Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/netrek-client-cow-3.3.2/socket.c
Examining data/netrek-client-cow-3.3.2/patchlevel.h
Examining data/netrek-client-cow-3.3.2/cowmain.h
Examining data/netrek-client-cow-3.3.2/short.h
Examining data/netrek-client-cow-3.3.2/mkkey.c
Examining data/netrek-client-cow-3.3.2/death.h
Examining data/netrek-client-cow-3.3.2/usleep.c
Examining data/netrek-client-cow-3.3.2/Wlib.h
Examining data/netrek-client-cow-3.3.2/rotate.h
Examining data/netrek-client-cow-3.3.2/colors.h
Examining data/netrek-client-cow-3.3.2/ranklist.c
Examining data/netrek-client-cow-3.3.2/string_util.c
Examining data/netrek-client-cow-3.3.2/setstate.c
Examining data/netrek-client-cow-3.3.2/struct.h
Examining data/netrek-client-cow-3.3.2/rotate.c
Examining data/netrek-client-cow-3.3.2/rint.c
Examining data/netrek-client-cow-3.3.2/netstatopt.h
Examining data/netrek-client-cow-3.3.2/map.c
Examining data/netrek-client-cow-3.3.2/pingstats.h
Examining data/netrek-client-cow-3.3.2/hullbitmaps.h
Examining data/netrek-client-cow-3.3.2/playback.h
Examining data/netrek-client-cow-3.3.2/macrowin.c
Examining data/netrek-client-cow-3.3.2/censor.h
Examining data/netrek-client-cow-3.3.2/warning.c
Parsing failed to find end of parameter list; semicolon terminated it in (newtext, "%.100s %02d:%02d:%02d",
(doPhaser && phaserShowStats) ? newtext : text, tm->tm_hour,
#else
sprintf(newtext, "%.100s %02d:%02d:%02d", text, tm->tm_hour,
#endif
tm->tm_mi
Examining data/netrek-client-cow-3.3.2/cowapi.h
Examining data/netrek-client-cow-3.3.2/short.c
Examining data/netrek-client-cow-3.3.2/bitmaps.h
Examining data/netrek-client-cow-3.3.2/newwin.c
Examining data/netrek-client-cow-3.3.2/getship.h
Examining data/netrek-client-cow-3.3.2/mkcflags.c
Examining data/netrek-client-cow-3.3.2/camera.c
Examining data/netrek-client-cow-3.3.2/spopt.h
Examining data/netrek-client-cow-3.3.2/sound.h
Examining data/netrek-client-cow-3.3.2/spopt.c
Examining data/netrek-client-cow-3.3.2/planetlist.c
Examining data/netrek-client-cow-3.3.2/pingstats.c
Examining data/netrek-client-cow-3.3.2/myf.c
Examining data/netrek-client-cow-3.3.2/sintab.c
Examining data/netrek-client-cow-3.3.2/xclrs.h
Examining data/netrek-client-cow-3.3.2/moobitmaps.h
Examining data/netrek-client-cow-3.3.2/docwin.h
Examining data/netrek-client-cow-3.3.2/util.h
Examining data/netrek-client-cow-3.3.2/myf.h
Examining data/netrek-client-cow-3.3.2/tools.c
Examining data/netrek-client-cow-3.3.2/getname.h
Examining data/netrek-client-cow-3.3.2/input.c
Examining data/netrek-client-cow-3.3.2/defs.h
Examining data/netrek-client-cow-3.3.2/option.c
Examining data/netrek-client-cow-3.3.2/getname.c
Examining data/netrek-client-cow-3.3.2/string_util.h
Examining data/netrek-client-cow-3.3.2/beeplite.h
Examining data/netrek-client-cow-3.3.2/randomize.c
Examining data/netrek-client-cow-3.3.2/udpopt.h
Examining data/netrek-client-cow-3.3.2/helpwin.h
Examining data/netrek-client-cow-3.3.2/defwin.c
Examining data/netrek-client-cow-3.3.2/distress.h
Examining data/netrek-client-cow-3.3.2/smessage.h
Examining data/netrek-client-cow-3.3.2/x11window.c
Examining data/netrek-client-cow-3.3.2/dmessage.c
Examining data/netrek-client-cow-3.3.2/ltd_stats.h
Examining data/netrek-client-cow-3.3.2/check.c
Examining data/netrek-client-cow-3.3.2/defaults.h
Examining data/netrek-client-cow-3.3.2/tngbitmaps.h
Examining data/netrek-client-cow-3.3.2/findslot.h
Examining data/netrek-client-cow-3.3.2/colors.c
Examining data/netrek-client-cow-3.3.2/data.c
Examining data/netrek-client-cow-3.3.2/strdup.c
Examining data/netrek-client-cow-3.3.2/ping.h
Examining data/netrek-client-cow-3.3.2/stats.h
Examining data/netrek-client-cow-3.3.2/map.h
Examining data/netrek-client-cow-3.3.2/war.h
Examining data/netrek-client-cow-3.3.2/distress.c
Examining data/netrek-client-cow-3.3.2/enter.h
Examining data/netrek-client-cow-3.3.2/senddist.c
Examining data/netrek-client-cow-3.3.2/newwin.h
Examining data/netrek-client-cow-3.3.2/parsemeta.c
Examining data/netrek-client-cow-3.3.2/macrowin.h
Examining data/netrek-client-cow-3.3.2/interface.h
Examining data/netrek-client-cow-3.3.2/inform.c
Examining data/netrek-client-cow-3.3.2/reserved.h
Examining data/netrek-client-cow-3.3.2/data.h
Examining data/netrek-client-cow-3.3.2/defwin.h
Examining data/netrek-client-cow-3.3.2/name.c
Examining data/netrek-client-cow-3.3.2/copyright2.h
Examining data/netrek-client-cow-3.3.2/defaults.c
Examining data/netrek-client-cow-3.3.2/redraw.h
Examining data/netrek-client-cow-3.3.2/oldbitmaps.h
Examining data/netrek-client-cow-3.3.2/sound.c
Examining data/netrek-client-cow-3.3.2/getship.c
Examining data/netrek-client-cow-3.3.2/feature.h
Examining data/netrek-client-cow-3.3.2/wtext.h
Examining data/netrek-client-cow-3.3.2/x11window.h
Examining data/netrek-client-cow-3.3.2/stats.c
Examining data/netrek-client-cow-3.3.2/local.h
Examining data/netrek-client-cow-3.3.2/netstatopt.c
Examining data/netrek-client-cow-3.3.2/warning.h
Examining data/netrek-client-cow-3.3.2/badversion.h
Examining data/netrek-client-cow-3.3.2/helpwin.c
Examining data/netrek-client-cow-3.3.2/x11sprite.c
Examining data/netrek-client-cow-3.3.2/socket.h
Examining data/netrek-client-cow-3.3.2/copyright.h
Examining data/netrek-client-cow-3.3.2/senddist.h
Examining data/netrek-client-cow-3.3.2/redraw.c
Examining data/netrek-client-cow-3.3.2/tools.h
Examining data/netrek-client-cow-3.3.2/version.h
Examining data/netrek-client-cow-3.3.2/smessage.c
Examining data/netrek-client-cow-3.3.2/packets.h
Examining data/netrek-client-cow-3.3.2/audio.h
Examining data/netrek-client-cow-3.3.2/camera.h
Examining data/netrek-client-cow-3.3.2/dashboard3.c
Examining data/netrek-client-cow-3.3.2/playback.c
Examining data/netrek-client-cow-3.3.2/option.h
Examining data/netrek-client-cow-3.3.2/input.h
Examining data/netrek-client-cow-3.3.2/random.c
Examining data/netrek-client-cow-3.3.2/ping.c
Examining data/netrek-client-cow-3.3.2/audio.c
Examining data/netrek-client-cow-3.3.2/dashboard.c
Examining data/netrek-client-cow-3.3.2/death.c
Examining data/netrek-client-cow-3.3.2/udpopt.c
Examining data/netrek-client-cow-3.3.2/interface.c
Examining data/netrek-client-cow-3.3.2/enter.c
Examining data/netrek-client-cow-3.3.2/playerlist.h
Examining data/netrek-client-cow-3.3.2/reserved.c
Examining data/netrek-client-cow-3.3.2/check.h
Examining data/netrek-client-cow-3.3.2/netstat.c
Examining data/netrek-client-cow-3.3.2/rabbitbitmaps.h
Examining data/netrek-client-cow-3.3.2/feature.c
Examining data/netrek-client-cow-3.3.2/dmessage.h
Examining data/netrek-client-cow-3.3.2/beeplite.c
Examining data/netrek-client-cow-3.3.2/findslot.c
Examining data/netrek-client-cow-3.3.2/inform.h
Examining data/netrek-client-cow-3.3.2/netstat.h
Examining data/netrek-client-cow-3.3.2/util.c
Examining data/netrek-client-cow-3.3.2/playerlist.c
Examining data/netrek-client-cow-3.3.2/local.c
Examining data/netrek-client-cow-3.3.2/lagmeter.h
Examining data/netrek-client-cow-3.3.2/litebitmaps.h
Examining data/netrek-client-cow-3.3.2/x11sprite.h
Examining data/netrek-client-cow-3.3.2/parsemeta.h
Examining data/netrek-client-cow-3.3.2/wsl.c
Examining data/netrek-client-cow-3.3.2/lagmeter.c
Examining data/netrek-client-cow-3.3.2/main.c
Examining data/netrek-client-cow-3.3.2/censor.c
Examining data/netrek-client-cow-3.3.2/docwin.c
Examining data/netrek-client-cow-3.3.2/war.c
Examining data/netrek-client-cow-3.3.2/dashboard.h
Examining data/netrek-client-cow-3.3.2/cowmain.c
FINAL RESULTS:
data/netrek-client-cow-3.3.2/distress.c:579:3: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(cry, buf3, MSG_LEN - 1);
data/netrek-client-cow-3.3.2/audio.c:96:7: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(sound_player, argv);
data/netrek-client-cow-3.3.2/audio.c:125:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(shared_data->name, name);
data/netrek-client-cow-3.3.2/cowmain.c:384:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(homedot, SERVER_FILE);
data/netrek-client-cow-3.3.2/cowmain.c:438:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(gateway, buf);
data/netrek-client-cow-3.3.2/cowmain.c:654:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(defaulttmp, "port.%s", server);
data/netrek-client-cow-3.3.2/cowmain.c:659:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(defaulttmp, "server.%s", server); /* check for "abbreviation" */
data/netrek-client-cow-3.3.2/cowmain.c:944:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Welcome aboard %s!", ranks[me->p_stats.st_rank].name);
data/netrek-client-cow-3.3.2/death.c:98:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(deathmessage, "Congratulations, you were promoted to %s",
data/netrek-client-cow-3.3.2/death.c:131:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(deathmessage,
data/netrek-client-cow-3.3.2/death.c:138:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(deathmessage,
data/netrek-client-cow-3.3.2/death.c:145:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(deathmessage,
data/netrek-client-cow-3.3.2/death.c:152:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(deathmessage, "You were killed by planetary fire from %s (%c)",
data/netrek-client-cow-3.3.2/death.c:157:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(deathmessage, "You were killed by the explosion of %s (%c%c)",
data/netrek-client-cow-3.3.2/death.c:166:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(deathmessage, "Galaxy has been conquered by %s (%c%c) %s",
data/netrek-client-cow-3.3.2/death.c:179:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(deathmessage, "You were GENOCIDED by %s (%c%c) %s. You suck!",
data/netrek-client-cow-3.3.2/defaults.c:587:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "useRSA.%s", serverName);
data/netrek-client-cow-3.3.2/defaults.c:777:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, shipdefaults[i].name);
data/netrek-client-cow-3.3.2/defaults.c:784:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, shipdefaults[i].name);
data/netrek-client-cow-3.3.2/defaults.c:791:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, shipdefaults[i].name);
data/netrek-client-cow-3.3.2/defaults.c:798:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, shipdefaults[i].name);
data/netrek-client-cow-3.3.2/defaults.c:833:20: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
accessible = access(found, R_OK); \
data/netrek-client-cow-3.3.2/defaults.c:841:20: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
accessible = access(found, R_OK); \
data/netrek-client-cow-3.3.2/defaults.c:857:16: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
accessible = access(fname, R_OK);
data/netrek-client-cow-3.3.2/defaults.c:860:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(found, fname);
data/netrek-client-cow-3.3.2/defaults.c:877:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(found, "%s%s", home, fname);
data/netrek-client-cow-3.3.2/defaults.c:879:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(found, "%s/%s", home, fname);
data/netrek-client-cow-3.3.2/defaults.c:891:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(found, "%s%s", home, fname);
data/netrek-client-cow-3.3.2/defaults.c:893:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(found, "%s/%s", home, fname);
data/netrek-client-cow-3.3.2/defs.h:315:65: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define UDPDIAG(x) { if (udpDebug == 2) { printf("UDP: "); printf x; }}
data/netrek-client-cow-3.3.2/distress.c:93:25: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define warning(x) fprintf(stderr,x)
data/netrek-client-cow-3.3.2/dmessage.c:281:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(client_ver, "@netrek-client-cow %s.%d", mvers, PATCHLEVEL);
data/netrek-client-cow-3.3.2/docwin.c:180:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp->data, line);
data/netrek-client-cow-3.3.2/docwin.c:334:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp->data, line);
data/netrek-client-cow-3.3.2/feature.c:135:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s: %s(%d)", &packet->name[0],
data/netrek-client-cow-3.3.2/findslot.c:53:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "You are on the queue at %s, please wait.", serverName);
data/netrek-client-cow-3.3.2/findslot.c:79:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Q%d @ %s", count, serverName);
data/netrek-client-cow-3.3.2/inform.c:83:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(buf, "%s (%c%c)", j->p_name, teamlet[j->p_team], shipnos[j->p_no]);
data/netrek-client-cow-3.3.2/inform.c:92:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(buf, "Ship Type: %-s", my_classes[j->p_ship.s_type]);
data/netrek-client-cow-3.3.2/inform.c:105:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(buf, "%s@%s", j->p_login, j->p_monitor);
data/netrek-client-cow-3.3.2/inform.c:120:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(buf, "%s (%c%c):", j->p_name, teamlet[j->p_team], shipnos[j->p_no]);
data/netrek-client-cow-3.3.2/inform.c:122:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(buf, "Login %-s", j->p_login);
data/netrek-client-cow-3.3.2/inform.c:125:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(buf, "Display %-s", j->p_monitor);
data/netrek-client-cow-3.3.2/inform.c:132:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Bombing: %s %5d",
data/netrek-client-cow-3.3.2/inform.c:138:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Planets: %s %5d",
data/netrek-client-cow-3.3.2/inform.c:156:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Offense: %s %5d",
data/netrek-client-cow-3.3.2/inform.c:175:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Defense: %s %5d",
data/netrek-client-cow-3.3.2/inform.c:225:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(buf, "%s (%c)", k->pl_name, teamlet[k->pl_owner]);
data/netrek-client-cow-3.3.2/inform.c:231:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(buf, "%s %s %s %s %c%c%c%c",
data/netrek-client-cow-3.3.2/inform.c:245:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(buf, "%s", k->pl_name);
data/netrek-client-cow-3.3.2/input.c:1654:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mbuf, "Re-reading %s", defaultsFile);
data/netrek-client-cow-3.3.2/macrowin.c:89:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(maclines[0], "%-8s %s",
data/netrek-client-cow-3.3.2/macrowin.c:119:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(macromessage, "Packages active: NBT%s%s",
data/netrek-client-cow-3.3.2/macrowin.c:126:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(macromessage, "Currently showing: %s",
data/netrek-client-cow-3.3.2/macrowin.c:206:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(macromessage, macro[i].string);
