[1], cp, 10);
data/netdiag-1.2/trafshow-5.2.3/show_stat.c:180:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/netdiag-1.2/trafshow-5.2.3/show_stat.c:181:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dst) + len < size)
data/netdiag-1.2/trafshow-5.2.3/show_stat.c:198:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(dst, etheraddr_string(addr), size);
data/netdiag-1.2/trafshow-5.2.3/show_stat.c:204:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
else (void)strncpy(&buf[1], llcsap_string(sap), 10);
data/netdiag-1.2/trafshow-5.2.3/show_stat.c:206:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/netdiag-1.2/trafshow-5.2.3/show_stat.c:207:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dst) + len < size)
data/netdiag-1.2/trafshow-5.2.3/show_stat.c:242:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
else (void)strncpy(proto_buf, ipproto_string(ns->ip_proto),
data/netdiag-1.2/trafshow-5.2.3/show_stat.c:248:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(src_buf, etheraddr_string(ns->eth_src_addr),
data/netdiag-1.2/trafshow-5.2.3/show_stat.c:253:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(dst_buf, etheraddr_string(ns->eth_dst_addr),
data/netdiag-1.2/trafshow-5.2.3/show_stat.c:260:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
else (void)strncpy(proto_buf, ethertype_string(ns->eth_type),
data/netdiag-1.2/trafshow-5.2.3/show_stat.c:266:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(src_buf, etheraddr_string(ns->eth_src_addr),
data/netdiag-1.2/trafshow-5.2.3/show_stat.c:271:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(dst_buf, etheraddr_string(ns->eth_dst_addr),
data/netdiag-1.2/trafshow-5.2.3/show_stat.c:279:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
else (void)strncpy(proto_buf, llcsap_string(ns->eth_ssap),
data/netdiag-1.2/trafshow-5.2.3/show_stat.c:293:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
(void)strncpy(proto_buf, "802.3", proto_len);
data/netdiag-1.2/trafshow-5.2.3/show_stat.c:318:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(src_buf + strlen(src_buf), "/%d", ph->masklen);
data/netdiag-1.2/trafshow-5.2.3/show_stat.c:319:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(dst_buf + strlen(dst_buf), "/%d", ph->masklen);
data/netdiag-1.2/trafshow-5.2.3/snprintf.c:224:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
width -= strlen((char *)arg);
data/netdiag-1.2/trafshow-5.2.3/trafshow.c:367:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MIN(strlen(dp->name), sizeof(ifr.ifr_name)-1));
data/netdiag-1.2/trafshow-5.2.3/trafshow.c:371:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen(cp);
data/netdiag-1.2/trafshow-5.2.3/trafshow.c:384:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen(cp);
data/netdiag-1.2/trafshow-5.2.3/trafshow.c:496:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(buf, expr, sizeof(buf));
data/netdiag-1.2/trafshow-5.2.3/trafshow.c:516:14: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
if (!npkt) usleep(1000); /* 1ms idle to prevent deadloop */
data/netdiag-1.2/trafshow-5.2.3/trafshow.c:549:14: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
if (!npkt) usleep(1000); /* 1ms idle to prevent deadloop */
data/netdiag-1.2/trafshow-5.2.3/util.c:46:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ep = bp + (strlen(bp)-1);
data/netdiag-1.2/trafshow-5.2.3/util.c:66:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (*p) len += strlen(*p++) + 1;
data/netdiag-1.2/trafshow-5.2.3/util.c:117:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((sz = read(fd, cp, sz)) < 0) {
ANALYSIS SUMMARY:
Hits = 1416
Lines analyzed = 30693 in approximately 0.97 seconds (31686 lines/second)
Physical Source Lines of Code (SLOC) = 23890
Hits@level = [0] 721 [1] 802 [2] 444 [3] 30 [4] 140 [5] 0
Hits@level+ = [0+] 2137 [1+] 1416 [2+] 614 [3+] 170 [4+] 140 [5+] 0
Hits/KSLOC@level+ = [0+] 89.4517 [1+] 59.2717 [2+] 25.7011 [3+] 7.11595 [4+] 5.86019 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.