data/netrek-client-cow-3.3.2/main.c:375:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(url, upgradeURL, arch);
data/netrek-client-cow-3.3.2/main.c:379:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(url, releaseURL, mvers, PATCHLEVEL);
data/netrek-client-cow-3.3.2/main.c:383:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(url, bugURL, mvers, PATCHLEVEL, arch);
data/netrek-client-cow-3.3.2/main.c:408:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(webcall, sizeof(webcall), wwwlink, url);
data/netrek-client-cow-3.3.2/main.c:409:11: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(webcall) == -1)
data/netrek-client-cow-3.3.2/map.c:503:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(gu_text, buf);
data/netrek-client-cow-3.3.2/mkcflags.c:66:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pigcall, "%s.%d, %s, %s, ", version, PATCHLEVEL, arch, cdate);
data/netrek-client-cow-3.3.2/mkcflags.c:91:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (pigcall, buf);
data/netrek-client-cow-3.3.2/mkkey.c:629:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(clientsfp, sequence_header, n_shells, n_shells, n_shells, real_j);
data/netrek-client-cow-3.3.2/mkkey.c:630:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(clientsfp, rsa_box_defs);
data/netrek-client-cow-3.3.2/mkkey.c:645:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, per_box_trailer);
data/netrek-client-cow-3.3.2/mkkey.c:654:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s_%d.c", clients_basename, file_no);
data/netrek-client-cow-3.3.2/mkkey.c:661:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, per_box_header, file_no);
data/netrek-client-cow-3.3.2/mkkey.c:662:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, rsa_box_defs);
data/netrek-client-cow-3.3.2/mkkey.c:740:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, sequence_trailer, real_j, n_shells);
data/netrek-client-cow-3.3.2/mkkey.c:1113:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, key_name);
data/netrek-client-cow-3.3.2/mkkey.c:1121:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s.c", clients_basename);
data/netrek-client-cow-3.3.2/mkkey.c:1152:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(clientsfp, header, KEY_SIZE, KEY_SIZE);
data/netrek-client-cow-3.3.2/mkkey.c:1204:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(clientsfp, trailer, KEY_SIZE);
data/netrek-client-cow-3.3.2/myf.c:22:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf(buf, 100, fmt, args);
data/netrek-client-cow-3.3.2/netstat.c:206:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nfthresh_s, s);
data/netrek-client-cow-3.3.2/netstatopt.c:36:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%sollect network stats",
data/netrek-client-cow-3.3.2/netstatopt.c:57:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Network failure threshold: %s_", ns_get_nfthresh_s());
data/netrek-client-cow-3.3.2/newwin.c:1288:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "--- %s ---", (char *) query_cowid());
data/netrek-client-cow-3.3.2/option.c:488:14: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void) sprintf(buf, op->op_text, op->op_string);
data/netrek-client-cow-3.3.2/option.c:492:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, op->op_array[*op->op_option]);
data/netrek-client-cow-3.3.2/option.c:496:14: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void) sprintf(buf, op->op_text, *(op->op_option));
data/netrek-client-cow-3.3.2/option.c:516:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, op->op_text);
data/netrek-client-cow-3.3.2/parsemeta.c:652:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cacheFileName, cacheName);
data/netrek-client-cow-3.3.2/parsemeta.c:657:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpFileName, cacheFileName);
data/netrek-client-cow-3.3.2/parsemeta.c:885:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf + strlen(buf), " %4d%s", age, units);
data/netrek-client-cow-3.3.2/parsemeta.c:890:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, sp->observer ? "Observing" : "Playing" );
data/netrek-client-cow-3.3.2/parsemeta.c:909:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, badversion_short_strings[badversion]);
data/netrek-client-cow-3.3.2/parsemeta.c:1160:5: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(program, args);
data/netrek-client-cow-3.3.2/planetlist.c:43:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(buf, "%-16s %3s %3d %6s %4s %4s %4s %c%c%c%c",
data/netrek-client-cow-3.3.2/planetlist.c:60:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(buf, "%-16s",
data/netrek-client-cow-3.3.2/playback.c:842:15: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(recordIndexFile, INDEX_FORMAT, pb_sequence_count,
data/netrek-client-cow-3.3.2/playback.c:897:16: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
while (fscanf(recordIndexFile,
data/netrek-client-cow-3.3.2/ranklist.c:93:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, buf2);
data/netrek-client-cow-3.3.2/short.c:938:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(addrbuf + 5, "%s", teamshort[me->p_team]);
data/netrek-client-cow-3.3.2/short.c:949:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%-9s%s", addrbuf, &packet->mesg);
data/netrek-client-cow-3.3.2/short.c:1372:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(phstatmsg, "%s [%d%%]", w_texts[damage],
data/netrek-client-cow-3.3.2/short.c:1396:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(buf, "Phaser burst hit %s for %d points", target->p_name, damage);
data/netrek-client-cow-3.3.2/short.c:1406:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Weapons Officer: Bombarding %s... Sensors read %d armies left.",
data/netrek-client-cow-3.3.2/short.c:1412:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s: Too few armies to beam up",
data/netrek-client-cow-3.3.2/short.c:1421:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Starbase %s: Too few armies to beam up",
data/netrek-client-cow-3.3.2/short.c:1426:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "No more armies to beam down to Starbase %s.",
data/netrek-client-cow-3.3.2/short.c:1432:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "No more armies to beam down to %s.",
data/netrek-client-cow-3.3.2/short.c:1437:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Transporter Room: Starbase %s reports all troop bunkers are full!",
data/netrek-client-cow-3.3.2/short.c:1444:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, vari_texts[(unsigned char) packet->argument],
data/netrek-client-cow-3.3.2/short.c:1450:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Beaming down. (%d/%d) %s has %d armies left",
data/netrek-client-cow-3.3.2/short.c:1462:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Transferring ground units. (%d/%d) Starbase %s has %d armies left",
data/netrek-client-cow-3.3.2/short.c:1469:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Locking onto %s", planets[(unsigned char) packet->argument].pl_name);
data/netrek-client-cow-3.3.2/short.c:1473:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "You need a rank of %s or higher to command a starbase!",
data/netrek-client-cow-3.3.2/short.c:1478:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Starbase %s refusing us docking permission captain.",
data/netrek-client-cow-3.3.2/short.c:1483:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Starbase %s: Permission to dock denied, all ports currently occupied.",
data/netrek-client-cow-3.3.2/short.c:1488:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Locking onto %s (%c%c)",
data/netrek-client-cow-3.3.2/short.c:1495:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Locking onto %s (%c%c) (docking is %s)",
data/netrek-client-cow-3.3.2/short.c:1546:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(msg.mesg, "GOD->ALL %s (%c%c) was kill %s for %s (%c%c)",
data/netrek-client-cow-3.3.2/short.c:1558:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(msg.mesg, "GOD->ALL %s (%c%c+%d armies) was kill %s for %s (%c%c)",
data/netrek-client-cow-3.3.2/short.c:1611:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(msg.mesg, "GOD->ALL %s (%c%c) killed by %s (%c)",
data/netrek-client-cow-3.3.2/short.c:1648:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(buf, "%-3s->%-3s", planets[(unsigned char) packet->argument2].pl_name, teamshort[planets[(unsigned char) packet->argument2].pl_owner]);
data/netrek-client-cow-3.3.2/short.c:1649:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(buf1, "We are being attacked by %s %c%c who is %d%% damaged.",
data/netrek-client-cow-3.3.2/short.c:1654:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(msg.mesg, "%s %s", buf, buf1);
data/netrek-client-cow-3.3.2/short.c:1682:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(buf, "%s destroyed by %s (%c%c)",
data/netrek-client-cow-3.3.2/short.c:1687:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(buf1, "%-3s->%-3s",
data/netrek-client-cow-3.3.2/short.c:1689:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(msg.mesg, "%s %s", buf1, buf);
data/netrek-client-cow-3.3.2/short.c:1717:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(buf, "%s taken over by %s (%c%c)",
data/netrek-client-cow-3.3.2/short.c:1722:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(buf1, "%-3s->%-3s",
data/netrek-client-cow-3.3.2/short.c:1724:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(msg.mesg, "%s %s", buf1, buf);
data/netrek-client-cow-3.3.2/short.c:1753:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(msg.mesg, "GOD->ALL %s (%c%c) was kill %0.2f for the GhostBusters",
data/netrek-client-cow-3.3.2/short.c:1779:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(msg.mesg, "GOD->ALL %s(%s) (%c%c%s) killed by %s (%c)",
data/netrek-client-cow-3.3.2/short.c:1817:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(msg.mesg, "GOD->ALL %s(%s) (%c%c) was kill %0.2f for %s(%s) (%c%c)",
data/netrek-client-cow-3.3.2/short.c:1831:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(msg.mesg, "GOD->ALL %s(%s) (%c%c+%d armies) was kill %0.2f for %s(%s) (%c%c)",
data/netrek-client-cow-3.3.2/short.c:1876:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msg.mesg, daemon_texts[(unsigned char) packet->argument]);
data/netrek-client-cow-3.3.2/short.c:1907:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s_texte[(unsigned char) warn->pad2], warn->mesg);
data/netrek-client-cow-3.3.2/short.c:1925:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(b, "%-50s %s", s, whydeadmess[m]);
data/netrek-client-cow-3.3.2/short.c:1927:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, b);
data/netrek-client-cow-3.3.2/smessage.c:147:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outmessage, addr_str);
data/netrek-client-cow-3.3.2/smessage.c:344:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(defaultsFile, str);
data/netrek-client-cow-3.3.2/smessage.c:345:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mbuf, "changing defaultsFile to %s", str);
data/netrek-client-cow-3.3.2/smessage.c:355:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(newbuf, "%s %s", getaddr2(group, recip), str);
data/netrek-client-cow-3.3.2/smessage.c:461:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(&addrmesg[5], "%s", teamshort[recip]);
data/netrek-client-cow-3.3.2/socket.c:794:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(serverName, hp->h_name);
data/netrek-client-cow-3.3.2/socket.c:800:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(serverName, inet_ntoa(addr.sin_addr));
data/netrek-client-cow-3.3.2/socket.c:908:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msg.mesg + 16, host_req);
data/netrek-client-cow-3.3.2/socket.c:2080:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(packet.name, name);
data/netrek-client-cow-3.3.2/socket.c:2081:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(packet.password, pass);
data/netrek-client-cow-3.3.2/socket.c:2084:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(packet.login, login);
data/netrek-client-cow-3.3.2/socket.c:2540:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pl->p_name, packet->name);
data/netrek-client-cow-3.3.2/socket.c:2542:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pl->p_login, packet->login);
data/netrek-client-cow-3.3.2/socket.c:2715:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pl->pl_name, packet->name);
data/netrek-client-cow-3.3.2/socket.c:3632:61: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PUDPDIAG(x) { if (udpDebug) { printf("UDP: "); printf x; }}
data/netrek-client-cow-3.3.2/sound.c:806:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(name, "%s/%s", dirName, fileName);
data/netrek-client-cow-3.3.2/sound.c:1090:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sound_prefix, sounddir);
data/netrek-client-cow-3.3.2/sound.c:1094:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, sounddir);
data/netrek-client-cow-3.3.2/sound.c:1196:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, sounds[type].name);
data/netrek-client-cow-3.3.2/sound.c:1362:10: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
(void) snprintf(buf, sizeof buf, sound_init ? "Reset audio hardware"
data/netrek-client-cow-3.3.2/sound.c:1366:10: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
(void) snprintf(buf, sizeof buf, sound_init ? "Restart external sound player"
data/netrek-client-cow-3.3.2/spopt.c:42:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%seceive variable and short packets",
data/netrek-client-cow-3.3.2/spopt.c:46:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%seceive messages", recv_mesg ? "R" : "Don't r");
data/netrek-client-cow-3.3.2/spopt.c:49:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%seceive kill messages", recv_kmesg ? "R" : "Don't r");
data/netrek-client-cow-3.3.2/spopt.c:52:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%seceive warning messages", recv_warn ? "R" : "Don't r");
data/netrek-client-cow-3.3.2/spopt.c:55:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Receive threshold: %s_", recv_threshold_s);
data/netrek-client-cow-3.3.2/strdup.c:12:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (charptr, strptr);
data/netrek-client-cow-3.3.2/tools.c:34:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(str, "set %s %c", pipebuf, &c) == 2)
data/netrek-client-cow-3.3.2/tools.c:52:31: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (shelltools && (pipefp = popen(str, "r")) != NULL)
data/netrek-client-cow-3.3.2/udpopt.c:41:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "UDP channel is %s", (commMode == COMM_TCP) ?
data/netrek-client-cow-3.3.2/udpopt.c:71:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Sequence checking is %s", (udpSequenceChk) ?
data/netrek-client-cow-3.3.2/udpopt.c:137:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "gw: %s %d/%d/%d", gw_mach, gw_serv_port, gw_port,
data/netrek-client-cow-3.3.2/war.c:62:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(buf, " %s%s", string, wars);
data/netrek-client-cow-3.3.2/war.c:67:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(buf, " %s%s", string, hostiles);
data/netrek-client-cow-3.3.2/war.c:72:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(buf, " %s%s", string, peaces);
data/netrek-client-cow-3.3.2/warning.c:36:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(newtext, "%s [%2d%%]", text,
data/netrek-client-cow-3.3.2/wsl.c:55:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname2, fname);
data/netrek-client-cow-3.3.2/wsl.c:216:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newsnd->name, name);
data/netrek-client-cow-3.3.2/x11sprite.c:127:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(filename, R_OK) != 0) {
data/netrek-client-cow-3.3.2/x11sprite.c:176:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(filename, R_OK) != 0) {
data/netrek-client-cow-3.3.2/x11sprite.c:258:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/%s/%s", pixmapDir, teamnames[i], shipfiles[j]);
data/netrek-client-cow-3.3.2/x11sprite.c:274:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/%s/%s", pixmapDir, teamnames[i], torpfiles[j]);
data/netrek-client-cow-3.3.2/x11sprite.c:277:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/%s/%s", pixmapDir, teamnames[i], plasmafiles[j]);
data/netrek-client-cow-3.3.2/x11sprite.c:291:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/Misc/%s", pixmapDir, explosionfiles[i]);
data/netrek-client-cow-3.3.2/x11sprite.c:304:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/Planets/Map/%s", pixmapDir, mplanetfiles[i]);
data/netrek-client-cow-3.3.2/x11sprite.c:310:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/Planets/%s", pixmapDir, mplanetfiles[i - 1]);
data/netrek-client-cow-3.3.2/x11sprite.c:324:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/Misc/%s", pixmapDir, cloakfile);
data/netrek-client-cow-3.3.2/x11sprite.c:335:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/Misc/%s", pixmapDir, bgfiles[i]);
data/netrek-client-cow-3.3.2/x11sprite.c:744:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "%s/%s", pixmapDir, name);
data/netrek-client-cow-3.3.2/x11sprite.c:774:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "%s/ss", pixmapDir);
data/netrek-client-cow-3.3.2/x11sprite.c:826:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "%s/%s", pixmapDir, name);
data/netrek-client-cow-3.3.2/x11window.c:722:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(defaultstring, "color.%s", colortable[i].name);
data/netrek-client-cow-3.3.2/x11window.c:735:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(defaultstring, "color.%s",
data/netrek-client-cow-3.3.2/x11window.c:843:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(defaultstring, "color.%s", colortable[i].name);
data/netrek-client-cow-3.3.2/x11window.c:855:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(defaultstring, "color.%s",
data/netrek-client-cow-3.3.2/x11window.c:975:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(title_buff, serverName);
data/netrek-client-cow-3.3.2/x11window.c:979:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(title_buff, "Netrek @ %s", serverName);
data/netrek-client-cow-3.3.2/x11window.c:2733:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mask_path, path);
data/netrek-client-cow-3.3.2/x11window.c:2813:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mask_path, path);
data/netrek-client-cow-3.3.2/x11window.c:2871:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mask_path, path);
data/netrek-client-cow-3.3.2/x11window.c:3224:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s.geometry", name);
data/netrek-client-cow-3.3.2/x11window.c:3239:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s.parent", name);
data/netrek-client-cow-3.3.2/x11window.c:3268:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s.mapped", name);
data/netrek-client-cow-3.3.2/x11window.c:3276:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s.mapped", name);
data/netrek-client-cow-3.3.2/cowmain.c:92:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
extern char *getenv();
data/netrek-client-cow-3.3.2/cowmain.c:225:47: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *gw_m, *gw_p, *gw_lp, *gw_sp, *err, *getenv();
data/netrek-client-cow-3.3.2/cowmain.c:230:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
gw_m = getenv("GW_MACH");
data/netrek-client-cow-3.3.2/cowmain.c:251:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
gw_p = getenv("GW_PORT");
data/netrek-client-cow-3.3.2/cowmain.c:252:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
gw_sp = getenv("GW_SPORT");
data/netrek-client-cow-3.3.2/cowmain.c:253:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
gw_lp = getenv("GW_LPORT");
data/netrek-client-cow-3.3.2/cowmain.c:356:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
gw_m = getenv("GW_MACH");
data/netrek-client-cow-3.3.2/cowmain.c:380:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("HOME") != NULL)
data/netrek-client-cow-3.3.2/cowmain.c:382:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
STRNCPY(homedot, getenv("HOME"), sizeof(homedot));
data/netrek-client-cow-3.3.2/defaults.c:62:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *getenv(const char *);
data/netrek-client-cow-3.3.2/defaults.c:865:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
home = getenv("HOME");
data/netrek-client-cow-3.3.2/mkkey.c:134:8: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
(void)setstate(rand_state1);
data/netrek-client-cow-3.3.2/mkkey.c:136:8: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
(void)setstate(rand_state2);
data/netrek-client-cow-3.3.2/newwin.c:822:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
*team = random() % 4;
data/netrek-client-cow-3.3.2/random.c:43:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
long random ();
data/netrek-client-cow-3.3.2/random.c:44:6: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
void srandom ();
data/netrek-client-cow-3.3.2/random.c:200:1: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom (x)
data/netrek-client-cow-3.3.2/random.c:216:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
(void) random ();
data/netrek-client-cow-3.3.2/random.c:289:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom (seed);
data/netrek-client-cow-3.3.2/random.c:313:1: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
setstate (arg_state)
data/netrek-client-cow-3.3.2/random.c:368:1: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random ()
data/netrek-client-cow-3.3.2/setstate.c:6:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define random rrandom
data/netrek-client-cow-3.3.2/setstate.c:7:9: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define srandom ssrandom
data/netrek-client-cow-3.3.2/setstate.c:50:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
long random();
data/netrek-client-cow-3.3.2/setstate.c:51:6: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
void srandom();
data/netrek-client-cow-3.3.2/setstate.c:204:1: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom (x)
data/netrek-client-cow-3.3.2/setstate.c:219:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
(void) random ();
data/netrek-client-cow-3.3.2/setstate.c:282:2: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(seed);
data/netrek-client-cow-3.3.2/setstate.c:306:1: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
setstate(arg_state)
data/netrek-client-cow-3.3.2/setstate.c:359:1: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random ()
data/netrek-client-cow-3.3.2/sound.c:976:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((sd=getenv("SOUNDDIR")) != NULL)
data/netrek-client-cow-3.3.2/audio.c:50:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[5], shmids[10], mypid[10], *sound_player;
data/netrek-client-cow-3.3.2/audio.c:80:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(shmids, "%i", shmid);
data/netrek-client-cow-3.3.2/audio.c:81:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mypid, "%i", getpid());
data/netrek-client-cow-3.3.2/audio.c:83:14: [2] (race) vfork:
On some old systems, vfork() permits race conditions, and it's very
difficult to use correctly (CWE-362). Use fork() instead.
if ((pid = vfork()) == 0)
data/netrek-client-cow-3.3.2/audio.h:55:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[PATH_MAX];
data/netrek-client-cow-3.3.2/beeplite.c:27:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[100];
data/netrek-client-cow-3.3.2/bitmaps.h:12:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fed_scout_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/bitmaps.h:113:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char kli_scout_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/bitmaps.h:214:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rom_scout_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/bitmaps.h:315:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ori_scout_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/bitmaps.h:416:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fed_cruiser_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/bitmaps.h:517:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char kli_cruiser_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/bitmaps.h:618:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rom_cruiser_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/bitmaps.h:720:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ROMVLVS_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/bitmaps.h:822:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ori_cruiser_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/bitmaps.h:923:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fed_battleship_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/bitmaps.h:1024:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char kli_battleship_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/bitmaps.h:1125:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rom_battleship_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/bitmaps.h:1226:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ori_battleship_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/bitmaps.h:1327:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fed_starbase_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/bitmaps.h:1428:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char kli_starbase_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/bitmaps.h:1529:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rom_starbase_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/bitmaps.h:1630:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ori_starbase_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/bitmaps.h:1731:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rom_assault_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/bitmaps.h:1832:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ori_assault_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/bitmaps.h:1933:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char kli_assault_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/bitmaps.h:2034:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fed_assault_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/bitmaps.h:2135:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char kli_destroyer_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/bitmaps.h:2236:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ori_destroyer_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/bitmaps.h:2337:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fed_destroyer_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/bitmaps.h:2438:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rom_destroyer_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/bitmaps.h:2537:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sbexp_bits[7][800] =
data/netrek-client-cow-3.3.2/bitmaps.h:3109:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fed_galaxy_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/bitmaps.h:3208:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rom_galaxy_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/bitmaps.h:3308:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char kli_galaxy_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/bitmaps.h:3409:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ori_galaxy_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/bitmaps.h:3510:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ind_galaxy_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/bitmaps.h:3596:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ind_scout_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/bitmaps.h:3682:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ind_cruiser_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/bitmaps.h:3768:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ind_battleship_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/bitmaps.h:3854:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ind_starbase_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/bitmaps.h:3940:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ind_assault_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/bitmaps.h:4026:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ind_destroyer_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/censor.c:14:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char badWord[MAX_CURSE_LEN];
data/netrek-client-cow-3.3.2/censor.c:37:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char replacementChars[REPLACE_STR_LEN + 1] = "@#$%^&*%#$%@#$*&@%$%";
data/netrek-client-cow-3.3.2/check.c:47:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[BUF_SIZE];
data/netrek-client-cow-3.3.2/cowapi.h:53:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char pseudo[PSEUDOSIZE];
data/netrek-client-cow-3.3.2/cowapi.h:54:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char defpasswd[PSEUDOSIZE];
data/netrek-client-cow-3.3.2/cowapi.h:55:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char login[PSEUDOSIZE];
data/netrek-client-cow-3.3.2/cowmain.c:93:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *home, homedot[256];
data/netrek-client-cow-3.3.2/cowmain.c:117:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[16];
data/netrek-client-cow-3.3.2/cowmain.c:118:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inet_addr[24];
data/netrek-client-cow-3.3.2/cowmain.c:121:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_name[64];
data/netrek-client-cow-3.3.2/cowmain.c:122:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[40];
data/netrek-client-cow-3.3.2/cowmain.c:176:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
answer = (answer << 8) | atoi(t);
data/netrek-client-cow-3.3.2/cowmain.c:314:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
answer = (answer << 8) | atoi(t);
data/netrek-client-cow-3.3.2/cowmain.c:373:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/netrek-client-cow-3.3.2/cowmain.c:385:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(homedot, "r");
data/netrek-client-cow-3.3.2/cowmain.c:392:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(buf, "r");
data/netrek-client-cow-3.3.2/cowmain.c:397:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(SERVER_FILE, "r");
data/netrek-client-cow-3.3.2/cowmain.c:442:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trekhopd_port = atoi(buf);
data/netrek-client-cow-3.3.2/cowmain.c:460:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ump->uid = atoi(cp);
data/netrek-client-cow-3.3.2/cowmain.c:462:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ump->serv_port = atoi(cp);
data/netrek-client-cow-3.3.2/cowmain.c:464:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ump->port = atoi(cp);
data/netrek-client-cow-3.3.2/cowmain.c:466:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ump->local_port = atoi(cp);
data/netrek-client-cow-3.3.2/cowmain.c:494:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
slp->remote_port = atoi(cp);
data/netrek-client-cow-3.3.2/cowmain.c:496:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
slp->gw_port = atoi(cp);
data/netrek-client-cow-3.3.2/cowmain.c:524:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char defaulttmp[100];
data/netrek-client-cow-3.3.2/cowmain.c:564:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/netrek-client-cow-3.3.2/cowmain.c:578:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char myname[64];
data/netrek-client-cow-3.3.2/cowmain.c:615:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
recordFile = fopen(recordFileName, "wb");
data/netrek-client-cow-3.3.2/cowmain.c:627:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logFile = fopen(logFileName, "a");
data/netrek-client-cow-3.3.2/cowmain.c:700:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logFile = fopen(logFileName, "a");
data/netrek-client-cow-3.3.2/cowmain.c:746:18: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (fastGuest) strcpy(pseudo, "guest");
data/netrek-client-cow-3.3.2/cowmain.c:756:18: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (fastGuest) strcpy(defpasswd, "guest");
data/netrek-client-cow-3.3.2/cowmain.c:807:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,
data/netrek-client-cow-3.3.2/cowmain.c:942:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/netrek-client-cow-3.3.2/cowmain.c:946:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Welcome aboard!");
data/netrek-client-cow-3.3.2/dashboard.c:86:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstr[32];
data/netrek-client-cow-3.3.2/dashboard.c:142:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/netrek-client-cow-3.3.2/dashboard3.c:118:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[32];
data/netrek-client-cow-3.3.2/dashboard3.c:252:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[13];
data/netrek-client-cow-3.3.2/dashboard3.c:347:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[32];
data/netrek-client-cow-3.3.2/data.c:92:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buttonmap[W_BUTTON_RANGE] =
data/netrek-client-cow-3.3.2/data.c:157:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char defaultsFile[80] = "";
data/netrek-client-cow-3.3.2/data.c:272:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char testdata[16];
data/netrek-client-cow-3.3.2/data.c:287:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char recv_threshold_s[8] =
data/netrek-client-cow-3.3.2/data.c:354:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lastMessage[80];
data/netrek-client-cow-3.3.2/data.c:360:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *teamshort[16] =
data/netrek-client-cow-3.3.2/data.c:363:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pseudo[PSEUDOSIZE];
data/netrek-client-cow-3.3.2/data.c:364:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char defpasswd[PSEUDOSIZE];
data/netrek-client-cow-3.3.2/data.c:365:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char login[PSEUDOSIZE];
data/netrek-client-cow-3.3.2/data.c:407:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char deathmessage[80];
data/netrek-client-cow-3.3.2/data.c:408:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outmessage[85]; /* 80 chars made sun4's core
data/netrek-client-cow-3.3.2/data.c:423:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char singleMacro[MAX_MACRO] = "";
data/netrek-client-cow-3.3.2/data.c:427:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cloakChars[3] = "??";
data/netrek-client-cow-3.3.2/data.c:508:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *distlite[NUM_DIST] =
data/netrek-client-cow-3.3.2/data.c:550:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lastIn[100];
data/netrek-client-cow-3.3.2/data.c:650:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char keys[MAX_KEY] = "";
data/netrek-client-cow-3.3.2/data.h:215:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char defaultsFile[80];
data/netrek-client-cow-3.3.2/data.h:312:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char pseudo[PSEUDOSIZE];
data/netrek-client-cow-3.3.2/data.h:313:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char defpasswd[PSEUDOSIZE];
data/netrek-client-cow-3.3.2/data.h:314:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char login[PSEUDOSIZE];
data/netrek-client-cow-3.3.2/data.h:343:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char deathmessage[80];
data/netrek-client-cow-3.3.2/data.h:352:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned char singleMacro[MAX_MACRO];
data/netrek-client-cow-3.3.2/data.h:357:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char cloakChars[3];
data/netrek-client-cow-3.3.2/data.h:398:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char lastIn[100];
data/netrek-client-cow-3.3.2/data.h:480:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned char keys[MAX_KEY];
data/netrek-client-cow-3.3.2/death.c:29:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *teamstring[9] =
data/netrek-client-cow-3.3.2/death.c:101:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(deathmessage, "Congratulations, you were promoted");
data/netrek-client-cow-3.3.2/death.c:113:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(deathmessage, "Okay, you died, but that is NORMAL! Press Enter for new ship!");
data/netrek-client-cow-3.3.2/death.c:128:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(deathmessage, " You QUIT!!");
data/netrek-client-cow-3.3.2/death.c:163:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(deathmessage, "You were killed by a dying daemon.");
data/netrek-client-cow-3.3.2/death.c:176:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(deathmessage, "You were killed by a confused daemon.");
data/netrek-client-cow-3.3.2/death.c:187:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(deathmessage, "You were nuked by GOD.");
data/netrek-client-cow-3.3.2/death.c:190:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(deathmessage, "The game is over!");
data/netrek-client-cow-3.3.2/death.c:193:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(deathmessage, "The tournament game has begun!");
data/netrek-client-cow-3.3.2/death.c:200:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(deathmessage, "The tournament game has ended.");
data/netrek-client-cow-3.3.2/death.c:203:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(deathmessage, "Your netrek executable didn't verify correctly.");
data/netrek-client-cow-3.3.2/death.c:206:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(deathmessage,
data/netrek-client-cow-3.3.2/defaults.c:82:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[256];
data/netrek-client-cow-3.3.2/defaults.c:92:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char keysused[256];
data/netrek-client-cow-3.3.2/defaults.c:118:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(deffile, "r");
data/netrek-client-cow-3.3.2/defaults.c:514:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(str);
data/netrek-client-cow-3.3.2/defaults.c:549:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[100];
data/netrek-client-cow-3.3.2/defwin.c:844:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char value[10];
data/netrek-client-cow-3.3.2/defwin.c:846:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(value, "%d", v);
data/netrek-client-cow-3.3.2/distress.c:166:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c",
data/netrek-client-cow-3.3.2/distress.c:212:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[10 * MAXMACLEN];
data/netrek-client-cow-3.3.2/distress.c:214:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[10 * MAXMACLEN];
data/netrek-client-cow-3.3.2/distress.c:215:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf3[10 * MAXMACLEN];
data/netrek-client-cow-3.3.2/distress.c:216:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[10 * MAXMACLEN];
data/netrek-client-cow-3.3.2/distress.c:436:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%5.2f", j->p_kills);
data/netrek-client-cow-3.3.2/distress.c:663:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufh[10 * MAXMACLEN];
data/netrek-client-cow-3.3.2/distress.c:664:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufc[10 * MAXMACLEN];
data/netrek-client-cow-3.3.2/distress.c:727:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(bufh) < atoi(bufc))
data/netrek-client-cow-3.3.2/distress.c:727:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(bufh) < atoi(bufc))
data/netrek-client-cow-3.3.2/distress.c:734:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(bufh) > atoi(bufc))
data/netrek-client-cow-3.3.2/distress.c:734:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(bufh) > atoi(bufc))
data/netrek-client-cow-3.3.2/distress.c:935:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[256]; /* returns static */
data/netrek-client-cow-3.3.2/dmessage.c:37:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timebuf[10];
data/netrek-client-cow-3.3.2/dmessage.c:54:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(timebuf, "%02d:%02d:%02d", tm->tm_hour, tm->tm_min, tm->tm_sec);
data/netrek-client-cow-3.3.2/dmessage.c:276:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char client_ver[80];
data/netrek-client-cow-3.3.2/docwin.c:39:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/netrek-client-cow-3.3.2/docwin.c:126:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[80], *filename = NULL;
data/netrek-client-cow-3.3.2/docwin.c:133:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fptr = fopen(filename, "r")) == NULL)
data/netrek-client-cow-3.3.2/docwin.c:136:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fptr = fopen("BRM.DOC", "r")) == NULL)
data/netrek-client-cow-3.3.2/docwin.c:206:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/netrek-client-cow-3.3.2/docwin.c:289:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[80], filename[256];
data/netrek-client-cow-3.3.2/docwin.c:302:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fptr = fopen(filename, "r")) == NULL)
data/netrek-client-cow-3.3.2/enter.c:95:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ranks, &default_ranks, i);
data/netrek-client-cow-3.3.2/enter.c:107:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/netrek-client-cow-3.3.2/enter.c:111:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Flags Warp Dam Shd Torps Kills Armies Fuel Wtemp Etemp");
data/netrek-client-cow-3.3.2/enter.c:113:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,
data/netrek-client-cow-3.3.2/feature.c:24:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[80];
data/netrek-client-cow-3.3.2/feature.c:125:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/netrek-client-cow-3.3.2/feature.c:224:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, " disabled:");
data/netrek-client-cow-3.3.2/feature.c:226:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " LITE_PLAYERS_MAP");
data/netrek-client-cow-3.3.2/feature.c:228:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " LITE_PLAYERS_LOCAL");
data/netrek-client-cow-3.3.2/feature.c:230:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " LITE_SELF");
data/netrek-client-cow-3.3.2/feature.c:232:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " LITE_PLANETS");
data/netrek-client-cow-3.3.2/feature.c:234:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " LITE_SOUNDS\n");
data/netrek-client-cow-3.3.2/feature.c:236:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " LITE_COLOR");
data/netrek-client-cow-3.3.2/feature.c:238:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " LITE_TTS");
data/netrek-client-cow-3.3.2/findslot.c:51:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[60];
data/netrek-client-cow-3.3.2/findslot.c:70:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/netrek-client-cow-3.3.2/findslot.c:74:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " %d ", count);
data/netrek-client-cow-3.3.2/findslot.c:75:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (count == -1) strcpy(buf, " ? ");
data/netrek-client-cow-3.3.2/getname.c:29:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char n_buf[16];
data/netrek-client-cow-3.3.2/getname.c:30:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char p_buf_a[16];
data/netrek-client-cow-3.3.2/getname.c:31:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char p_buf_b[16];
data/netrek-client-cow-3.3.2/getname.c:62:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[17];
data/netrek-client-cow-3.3.2/getname.c:65:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "****************");
data/netrek-client-cow-3.3.2/getname.c:377:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ppwd[16];
data/netrek-client-cow-3.3.2/getship.c:128:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) shipp, (char *) &(shipvals[s_type]), sizeof(struct ship));
data/netrek-client-cow-3.3.2/helpwin.c:161:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helpmessage[MAXHELP];
data/netrek-client-cow-3.3.2/hullbitmaps.h:8:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hull_bits[HULL_FRAMES][HULL_BYTE_SIZE] =
data/netrek-client-cow-3.3.2/inform.c:29:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *my_classes[NUM_TYPES] =
data/netrek-client-cow-3.3.2/inform.c:36:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/netrek-client-cow-3.3.2/inform.c:37:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ftoabuf[8];
data/netrek-client-cow-3.3.2/inform.c:85:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(buf, "Speed: %-d", j->p_speed);
data/netrek-client-cow-3.3.2/inform.c:89:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(buf, "kills: %-4.2f", j->p_kills);
data/netrek-client-cow-3.3.2/inform.c:149:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "KPH: %5.2f %5d",
data/netrek-client-cow-3.3.2/inform.c:168:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "DPH: %5.2f %5d",
data/netrek-client-cow-3.3.2/inform.c:183:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " Maxkills: %6.2f", j->p_stats.st_sbmaxkills);
data/netrek-client-cow-3.3.2/inform.c:187:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " Maxkills: %6.2f", j->p_stats.st_maxkills);
data/netrek-client-cow-3.3.2/inform.c:193:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " Hours: %6.2f",
data/netrek-client-cow-3.3.2/inform.c:198:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " Hours: %6.2f",
data/netrek-client-cow-3.3.2/inform.c:228:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(buf, "Armies %d", k->pl_armies);
data/netrek-client-cow-3.3.2/inform.c:248:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(buf, "No other info");
data/netrek-client-cow-3.3.2/input.c:1650:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbuf[80];
data/netrek-client-cow-3.3.2/input.c:1694:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/netrek-client-cow-3.3.2/input.c:1697:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "UDP client version %.1f",
data/netrek-client-cow-3.3.2/interface.c:181:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timebuf[9];
data/netrek-client-cow-3.3.2/lagmeter.c:42:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/netrek-client-cow-3.3.2/lagmeter.c:49:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%3d", (L_NMARKS - (i + 1)) * 10);
data/netrek-client-cow-3.3.2/litebitmaps.h:5:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char emph_planet_seq_bits[emph_planet_seq_frames][72] =
data/netrek-client-cow-3.3.2/litebitmaps.h:46:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char emph_player_seq_bits[emph_player_seq_frames][72] =
data/netrek-client-cow-3.3.2/litebitmaps.h:73:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char emph_player_seql_bits[emph_player_seql_frames][120] =
data/netrek-client-cow-3.3.2/local.c:180:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idbuf[10];
data/netrek-client-cow-3.3.2/macrowin.c:31:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char maclines[10][MAXMACRO];
data/netrek-client-cow-3.3.2/macrowin.c:78:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[3];
data/netrek-client-cow-3.3.2/macrowin.c:86:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "%c", distmacro[i].c);
data/netrek-client-cow-3.3.2/macrowin.c:88:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "^%c", distmacro[i].c - 96);
data/netrek-client-cow-3.3.2/macrowin.c:116:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char macromessage[MACROLEN];
data/netrek-client-cow-3.3.2/macrowin.c:145:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(macromessage, "%c ", macro[i].key);
data/netrek-client-cow-3.3.2/macrowin.c:147:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(macromessage, "^%c", macro[i].key - 96);
data/netrek-client-cow-3.3.2/macrowin.c:153:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(macromessage, " PL MS ");
data/netrek-client-cow-3.3.2/macrowin.c:156:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(macromessage, " TM MS ");
data/netrek-client-cow-3.3.2/macrowin.c:159:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(macromessage, " SELF ");
data/netrek-client-cow-3.3.2/macrowin.c:168:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(macromessage, " TEAM ");
data/netrek-client-cow-3.3.2/macrowin.c:171:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(macromessage, " ALL ");
data/netrek-client-cow-3.3.2/macrowin.c:174:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(macromessage, " FED ");
data/netrek-client-cow-3.3.2/macrowin.c:177:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(macromessage, " ROM ");
data/netrek-client-cow-3.3.2/macrowin.c:180:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(macromessage, " KLI ");
data/netrek-client-cow-3.3.2/macrowin.c:183:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(macromessage, " ORI ");
data/netrek-client-cow-3.3.2/macrowin.c:186:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(macromessage, " MOO ");
data/netrek-client-cow-3.3.2/macrowin.c:191:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(macromessage, " SHELL ");
data/netrek-client-cow-3.3.2/macrowin.c:197:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(macromessage, " SPEC ");
data/netrek-client-cow-3.3.2/macrowin.c:202:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(macromessage, " ---- ");
data/netrek-client-cow-3.3.2/main.c:35:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exptime[27];
data/netrek-client-cow-3.3.2/main.c:59:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char url[1024];
data/netrek-client-cow-3.3.2/main.c:137:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
xtrekPort = atoi(*argv);
data/netrek-client-cow-3.3.2/main.c:176:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
xtrekPort = atoi(*argv);
data/netrek-client-cow-3.3.2/main.c:205:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
xtrekPort = atoi(*argv);
data/netrek-client-cow-3.3.2/main.c:295:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((baseLocalPort = atoi(*argv)) == 0)
data/netrek-client-cow-3.3.2/main.c:314:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ghost_pno = atoi(*argv);
data/netrek-client-cow-3.3.2/main.c:402:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char webcall[1024];
data/netrek-client-cow-3.3.2/map.c:52:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static signed char roughMap[DETAIL][DETAIL];
data/netrek-client-cow-3.3.2/map.c:53:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static signed char roughMap2[DETAIL][DETAIL];
data/netrek-client-cow-3.3.2/map.c:67:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char redrawPlayer[MAXPLAYER];
data/netrek-client-cow-3.3.2/map.c:429:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char gu_text[80];
data/netrek-client-cow-3.3.2/map.c:469:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gu_text, "SAFE-IDLE ");
data/netrek-client-cow-3.3.2/map.c:473:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gu_text, "OBSERVE ");
data/netrek-client-cow-3.3.2/map.c:478:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gu_text, "PREGAME ");
data/netrek-client-cow-3.3.2/map.c:481:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gu_text, "PAUSED ");
data/netrek-client-cow-3.3.2/map.c:485:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gu_text, "DRAFTING ");
data/netrek-client-cow-3.3.2/map.c:490:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gu_text, "CONQUEST PARADE ");
data/netrek-client-cow-3.3.2/map.c:493:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gu_text, "PAUSED ");
data/netrek-client-cow-3.3.2/map.c:500:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[40];
data/netrek-client-cow-3.3.2/map.c:501:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d%c ", context->tournament_remain,
data/netrek-client-cow-3.3.2/map.c:536:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char lastUpdate[MAXPLAYER];
data/netrek-client-cow-3.3.2/mkcflags.c:31:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuff1[100], tbuff2[100];
data/netrek-client-cow-3.3.2/mkcflags.c:32:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pigcall[120];
data/netrek-client-cow-3.3.2/mkcflags.c:90:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "E%d", EXPIRE);
data/netrek-client-cow-3.3.2/mkkey.c:121:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rand_state1[256]; /* big honking state for random() */
data/netrek-client-cow-3.3.2/mkkey.c:122:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rand_state2[256]; /* even more big honking state for random() */
data/netrek-client-cow-3.3.2/mkkey.c:315:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char temp[SIZE];
data/netrek-client-cow-3.3.2/mkkey.c:418:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unencoded_dest[KEY_SIZE*2+1],
data/netrek-client-cow-3.3.2/mkkey.c:617:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/netrek-client-cow-3.3.2/mkkey.c:655:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(buf, "w");
data/netrek-client-cow-3.3.2/mkkey.c:800:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char temp[SIZE];
data/netrek-client-cow-3.3.2/mkkey.c:801:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char raw_global[SIZE], raw_private[SIZE], raw_public[SIZE];
data/netrek-client-cow-3.3.2/mkkey.c:809:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/netrek-client-cow-3.3.2/mkkey.c:861:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n_shells = atoi(argv[n+1]);
data/netrek-client-cow-3.3.2/mkkey.c:864:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
swap_steps = atoi(argv[n+1]);
data/netrek-client-cow-3.3.2/mkkey.c:873:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n_files = atoi(argv[n+1]);
data/netrek-client-cow-3.3.2/mkkey.c:1037:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fp = fopen(keydoth, "r");
data/netrek-client-cow-3.3.2/mkkey.c:1065:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fp = fopen(keycap, "r");
data/netrek-client-cow-3.3.2/mkkey.c:1111:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
keycapfp = fopen(key_name, "w");
data/netrek-client-cow-3.3.2/mkkey.c:1114:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, ".secret");
data/netrek-client-cow-3.3.2/mkkey.c:1115:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
skeycapfp = fopen(buf, "w");
data/netrek-client-cow-3.3.2/mkkey.c:1123:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
clientsfp = fopen(buf, "w");
data/netrek-client-cow-3.3.2/myf.c:17:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[101];
data/netrek-client-cow-3.3.2/netstat.c:43:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char nfthresh_s[8] = NETSTAT_DF_NFT_S;
data/netrek-client-cow-3.3.2/netstatopt.c:29:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ], *ns_get_nfthresh_s(void);
data/netrek-client-cow-3.3.2/netstatopt.c:41:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Reset network stats");
data/netrek-client-cow-3.3.2/netstatopt.c:45:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Total : %4.2f", ns_get_tstat());
data/netrek-client-cow-3.3.2/netstatopt.c:49:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "This ship : %4.2f", ns_get_lstat());
data/netrek-client-cow-3.3.2/netstatopt.c:53:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Network failures : %d", ns_get_nfailures());
data/netrek-client-cow-3.3.2/netstatopt.c:61:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Done");
data/netrek-client-cow-3.3.2/newwin.c:1286:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/netrek-client-cow-3.3.2/newwin.c:1473:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/netrek-client-cow-3.3.2/newwin.c:1485:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(buf, "%d", num);
data/netrek-client-cow-3.3.2/newwin.c:1513:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ], *cp;
data/netrek-client-cow-3.3.2/newwin.c:1533:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", (int) (max - time));
data/netrek-client-cow-3.3.2/oldbitmaps.h:33:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ex_bits[5][512] =
data/netrek-client-cow-3.3.2/oldbitmaps.h:363:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char plasmacloud_bits[5][26] =
data/netrek-client-cow-3.3.2/oldbitmaps.h:439:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cloud_bits[cloud_frames][8] =
data/netrek-client-cow-3.3.2/oldbitmaps.h:796:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char shield_bits[SHIELD_FRAMES][SHIELD_BYTE_SIZE] =
data/netrek-client-cow-3.3.2/option.c:32:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char newkeys[14];
data/netrek-client-cow-3.3.2/option.c:481:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/netrek-client-cow-3.3.2/option.c:513:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "Don't ");
data/netrek-client-cow-3.3.2/packets.h:276:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mesg[80];
data/netrek-client-cow-3.3.2/packets.h:293:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16];
data/netrek-client-cow-3.3.2/packets.h:294:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char monitor[16];
data/netrek-client-cow-3.3.2/packets.h:295:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char login[16];
data/netrek-client-cow-3.3.2/packets.h:429:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mesg[80];
data/netrek-client-cow-3.3.2/packets.h:576:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16];
data/netrek-client-cow-3.3.2/packets.h:577:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password[16];
data/netrek-client-cow-3.3.2/packets.h:578:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char login[16];
data/netrek-client-cow-3.3.2/packets.h:588:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keymap[96];
data/netrek-client-cow-3.3.2/packets.h:695:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[80];
data/netrek-client-cow-3.3.2/packets.h:712:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mesg[80];
data/netrek-client-cow-3.3.2/packets.h:739:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keymap[96];
data/netrek-client-cow-3.3.2/packets.h:791:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[16];
data/netrek-client-cow-3.3.2/packets.h:800:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[16];
data/netrek-client-cow-3.3.2/packets.h:801:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resp[16];
data/netrek-client-cow-3.3.2/packets.h:884:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16];
data/netrek-client-cow-3.3.2/packets.h:894:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[80];
data/netrek-client-cow-3.3.2/packets.h:904:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAME_LEN]; /* full rank name */
data/netrek-client-cow-3.3.2/packets.h:908:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cname[8]; /* short 'curt' rank name */
data/netrek-client-cow-3.3.2/packets.h:916:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad[2];
data/netrek-client-cow-3.3.2/packets.h:1006:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[KEY_SIZE];
data/netrek-client-cow-3.3.2/packets.h:1015:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char global[KEY_SIZE];
data/netrek-client-cow-3.3.2/packets.h:1016:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char public[KEY_SIZE];
data/netrek-client-cow-3.3.2/packets.h:1017:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char resp[KEY_SIZE];
data/netrek-client-cow-3.3.2/packets.h:1043:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_name[16];
data/netrek-client-cow-3.3.2/packets.h:1162:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[21]; /* For every torp 2*9 bit *
data/netrek-client-cow-3.3.2/packets.h:1176:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad[76];
data/netrek-client-cow-3.3.2/packets.h:1185:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mesg[80];
data/netrek-client-cow-3.3.2/packets.h:1239:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad[30];
data/netrek-client-cow-3.3.2/packets.h:1248:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad1[26];
data/netrek-client-cow-3.3.2/packets.h:1265:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad1[18];
data/netrek-client-cow-3.3.2/parsemeta.c:58:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[LINE]; /* host name or ip address of server */
data/netrek-client-cow-3.3.2/parsemeta.c:67:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[LINE];
data/netrek-client-cow-3.3.2/parsemeta.c:373:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
servers = atoi(p);
data/netrek-client-cow-3.3.2/parsemeta.c:400:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(p);
data/netrek-client-cow-3.3.2/parsemeta.c:404:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status = atoi(p);
data/netrek-client-cow-3.3.2/parsemeta.c:416:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
age = atoi(p);
data/netrek-client-cow-3.3.2/parsemeta.c:420:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
players = atoi(p);
data/netrek-client-cow-3.3.2/parsemeta.c:424:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
queue = atoi(p);
data/netrek-client-cow-3.3.2/parsemeta.c:540:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int port = atoi(p);
data/netrek-client-cow-3.3.2/parsemeta.c:544:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int players = atoi(p);
data/netrek-client-cow-3.3.2/parsemeta.c:588:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char packet[MAXMETABYTES]; /* buffer for packet returned by meta' */
data/netrek-client-cow-3.3.2/parsemeta.c:644:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cacheFileName[PATH_MAX];
data/netrek-client-cow-3.3.2/parsemeta.c:645:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpFileName[PATH_MAX];
data/netrek-client-cow-3.3.2/parsemeta.c:665:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cache = fopen(tmpFileName, "w");
data/netrek-client-cow-3.3.2/parsemeta.c:718:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cacheFileName[PATH_MAX];
data/netrek-client-cow-3.3.2/parsemeta.c:731:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cache = fopen(cacheFileName, "r");
data/netrek-client-cow-3.3.2/parsemeta.c:777:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&serverlist[j],&serverlist[j+1],sizeof(struct servers));
data/netrek-client-cow-3.3.2/parsemeta.c:811:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[LINE + 1];
data/netrek-client-cow-3.3.2/parsemeta.c:831:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " ");
data/netrek-client-cow-3.3.2/parsemeta.c:838:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " ");
data/netrek-client-cow-3.3.2/parsemeta.c:844:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "Paradise");
data/netrek-client-cow-3.3.2/parsemeta.c:847:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "Bronco ");
data/netrek-client-cow-3.3.2/parsemeta.c:850:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "Chaos ");
data/netrek-client-cow-3.3.2/parsemeta.c:853:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "INL ");
data/netrek-client-cow-3.3.2/parsemeta.c:856:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "Sturgeon");
data/netrek-client-cow-3.3.2/parsemeta.c:859:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "Hockey ");
data/netrek-client-cow-3.3.2/parsemeta.c:862:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "Dogfight");
data/netrek-client-cow-3.3.2/parsemeta.c:865:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "Unknown ");
data/netrek-client-cow-3.3.2/parsemeta.c:888:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " ");
data/netrek-client-cow-3.3.2/parsemeta.c:894:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "Cannot Start");
data/netrek-client-cow-3.3.2/parsemeta.c:900:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "Connect Fail");
data/netrek-client-cow-3.3.2/parsemeta.c:903:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "Login Fail");
data/netrek-client-cow-3.3.2/parsemeta.c:911:11: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "Unknown Response");
data/netrek-client-cow-3.3.2/parsemeta.c:928:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char add_buffer[LINE];
data/netrek-client-cow-3.3.2/parsemeta.c:939:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[LINE + 1];
data/netrek-client-cow-3.3.2/parsemeta.c:1141:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *args[16];
data/netrek-client-cow-3.3.2/parsemeta.c:1149:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port[32];
data/netrek-client-cow-3.3.2/parsemeta.c:1150:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(port, "%d", xtrekPort);
data/netrek-client-cow-3.3.2/pingstats.c:237:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[6];
data/netrek-client-cow-3.3.2/planetlist.c:11:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *teamname[9] =
data/netrek-client-cow-3.3.2/planetlist.c:32:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/netrek-client-cow-3.3.2/planetlist.c:36:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(buf, "Planet Name own armies REPAIR FUEL AGRI CORE info");
data/netrek-client-cow-3.3.2/playback.c:115:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char index_filename[FILENAME_MAX+1];
data/netrek-client-cow-3.3.2/playback.c:116:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char context_filename[FILENAME_MAX+1];
data/netrek-client-cow-3.3.2/playback.c:122:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(index_filename, ".idx");
data/netrek-client-cow-3.3.2/playback.c:123:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(context_filename, ".cxt");
data/netrek-client-cow-3.3.2/playback.c:138:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logFile = fopen(logFileName, "a");
data/netrek-client-cow-3.3.2/playback.c:167:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
recordFile = fopen(recordFileName, "rb");
data/netrek-client-cow-3.3.2/playback.c:178:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
recordIndexFile = fopen(index_filename, "r");
data/netrek-client-cow-3.3.2/playback.c:185:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
recordContextFile = fopen(context_filename, "rb");
data/netrek-client-cow-3.3.2/playback.c:198:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fopen(index_filename, "wb"))==NULL)
data/netrek-client-cow-3.3.2/playback.c:204:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fopen(context_filename, "wb"))==NULL)
data/netrek-client-cow-3.3.2/playback.c:274:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/netrek-client-cow-3.3.2/playback.c:276:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,
data/netrek-client-cow-3.3.2/playback.c:394:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char jump_str[JUMP_MAX] = "";
data/netrek-client-cow-3.3.2/playback.c:875:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE+1];
data/netrek-client-cow-3.3.2/playback.c:1222:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
numofkills = ((unsigned char *) packet)[1];
data/netrek-client-cow-3.3.2/playback.c:1226:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
id = ((unsigned char *) packet)[i*2+3] >> 2;
data/netrek-client-cow-3.3.2/playback.c:1316:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
id = ((unsigned char *)packet)[1] * 8;
data/netrek-client-cow-3.3.2/playback.c:1318:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
id = ((unsigned char *)packet)[2] * 8;
data/netrek-client-cow-3.3.2/playback.c:1343:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
numofplanets = ((unsigned char *)packet)[1];
data/netrek-client-cow-3.3.2/playback.c:1344:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ppacket = (struct planet_s_spacket *) &(((char *)packet)[2]);
data/netrek-client-cow-3.3.2/playback.c:1430:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, lastPos, sizeof(lastPos));
data/netrek-client-cow-3.3.2/playerlist.c:88:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char updatePlayer[MAXPLAYER + 1];
data/netrek-client-cow-3.3.2/playerlist.c:109:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *my_classes[NUM_TYPES] =
data/netrek-client-cow-3.3.2/playerlist.c:579:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[BUFSIZ];
data/netrek-client-cow-3.3.2/playerlist.c:735:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/netrek-client-cow-3.3.2/playerlist.h:42:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char updatePlayer[MAXPLAYER+1];
data/netrek-client-cow-3.3.2/ranklist.c:70:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/netrek-client-cow-3.3.2/ranklist.c:79:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, " Rank Hours Offense Ratings DI");
data/netrek-client-cow-3.3.2/ranklist.c:82:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%-11.11s %5.0f %8.2f %8.2f %7.2f",
data/netrek-client-cow-3.3.2/ranklist.c:89:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[35];
data/netrek-client-cow-3.3.2/ranklist.c:92:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf2, " (need %.2f DI)", DI);
data/netrek-client-cow-3.3.2/ranklist.c:95:11: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " (need ratings)");
data/netrek-client-cow-3.3.2/ranklist.c:103:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "To achieve a rank, you need the corresponding DI");
data/netrek-client-cow-3.3.2/ranklist.c:105:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "in less than the hours allowed (DI = ratings x hours).");
data/netrek-client-cow-3.3.2/ranklist.c:107:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "OR, get offense+bombing+planets above corresponding Ratings");
data/netrek-client-cow-3.3.2/ranklist.c:109:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "Promotions also occur at 2xDI with Ratings - 1");
data/netrek-client-cow-3.3.2/ranklist.c:111:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "4xDI with Ratings - 2, and 8xDI with Ratings - 3");
data/netrek-client-cow-3.3.2/redraw.c:138:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf1[80];
data/netrek-client-cow-3.3.2/redraw.c:139:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf2[80];
data/netrek-client-cow-3.3.2/redraw.c:354:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/netrek-client-cow-3.3.2/redraw.c:400:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,
data/netrek-client-cow-3.3.2/redraw.c:403:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,
data/netrek-client-cow-3.3.2/reserved.c:41:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char swap[16][16] =
data/netrek-client-cow-3.3.2/reserved.c:66:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/netrek-client-cow-3.3.2/senddist.c:90:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ebuf[200];
data/netrek-client-cow-3.3.2/senddist.c:92:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cry[MSG_LEN];
data/netrek-client-cow-3.3.2/senddist.c:142:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cry[MSG_LEN];
data/netrek-client-cow-3.3.2/short.c:294:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char Pdir[MAXPLAYER];
data/netrek-client-cow-3.3.2/short.c:303:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s_texte[256]; /* Better with a malloc *
data/netrek-client-cow-3.3.2/short.c:311:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *shiptype[NUM_TYPES] =
data/netrek-client-cow-3.3.2/short.c:916:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/netrek-client-cow-3.3.2/short.c:917:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrbuf[9];
data/netrek-client-cow-3.3.2/short.c:925:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(addrbuf, "GOD->");
data/netrek-client-cow-3.3.2/short.c:928:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(addrbuf, " %c%c->", teamlet[players[packet->m_from].p_team],
data/netrek-client-cow-3.3.2/short.c:935:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(addrbuf + 5, "ALL");
data/netrek-client-cow-3.3.2/short.c:942:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(addrbuf + 5, "%c%c ", teamlet[players[packet->m_recpt].p_team],
data/netrek-client-cow-3.3.2/short.c:946:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(addrbuf + 5, "ALL");
data/netrek-client-cow-3.3.2/short.c:1337:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/netrek-client-cow-3.3.2/short.c:1350:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char killmess[20];
data/netrek-client-cow-3.3.2/short.c:1370:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char phstatmsg[30];
data/netrek-client-cow-3.3.2/short.c:1400:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Weapons Officer: Bombing is ineffective. Only %d armies are defending.",
data/netrek-client-cow-3.3.2/short.c:1417:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Beaming up. (%d/%d)", (unsigned char) packet->argument, (unsigned char) packet->argument2);
data/netrek-client-cow-3.3.2/short.c:1524:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(killmess, "NO CREDIT");
data/netrek-client-cow-3.3.2/short.c:1526:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(killmess, "%0.2f", kills);
data/netrek-client-cow-3.3.2/short.c:1647:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[80];
data/netrek-client-cow-3.3.2/short.c:1680:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[80];
data/netrek-client-cow-3.3.2/short.c:1715:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[80];
data/netrek-client-cow-3.3.2/short.c:1777:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "+%d", arg3);
data/netrek-client-cow-3.3.2/short.c:1862:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg.mesg, " Game will resume in %d seconds", (unsigned char) packet->argument);
data/netrek-client-cow-3.3.2/short.c:1921:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[256];
data/netrek-client-cow-3.3.2/smessage.c:27:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/netrek-client-cow-3.3.2/smessage.c:29:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mbuf[80];
data/netrek-client-cow-3.3.2/smessage.c:103:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char twochar[2];
data/netrek-client-cow-3.3.2/smessage.c:327:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newbuf[100];
data/netrek-client-cow-3.3.2/smessage.c:452:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char addrmesg[ADDRLEN];
data/netrek-client-cow-3.3.2/smessage.c:454:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(addrmesg, " %c%c->", teamlet[me->p_team], shipnos[me->p_no]);
data/netrek-client-cow-3.3.2/smessage.c:458:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(&addrmesg[5], "ALL");
data/netrek-client-cow-3.3.2/smessage.c:466:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(&addrmesg[5], "?? ");
data/netrek-client-cow-3.3.2/smessage.c:472:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(&addrmesg[5], "%c%c ",
data/netrek-client-cow-3.3.2/smessage.c:478:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(&addrmesg[5], "GOD");
data/netrek-client-cow-3.3.2/smessage.c:483:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(addrmesg, "COW: sh>");
data/netrek-client-cow-3.3.2/smessage.c:488:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(&addrmesg[5], "MOO");
data/netrek-client-cow-3.3.2/smessage.c:517:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char twochar[2] =
data/netrek-client-cow-3.3.2/socket.c:185:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char numofbits[256] =
data/netrek-client-cow-3.3.2/socket.c:459:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/netrek-client-cow-3.3.2/socket.c:1569:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pl->p_ship, &me->p_ship, sizeof(struct ship));
data/netrek-client-cow-3.3.2/socket.c:1570:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pl->p_stats, &me->p_stats, sizeof(struct stats));
data/netrek-client-cow-3.3.2/socket.c:1571:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pl, me, sizeof(struct player));
data/netrek-client-cow-3.3.2/sound.c:160:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sound_prefix[PATH_MAX];
data/netrek-client-cow-3.3.2/sound.c:808:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd=open(name, O_RDONLY)) < 0) {
data/netrek-client-cow-3.3.2/sound.c:881:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[PATH_MAX];
data/netrek-client-cow-3.3.2/sound.c:962:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX];
data/netrek-client-cow-3.3.2/sound.c:1069:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int vol = atoi(getdefault("soundvol"));
data/netrek-client-cow-3.3.2/sound.c:1095:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "/nt_intro");
data/netrek-client-cow-3.3.2/sound.c:1187:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX];
data/netrek-client-cow-3.3.2/sound.c:1282:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200], *flag;
data/netrek-client-cow-3.3.2/spopt.c:36:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/netrek-client-cow-3.3.2/spopt.c:58:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Done");
data/netrek-client-cow-3.3.2/struct.h:18:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cclist[6]; /* allow us some day to cc a
data/netrek-client-cow-3.3.2/struct.h:22:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char preappend[80]; /* text which we pre or append */
data/netrek-client-cow-3.3.2/struct.h:222:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char st_keymap[480]; /* keymap for this player */
data/netrek-client-cow-3.3.2/struct.h:224:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char st_keymap[96]; /* keymap for this player */
data/netrek-client-cow-3.3.2/struct.h:243:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p_name[16];
data/netrek-client-cow-3.3.2/struct.h:244:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p_login[16];
data/netrek-client-cow-3.3.2/struct.h:245:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p_monitor[16]; /* Monitor being played on */
data/netrek-client-cow-3.3.2/struct.h:246:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p_mapchars[2]; /* Cache for map window
data/netrek-client-cow-3.3.2/struct.h:315:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16], password[16];
data/netrek-client-cow-3.3.2/struct.h:386:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char client_type[KEY_SIZE];
data/netrek-client-cow-3.3.2/struct.h:387:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char architecture[KEY_SIZE];
data/netrek-client-cow-3.3.2/struct.h:388:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char global[KEY_SIZE];
data/netrek-client-cow-3.3.2/struct.h:389:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char public[KEY_SIZE];
data/netrek-client-cow-3.3.2/struct.h:418:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pl_name[16];
data/netrek-client-cow-3.3.2/struct.h:521:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_data[80];
data/netrek-client-cow-3.3.2/struct.h:613:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *item[3];
data/netrek-client-cow-3.3.2/tngbitmaps.h:6:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tng_fed_scout_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/tngbitmaps.h:92:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tng_fed_cruiser_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/tngbitmaps.h:159:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tng_fed_battleship_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/tngbitmaps.h:245:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tng_fed_assault_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/tngbitmaps.h:331:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tng_fed_destroyer_bits[VIEWS][60] =
data/netrek-client-cow-3.3.2/tools.c:29:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pipebuf[100];
data/netrek-client-cow-3.3.2/udpopt.c:36:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/netrek-client-cow-3.3.2/udpopt.c:45:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "> Status: ");
data/netrek-client-cow-3.3.2/udpopt.c:49:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "Connected, yay us!");
data/netrek-client-cow-3.3.2/udpopt.c:52:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "Requesting switch to UDP");
data/netrek-client-cow-3.3.2/udpopt.c:55:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "Requesting switch to TCP");
data/netrek-client-cow-3.3.2/udpopt.c:58:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "Verifying UDP connection");
data/netrek-client-cow-3.3.2/udpopt.c:66:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "> UDP trans dropped: %d (%d%% | %d%%)", udpDropped,
data/netrek-client-cow-3.3.2/udpopt.c:75:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Debugging info is ");
data/netrek-client-cow-3.3.2/udpopt.c:79:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "OFF");
data/netrek-client-cow-3.3.2/udpopt.c:82:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "ON (connect msgs only)");
data/netrek-client-cow-3.3.2/udpopt.c:85:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "ON (verbose output)");
data/netrek-client-cow-3.3.2/udpopt.c:90:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Sending with ");
data/netrek-client-cow-3.3.2/udpopt.c:94:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "TCP only");
data/netrek-client-cow-3.3.2/udpopt.c:97:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "simple UDP");
data/netrek-client-cow-3.3.2/udpopt.c:100:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "enforced UDP (state only)");
data/netrek-client-cow-3.3.2/udpopt.c:103:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "enforced UDP (state & weap)");
data/netrek-client-cow-3.3.2/udpopt.c:108:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Receiving with ");
data/netrek-client-cow-3.3.2/udpopt.c:112:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "TCP only");
data/netrek-client-cow-3.3.2/udpopt.c:115:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "simple UDP");
data/netrek-client-cow-3.3.2/udpopt.c:118:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "fat UDP");
data/netrek-client-cow-3.3.2/udpopt.c:123:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "double UDP");
data/netrek-client-cow-3.3.2/udpopt.c:129:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Force reset to TCP");
data/netrek-client-cow-3.3.2/udpopt.c:132:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Request full update (=)");
data/netrek-client-cow-3.3.2/udpopt.c:143:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "Done");
data/netrek-client-cow-3.3.2/war.c:58:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/netrek-client-cow-3.3.2/warning.c:21:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newtext[128];
data/netrek-client-cow-3.3.2/warning.c:55:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(newtext, "%.100s %02d:%02d:%02d",
data/netrek-client-cow-3.3.2/warning.c:58:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(newtext, "%.100s %02d:%02d:%02d", text, tm->tm_hour,
data/netrek-client-cow-3.3.2/wsl.c:31:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[PATH_MAX];
data/netrek-client-cow-3.3.2/wsl.c:50:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname2[PATH_MAX];
data/netrek-client-cow-3.3.2/wsl.c:56:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(fname2, ".wav");
data/netrek-client-cow-3.3.2/wsl.c:294:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&lastfmt, &snd->fmt, sizeof(PCMWAVEFORMAT));
data/netrek-client-cow-3.3.2/wsl.c:303:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&lastfmt, &snd->fmt, sizeof(PCMWAVEFORMAT));
data/netrek-client-cow-3.3.2/x11sprite.c:79:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char teamnames[NUMTEAM + 1][4] =
data/netrek-client-cow-3.3.2/x11sprite.c:82:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char mplanetfiles[NUM_PL_IMGS][12] =
data/netrek-client-cow-3.3.2/x11sprite.c:95:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char shipfiles[NUM_TYPES][8] =
data/netrek-client-cow-3.3.2/x11sprite.c:105:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char torpfiles[2][14] =
data/netrek-client-cow-3.3.2/x11sprite.c:107:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char plasmafiles[2][16] =
data/netrek-client-cow-3.3.2/x11sprite.c:109:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char cloakfile[10] = "cloak.png";
data/netrek-client-cow-3.3.2/x11sprite.c:110:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char explosionfiles[2][18] =
data/netrek-client-cow-3.3.2/x11sprite.c:112:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char bgfiles[NUM_BG_IMGS][16] =
data/netrek-client-cow-3.3.2/x11sprite.c:205:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pixmapDir[1024] = { '\0' };
data/netrek-client-cow-3.3.2/x11sprite.c:217:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pixmapDir, "/usr/share/pixmaps/netrek-client-cow");
data/netrek-client-cow-3.3.2/x11sprite.c:235:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pixmapDir, "pixmaps");
data/netrek-client-cow-3.3.2/x11sprite.c:244:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/netrek-client-cow-3.3.2/x11sprite.c:764:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *path, *argv[2];
data/netrek-client-cow-3.3.2/x11window.c:245:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[MAX_TEXT_WIDTH];
data/netrek-client-cow-3.3.2/x11window.c:637:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char defaultstring[100];
data/netrek-client-cow-3.3.2/x11window.c:977:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(title_buff, "Motd-[f]forward, [b]back, [space]unmap");
data/netrek-client-cow-3.3.2/x11window.c:2731:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mask_path[512];
data/netrek-client-cow-3.3.2/x11window.c:2734:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(mask_path, ".mask");
data/netrek-client-cow-3.3.2/x11window.c:2811:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mask_path[512];
data/netrek-client-cow-3.3.2/x11window.c:2814:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(mask_path, ".mask");
data/netrek-client-cow-3.3.2/x11window.c:2869:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mask_path[512];
data/netrek-client-cow-3.3.2/x11window.c:2872:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(mask_path, ".mask");
data/netrek-client-cow-3.3.2/x11window.c:3222:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80], *geom_default;
data/netrek-client-cow-3.3.2/x11window.c:3235:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/netrek-client-cow-3.3.2/x11window.c:3266:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/netrek-client-cow-3.3.2/x11window.c:3274:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/netrek-client-cow-3.3.2/x11window.c:3405:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
free((char *) items[i].string);
data/netrek-client-cow-3.3.2/censor.c:43:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, wordLen = strlen(word);
data/netrek-client-cow-3.3.2/censor.c:65:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, j, wordLen = strlen(word), textLen = strlen(text);
data/netrek-client-cow-3.3.2/censor.c:65:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, j, wordLen = strlen(word), textLen = strlen(text);
data/netrek-client-cow-3.3.2/censor.c:82:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, j, t = strlen(text) - 1;
data/netrek-client-cow-3.3.2/censor.c:96:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (wordEnd = j + strlen(curseWords[i].badWord) - 1; wordEnd < t; wordEnd++)
data/netrek-client-cow-3.3.2/check.c:88:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((cc = read(sock, buf, BUF_SIZE)) > 0)
data/netrek-client-cow-3.3.2/cowmain.c:383:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(homedot, "/");
data/netrek-client-cow-3.3.2/cowmain.c:422:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf) - 1] = '\0'; /* strip the trailing '\n' */
data/netrek-client-cow-3.3.2/cowmain.c:437:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gateway = (char *) malloc(strlen(buf) + 1);
data/netrek-client-cow-3.3.2/cowmain.c:810:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(tstatw, 50, 27, textColor, buf, strlen(buf), W_RegularFont);
data/netrek-client-cow-3.3.2/dashboard.c:204:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(tstatw, 386, 17, textColor, buf, strlen(buf), W_RegularFont);
data/netrek-client-cow-3.3.2/death.c:105:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(warnw, 5, 5, W_Green, deathmessage, strlen(deathmessage),
data/netrek-client-cow-3.3.2/death.c:107:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
warncount = strlen(deathmessage);
data/netrek-client-cow-3.3.2/death.c:116:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(warnw, 5, 5, W_Green, deathmessage, strlen(deathmessage),
data/netrek-client-cow-3.3.2/death.c:118:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
warncount = strlen(deathmessage);
data/netrek-client-cow-3.3.2/death.c:212:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(messagew, 5, 5, W_Yellow, deathmessage, strlen(deathmessage),
data/netrek-client-cow-3.3.2/death.c:242:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(messagew, 5, 5, W_Yellow, deathmessage, strlen(deathmessage),
data/netrek-client-cow-3.3.2/defaults.c:133:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
file[strlen(file) - 1] = 0;
data/netrek-client-cow-3.3.2/defaults.c:353:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((keycnt = strlen((char *) keys)) == MAX_KEY - 1)
data/netrek-client-cow-3.3.2/defaults.c:429:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stop = strlen(str1);
data/netrek-client-cow-3.3.2/defaults.c:430:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (stop > strlen(str2))
data/netrek-client-cow-3.3.2/defaults.c:432:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (stop < strlen(str2))
data/netrek-client-cow-3.3.2/defaults.c:460:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stop = strlen(str1);
data/netrek-client-cow-3.3.2/defaults.c:468:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (stop > strlen(str2))
data/netrek-client-cow-3.3.2/defaults.c:834:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (strlen (found) > 0) && (accessible == 0) )\
data/netrek-client-cow-3.3.2/defaults.c:842:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (strlen (found) > 0) && (accessible == 0) )\
data/netrek-client-cow-3.3.2/defaults.c:858:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(fname) > 0) && (accessible == 0))
data/netrek-client-cow-3.3.2/defaults.c:868:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(home);
data/netrek-client-cow-3.3.2/defaults.c:888:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(home);
data/netrek-client-cow-3.3.2/defwin.c:881:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(defWin, x, y, W_Yellow, d->name, strlen(d->name),
data/netrek-client-cow-3.3.2/defwin.c:885:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(defWin, x, y, textColor, d->desc, strlen(d->desc),
data/netrek-client-cow-3.3.2/defwin.c:887:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(d->desc) > max_desc)
data/netrek-client-cow-3.3.2/defwin.c:889:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max_desc = strlen(d->desc);
data/netrek-client-cow-3.3.2/defwin.c:904:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(defWin, x, y, W_Green, val, strlen(val),
data/netrek-client-cow-3.3.2/defwin.c:916:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(defWin, x, y, W_Green, val, strlen(val),
data/netrek-client-cow-3.3.2/defwin.c:925:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(defWin, x, y, textColor, val, strlen(val),
data/netrek-client-cow-3.3.2/defwin.c:929:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(d->values[j].desc), W_RegularFont);
data/netrek-client-cow-3.3.2/defwin.c:936:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(defWin, x, y, W_Green, val, strlen(val),
data/netrek-client-cow-3.3.2/defwin.c:950:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(*((char **) d->variable)),
data/netrek-client-cow-3.3.2/distress.c:198:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buf, dist->preappend, MSG_LEN - len); /* false sense of * *
data/netrek-client-cow-3.3.2/dmessage.c:55:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(message);
data/netrek-client-cow-3.3.2/dmessage.c:265:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(string2);
data/netrek-client-cow-3.3.2/docwin.c:52:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(buf);
data/netrek-client-cow-3.3.2/docwin.c:61:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(buf);
data/netrek-client-cow-3.3.2/docwin.c:112:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(data->data), font);
data/netrek-client-cow-3.3.2/docwin.c:152:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (line[strlen(line) - 1] == '\n')
data/netrek-client-cow-3.3.2/docwin.c:153:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[strlen(line) - 1] = '\0';
data/netrek-client-cow-3.3.2/docwin.c:175:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(line); i++)
data/netrek-client-cow-3.3.2/docwin.c:179:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp->data = (char *) malloc(strlen(line) + 1);
data/netrek-client-cow-3.3.2/docwin.c:219:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(buf);
data/netrek-client-cow-3.3.2/docwin.c:224:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(buf);
data/netrek-client-cow-3.3.2/docwin.c:275:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(data->data), font);
data/netrek-client-cow-3.3.2/docwin.c:318:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (line[strlen(line) - 1] == '\n')
data/netrek-client-cow-3.3.2/docwin.c:319:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[strlen(line) - 1] = '\0';
data/netrek-client-cow-3.3.2/docwin.c:329:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(line); i++)
data/netrek-client-cow-3.3.2/docwin.c:333:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp->data = (char *) malloc(strlen(line) + 1);
data/netrek-client-cow-3.3.2/enter.c:112:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(tstatw, 50, 5, textColor, buf, strlen(buf), W_RegularFont);
data/netrek-client-cow-3.3.2/enter.c:119:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(tstatw, 50, 27, textColor, buf, strlen(buf), W_RegularFont);
data/netrek-client-cow-3.3.2/feature.c:140:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(toolsWin, 0, 0, textColor, buf, strlen(buf), W_RegularFont);
data/netrek-client-cow-3.3.2/feature.c:244:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(toolsWin, 0, 0, textColor, buf, strlen(buf), W_RegularFont);
data/netrek-client-cow-3.3.2/findslot.c:45:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return WQ_W / 6 - BM - strlen(s) * W_Textwidth / 2;
data/netrek-client-cow-3.3.2/findslot.c:54:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(w, 10, 10, textColor, buf, strlen(buf), W_RegularFont);
data/netrek-client-cow-3.3.2/findslot.c:62:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(w, xc(s), 25, textColor, s, strlen(s), W_RegularFont);
data/netrek-client-cow-3.3.2/findslot.c:72:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(cw, xc(s1), 5, textColor, s1, strlen(s1), W_RegularFont);
data/netrek-client-cow-3.3.2/findslot.c:73:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(cw, xc(s2), 15, textColor, s2, strlen(s2), W_RegularFont);
data/netrek-client-cow-3.3.2/findslot.c:76:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(cw, xc(buf), 35, textColor, buf, strlen(buf), W_RegularFont);
data/netrek-client-cow-3.3.2/findslot.c:89:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(w, xc(s1), 20, textColor, s1, strlen(s1), W_RegularFont);
data/netrek-client-cow-3.3.2/findslot.c:90:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(w, xc(s2), 30, textColor, s2, strlen(s2), W_RegularFont);
data/netrek-client-cow-3.3.2/getname.c:66:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(password);
data/netrek-client-cow-3.3.2/getname.c:67:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len > strlen(buf))
data/netrek-client-cow-3.3.2/getname.c:68:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/netrek-client-cow-3.3.2/getname.c:119:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"What is your name? : %s%s", strlen(n_buf) == 0 ? n_def : n_buf, pad);
data/netrek-client-cow-3.3.2/getname.c:207:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(w, X_L, 130, W_Red, err, strlen(err), W_BoldFont);
data/netrek-client-cow-3.3.2/getname.c:215:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strLen = strlen(str);
data/netrek-client-cow-3.3.2/helpwin.c:176:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
helpmessage, strlen(helpmessage), W_RegularFont);
data/netrek-client-cow-3.3.2/helpwin.c:206:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(helpmessage) < 6)
data/netrek-client-cow-3.3.2/inform.c:84:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(infow, W_Textwidth, W_Textheight * line++, playerColor(j), buf, strlen(buf), shipFont(j));
data/netrek-client-cow-3.3.2/inform.c:86:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(infow, W_Textwidth, W_Textheight * line++, playerColor(j), buf, strlen(buf),
data/netrek-client-cow-3.3.2/inform.c:90:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(infow, W_Textwidth, W_Textheight * line++, playerColor(j), buf, strlen(buf),
data/netrek-client-cow-3.3.2/inform.c:93:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(infow, W_Textwidth, W_Textheight * line++, playerColor(j), buf, strlen(buf),
data/netrek-client-cow-3.3.2/inform.c:107:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf, strlen(buf), W_RegularFont);
data/netrek-client-cow-3.3.2/inform.c:121:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(infow, W_Textwidth, W_Textheight * line++, playerColor(j), buf, strlen(buf), shipFont(j));
data/netrek-client-cow-3.3.2/inform.c:123:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(infow, W_Textwidth, W_Textheight * line++, playerColor(j), buf, strlen(buf),
data/netrek-client-cow-3.3.2/inform.c:126:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(infow, W_Textwidth, W_Textheight * line++, playerColor(j), buf, strlen(buf),
data/netrek-client-cow-3.3.2/inform.c:129:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(infow, W_Textwidth, W_Textheight * line++, playerColor(j), buf, strlen(buf),
data/netrek-client-cow-3.3.2/inform.c:135:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(infow, W_Textwidth, W_Textheight * line++, playerColor(j), buf, strlen(buf),
data/netrek-client-cow-3.3.2/inform.c:141:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(infow, W_Textwidth, W_Textheight * line++, playerColor(j), buf, strlen(buf),
data/netrek-client-cow-3.3.2/inform.c:160:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(infow, W_Textwidth, W_Textheight * line++, playerColor(j), buf, strlen(buf),
data/netrek-client-cow-3.3.2/inform.c:179:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(infow, W_Textwidth, W_Textheight * line++, playerColor(j), buf, strlen(buf),
data/netrek-client-cow-3.3.2/inform.c:189:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(infow, W_Textwidth, W_Textheight * line++, playerColor(j), buf, strlen(buf),
data/netrek-client-cow-3.3.2/inform.c:201:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(infow, W_Textwidth, W_Textheight * line++, playerColor(j), buf, strlen(buf),
data/netrek-client-cow-3.3.2/inform.c:226:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(infow, W_Textwidth, W_Textheight * line++, planetColor(k), buf, strlen(buf),
data/netrek-client-cow-3.3.2/inform.c:229:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(infow, W_Textwidth, W_Textheight * line++, planetColor(k), buf, strlen(buf),
data/netrek-client-cow-3.3.2/inform.c:240:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(infow, W_Textwidth, W_Textheight * line++, planetColor(k), buf, strlen(buf),
data/netrek-client-cow-3.3.2/inform.c:246:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(infow, W_Textwidth, W_Textheight * line++, planetColor(k), buf, strlen(buf),
data/netrek-client-cow-3.3.2/inform.c:249:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(infow, W_Textwidth, W_Textheight * line++, planetColor(k), buf, strlen(buf),
data/netrek-client-cow-3.3.2/input.c:407:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen((char *)str) == 1)
data/netrek-client-cow-3.3.2/input.c:1652:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(defaultsFile) > 0)
data/netrek-client-cow-3.3.2/lagmeter.c:53:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
textColor, buf, strlen(buf), W_RegularFont);
data/netrek-client-cow-3.3.2/macrowin.c:43:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) <= MAXMACRO)
data/netrek-client-cow-3.3.2/macrowin.c:54:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (end > strlen(temp))
data/netrek-client-cow-3.3.2/macrowin.c:93:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(maclines[0]), W_RegularFont);
data/netrek-client-cow-3.3.2/macrowin.c:102:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(maclines[c]), W_RegularFont);
data/netrek-client-cow-3.3.2/macrowin.c:124:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
macromessage, strlen(macromessage), W_RegularFont);
data/netrek-client-cow-3.3.2/macrowin.c:130:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
macromessage, strlen(macromessage), W_RegularFont);
data/netrek-client-cow-3.3.2/macrowin.c:209:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
macromessage, strlen(macromessage), W_RegularFont);
data/netrek-client-cow-3.3.2/map.c:467:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(gu_text, " ");
data/netrek-client-cow-3.3.2/map.c:508:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gu_length = strlen(gu_text);
data/netrek-client-cow-3.3.2/mkcflags.c:70:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (pigcall, "R");
data/netrek-client-cow-3.3.2/mkcflags.c:74:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (pigcall, "M");
data/netrek-client-cow-3.3.2/mkcflags.c:78:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (pigcall, "D");
data/netrek-client-cow-3.3.2/mkcflags.c:82:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (pigcall, "C");
data/netrek-client-cow-3.3.2/mkcflags.c:86:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (pigcall, "S");
data/netrek-client-cow-3.3.2/mkcflags.c:95:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (pigcall, "A");
data/netrek-client-cow-3.3.2/mkcflags.c:99:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (pigcall, "m");
data/netrek-client-cow-3.3.2/mkcflags.c:103:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (pigcall, "T");
data/netrek-client-cow-3.3.2/mkcflags.c:107:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (pigcall, "s");
data/netrek-client-cow-3.3.2/mkcflags.c:111:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (pigcall, "r");
data/netrek-client-cow-3.3.2/mkcflags.c:114:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (pigcall, "P");
data/netrek-client-cow-3.3.2/mkkey.c:380:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest, src, l);
data/netrek-client-cow-3.3.2/mkkey.c:399:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(field);
data/netrek-client-cow-3.3.2/mkkey.c:401:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest, s, l);
data/netrek-client-cow-3.3.2/netstatopt.c:65:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(netstatWin, 0, i, color, buf, strlen(buf), 0);
data/netrek-client-cow-3.3.2/netstatopt.c:113:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(cp);
data/netrek-client-cow-3.3.2/netstatopt.c:129:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(cp);
data/netrek-client-cow-3.3.2/newwin.c:1248:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) < 60)
data/netrek-client-cow-3.3.2/newwin.c:1273:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int length = strlen(text);
data/netrek-client-cow-3.3.2/newwin.c:1289:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(buf);
data/netrek-client-cow-3.3.2/newwin.c:1335:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(data->data), W_BoldFont);
data/netrek-client-cow-3.3.2/newwin.c:1340:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(data->data), W_RegularFont);
data/netrek-client-cow-3.3.2/newwin.c:1370:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(msg), W_RegularFont);
data/netrek-client-cow-3.3.2/newwin.c:1379:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(data->data) - 1, W_BoldFont);
data/netrek-client-cow-3.3.2/newwin.c:1382:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(data->data), W_RegularFont);
data/netrek-client-cow-3.3.2/newwin.c:1484:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(teams[teamNo]), W_RegularFont);
data/netrek-client-cow-3.3.2/newwin.c:1486:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_MaskText(win, 5, 46, shipCol[teamNo + 1], buf, strlen(buf),
data/netrek-client-cow-3.3.2/newwin.c:1494:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int tx = W_WindowWidth(qwin) / 2 - W_Textwidth * strlen(msg) / 2;
data/netrek-client-cow-3.3.2/newwin.c:1534:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tx = cx - W_Textwidth * strlen(buf) / 2;
data/netrek-client-cow-3.3.2/newwin.c:1536:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(qwin, tx, ty, textColor, buf, strlen(buf), W_RegularFont);
data/netrek-client-cow-3.3.2/newwin.c:1539:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tx = cx - W_Textwidth * strlen(cp) / 2;
data/netrek-client-cow-3.3.2/newwin.c:1541:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(qwin, tx, ty, textColor, cp, strlen(cp), W_RegularFont);
data/netrek-client-cow-3.3.2/option.c:522:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(optionWin, 0, op->op_num, textColor, buf, strlen(buf), 0);
data/netrek-client-cow-3.3.2/option.c:559:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(cp);
data/netrek-client-cow-3.3.2/option.c:569:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(cp);
data/netrek-client-cow-3.3.2/option.c:592:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(cp);
data/netrek-client-cow-3.3.2/parsemeta.c:39:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define read(f,b,l) recv(f,b,l,0)
data/netrek-client-cow-3.3.2/parsemeta.c:182:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(line);
data/netrek-client-cow-3.3.2/parsemeta.c:258:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
reqlen = strlen(req);
data/netrek-client-cow-3.3.2/parsemeta.c:457:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sp->address,host,LINE);
data/netrek-client-cow-3.3.2/parsemeta.c:501:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(sp->comment, "");
data/netrek-client-cow-3.3.2/parsemeta.c:530:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(comment) > LINE) comment[LINE] = '\0';
data/netrek-client-cow-3.3.2/parsemeta.c:561:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sp->address, host, LINE);
data/netrek-client-cow-3.3.2/parsemeta.c:574:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sp->comment, comment, LINE);
data/netrek-client-cow-3.3.2/parsemeta.c:656:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(cacheFileName);
data/netrek-client-cow-3.3.2/parsemeta.c:824:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(sp->comment) > 0 ? sp->comment : sp->address);
data/netrek-client-cow-3.3.2/parsemeta.c:829:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buf + strlen(buf), sp->players, "################");
data/netrek-client-cow-3.3.2/parsemeta.c:830:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buf + strlen(buf), 17 - sp->players, " ");
data/netrek-client-cow-3.3.2/parsemeta.c:834:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buf + strlen(buf), 16, "################ Q%2d", sp->players);
data/netrek-client-cow-3.3.2/parsemeta.c:837:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buf + strlen(buf), 16, "%-16s", statusStrings[sp->status]);
data/netrek-client-cow-3.3.2/parsemeta.c:885:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(buf + strlen(buf), " %4d%s", age, units);
data/netrek-client-cow-3.3.2/parsemeta.c:952:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sp->address, add_buffer, LINE);
data/netrek-client-cow-3.3.2/parsemeta.c:961:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sp->comment, add_buffer, LINE);
data/netrek-client-cow-3.3.2/pingstats.c:127:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sliders[i].label_length = strlen(sliders[i].label);
data/netrek-client-cow-3.3.2/planetlist.c:37:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(planetw, 2, 1, textColor, buf, strlen(buf), W_RegularFont);
data/netrek-client-cow-3.3.2/planetlist.c:55:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(planetw, 2, k++, planetColor(j), buf, strlen(buf),
data/netrek-client-cow-3.3.2/planetlist.c:62:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(planetw, 2, k++, unColor, buf, strlen(buf),
data/netrek-client-cow-3.3.2/playback.c:118:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(index_filename, recordFileName, FILENAME_MAX-4);
data/netrek-client-cow-3.3.2/playback.c:119:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(context_filename, recordFileName, FILENAME_MAX-4);
data/netrek-client-cow-3.3.2/playback.c:279:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(tstatw, 50, 27, textColor, buf, strlen(buf), W_RegularFont);
data/netrek-client-cow-3.3.2/playback.c:385:25: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
if (!pb_stepping) usleep(pbdelay);
data/netrek-client-cow-3.3.2/ranklist.c:80:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(rankw, 1, 1, col, buf, strlen(buf), W_BoldFont);
data/netrek-client-cow-3.3.2/ranklist.c:98:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(rankw, 1, i + 2, W_Cyan, buf, strlen(buf), W_BoldFont);
data/netrek-client-cow-3.3.2/ranklist.c:100:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(rankw, 1, i + 2, col, buf, strlen(buf), W_RegularFont);
data/netrek-client-cow-3.3.2/ranklist.c:104:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(rankw, 1, i + 3, col, buf, strlen (buf), W_RegularFont);
data/netrek-client-cow-3.3.2/ranklist.c:106:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(rankw, 1, i + 4, col, buf, strlen (buf), W_RegularFont);
data/netrek-client-cow-3.3.2/ranklist.c:108:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(rankw, 1, i + 5, col, buf, strlen (buf), W_RegularFont);
data/netrek-client-cow-3.3.2/ranklist.c:110:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(rankw, 1, i + 6, col, buf, strlen (buf), W_RegularFont);
data/netrek-client-cow-3.3.2/ranklist.c:112:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(rankw, 1, i + 7, col, buf, strlen (buf), W_RegularFont);
data/netrek-client-cow-3.3.2/redraw.c:402:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(tstatw, 50, 5, textColor, buf, strlen(buf), W_RegularFont);
data/netrek-client-cow-3.3.2/redraw.c:410:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(tstatw, 50, 27, textColor, buf, strlen(buf), W_RegularFont);
data/netrek-client-cow-3.3.2/short.c:920:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("Length of Message is: %zd total Size %d \n", strlen(&packet->mesg), (int) packet->length);
data/netrek-client-cow-3.3.2/short.c:1774:2: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(buf, "");
data/netrek-client-cow-3.3.2/smessage.c:42:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(outmessage);
data/netrek-client-cow-3.3.2/smessage.c:150:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (strlen(outmessage) < ADDRLEN)
data/netrek-client-cow-3.3.2/smessage.c:152:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(outmessage, " ");
data/netrek-client-cow-3.3.2/smessage.c:154:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(outmessage, "_");
data/netrek-client-cow-3.3.2/smessage.c:331:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(lastMessage, str, 79);
data/netrek-client-cow-3.3.2/socket.c:63:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define read(f,b,l) recv(f,b,l,0)
data/netrek-client-cow-3.3.2/socket.c:793:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
serverName = (char *) malloc(strlen(hp->h_name) + 1);
data/netrek-client-cow-3.3.2/socket.c:799:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
serverName = (char *) malloc(strlen(inet_ntoa(addr.sin_addr)) + 1);
data/netrek-client-cow-3.3.2/socket.c:920:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((n = read(s, buf, count)) <= 0)
data/netrek-client-cow-3.3.2/socket.c:1181:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
count = read(asock, buf, BUFSIZE);
data/netrek-client-cow-3.3.2/socket.c:1315:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
temp = read(asock, buf + count, 88);
data/netrek-client-cow-3.3.2/socket.c:1318:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
temp = read(asock, buf + count, size - (count + (buf - bufptr)));
data/netrek-client-cow-3.3.2/socket.c:1399:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
temp = read(asock, buf + BUFSIZ, BUFSIZ);
data/netrek-client-cow-3.3.2/socket.c:2082:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(login) > 15)
data/netrek-client-cow-3.3.2/socket.c:2374:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(mes);
data/netrek-client-cow-3.3.2/socket.c:2535:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(pl->p_name, "");
data/netrek-client-cow-3.3.2/socket.c:2536:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(pl->p_monitor, "");
data/netrek-client-cow-3.3.2/socket.c:2537:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(pl->p_login, "");
data/netrek-client-cow-3.3.2/socket.c:2716:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pl->pl_namelen = strlen(packet->name);
data/netrek-client-cow-3.3.2/sound.c:713:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(void) read(spigot[0], &ss, sizeof(ss));
data/netrek-client-cow-3.3.2/sound.c:803:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(name = malloc(strlen(dirName)+strlen(fileName)+2)))
data/netrek-client-cow-3.3.2/sound.c:803:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(name = malloc(strlen(dirName)+strlen(fileName)+2)))
data/netrek-client-cow-3.3.2/sound.c:1091:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(sound_prefix, "/");
data/netrek-client-cow-3.3.2/sound.c:1268:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(soundWin, 0, 0, textColor, buf, strlen(buf), 0);
data/netrek-client-cow-3.3.2/sound.c:1374:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(soundWin, 0, i, textColor, buf, strlen(buf), 0);
data/netrek-client-cow-3.3.2/spopt.c:62:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(spWin, 0, i, textColor, buf, strlen(buf), 0);
data/netrek-client-cow-3.3.2/spopt.c:126:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(cp);
data/netrek-client-cow-3.3.2/spopt.c:142:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(cp);
data/netrek-client-cow-3.3.2/spopt.c:161:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(recv_threshold_s, "0");
data/netrek-client-cow-3.3.2/stats.c:94:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sliders[i].label_length = strlen(sliders[i].label);
data/netrek-client-cow-3.3.2/strdup.c:9:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
charptr = (char *) malloc (sizeof (char) * strlen (strptr) + 1);
data/netrek-client-cow-3.3.2/string_util.c:90:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(from), i;
data/netrek-client-cow-3.3.2/tools.c:41:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(toolsWin, 0, 0, textColor, str, strlen(str), W_RegularFont);
data/netrek-client-cow-3.3.2/tools.c:56:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(pipebuf);
data/netrek-client-cow-3.3.2/tools.c:60:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(pipebuf), W_RegularFont);
data/netrek-client-cow-3.3.2/tools.c:67:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(toolsWin, 0, 0, textColor, str, strlen(str), W_RegularFont);
data/netrek-client-cow-3.3.2/udpopt.c:149:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(udpWin, 0, i, textColor, buf, strlen(buf), 0);
data/netrek-client-cow-3.3.2/usleep.c:13:1: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(microSeconds)
data/netrek-client-cow-3.3.2/war.c:63:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(war, 0, menunum, rColor, buf, strlen(buf), 0);
data/netrek-client-cow-3.3.2/war.c:68:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(war, 0, menunum, yColor, buf, strlen(buf), 0);
data/netrek-client-cow-3.3.2/war.c:73:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(war, 0, menunum, gColor, buf, strlen(buf), 0);
data/netrek-client-cow-3.3.2/war.c:87:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(war, 0, 4, textColor, gos, strlen(gos), 0);
data/netrek-client-cow-3.3.2/war.c:88:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W_WriteText(war, 0, 5, textColor, exs, strlen(exs), 0);
data/netrek-client-cow-3.3.2/warning.c:31:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
warncount = strlen(text);
data/netrek-client-cow-3.3.2/wsl.c:52:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int flen = strlen (fname);
data/netrek-client-cow-3.3.2/x11sprite.c:215:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pixmapDir, pd, 1024);
data/netrek-client-cow-3.3.2/x11sprite.c:741:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path = malloc(strlen(pixmapDir) + strlen(name) + 2);
data/netrek-client-cow-3.3.2/x11sprite.c:741:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path = malloc(strlen(pixmapDir) + strlen(name) + 2);
data/netrek-client-cow-3.3.2/x11sprite.c:773:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path = malloc(strlen(pixmapDir) + 4);
data/netrek-client-cow-3.3.2/x11sprite.c:823:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path = malloc(strlen(pixmapDir) + strlen(name) + 2);
data/netrek-client-cow-3.3.2/x11sprite.c:823:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path = malloc(strlen(pixmapDir) + strlen(name) + 2);
data/netrek-client-cow-3.3.2/x11window.c:1762:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len < 0) len = strlen(str);
data/netrek-client-cow-3.3.2/x11window.c:1783:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len < 0) len = strlen(str);
data/netrek-client-cow-3.3.2/x11window.c:1803:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len < 0) len = strlen(str);
data/netrek-client-cow-3.3.2/x11window.c:2460:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
items[n].string, strlen(items[n].string));
ANALYSIS SUMMARY:
Hits = 1000
Lines analyzed = 53094 in approximately 1.66 seconds (31992 lines/second)
Physical Source Lines of Code (SLOC) = 42828
Hits@level = [0] 815 [1] 236 [2] 536 [3] 31 [4] 196 [5] 1
Hits@level+ = [0+] 1815 [1+] 1000 [2+] 764 [3+] 228 [4+] 197 [5+] 1
Hits/KSLOC@level+ = [0+] 42.3788 [1+] 23.3492 [2+] 17.8388 [3+] 5.32362 [4+] 4.59979 [5+] 0.0233492
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.