Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/open-vm-tools-11.2.0/open-vm-tools/checkvm/checkvm.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/checkvm/checkvm_version.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/hgfsclient/hgfsclient.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/hgfsclient/hgfsclient_version.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/hgfsmounter/hgfsmounter.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/hgfsmounter/hgfsmounter_version.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/appUtil/appUtil.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/appUtil/appUtilX11.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncSocketBase.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncSocketBase.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncSocketInterface.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncSocketVTable.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/auth/authPosix.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/backdoor/backdoor.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/backdoor/backdoorGcc32.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/backdoor/backdoorGcc64.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/backdoor/backdoorGcc64_arm64.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/backdoor/backdoorInt.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/dataMap/dataMap.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/dict/dictll.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/dynxdr/dynxdr.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/dynxdr/xdrutil.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/err/err.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/err/errInt.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/err/errPosix.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/file/file.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIO.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileInt.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileLockPosix.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileLockPrimitive.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/file/filePosix.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileStandAlone.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileTemp.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileTempPosix.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/foundryMsg/foundryMsg.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/foundryMsg/foundryPropertyListCommon.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/foundryMsg/vixTranslateErrOpenSource.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/glibUtils/fileLogger.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/glibUtils/stdLogger.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/glibUtils/sysLogger.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/guestApp/guestApp.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/hashMap/hashMap.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfs/cpName.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfs/cpNameInt.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfs/cpNameLinux.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfs/cpNameLite.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfs/cpNameUtil.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfs/cpNameUtilInt.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfs/cpNameUtilLinux.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfs/hgfsEscape.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfs/hgfsUtil.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsBd/hgfsBd.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsHelper/hgfsHelperPosix.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsCache.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsCacheStub.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsDirNotify.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsDirNotifyStub.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServer.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerInt.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerOplock.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerOplock.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerOplockInt.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerOplockLinux.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerOplockMonitor.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerOplockMonitor.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerPacketUtil.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerParameters.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerParameters.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsThreadpool.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsThreadpoolStub.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServerManagerGuest/hgfsChannelGuest.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServerManagerGuest/hgfsChannelGuestBd.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServerManagerGuest/hgfsChannelGuestInt.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServerManagerGuest/hgfsServerManagerGuest.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServerPolicyGuest/hgfsServerPolicyGuest.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsUri/hgfsUriPosix.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/impersonate/impersonate.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/impersonate/impersonateInt.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/impersonate/impersonatePosix.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/appUtil.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/asyncsocket.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/auth.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/backdoor.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/backdoor_def.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/backdoor_types.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/base64.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/buildNumber.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/capsProvider.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/circList.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/clamped.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/codeset.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/community_source.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/compat/compat_stdarg.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/conf.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/config.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/cpName.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/cpNameLite.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/cpNameUtil.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/cryptoError.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/dataMap.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/dbllnklst.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/debug.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/deployPkg/linuxDeployment.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/dictll.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/dynarray.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/dynbuf.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/dynxdr.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/embed_version.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/err.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/escBitvector.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/escape.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/file.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/fileIO.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/fileLock.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/file_extensions.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/ghIntegrationCommon.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/glibUtils.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/guestApp.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/guestInfo.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/guestStats.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/guest_msg_def.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/guest_os.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/guest_os_tables.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/hashMap.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/hashTable.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/hgfs.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/hgfsBd.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/hgfsDevLinux.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/hgfsEscape.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/hgfsHelper.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/hgfsProto.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/hgfsServer.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/hgfsServerManager.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/hgfsServerPolicy.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/hgfsUri.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/hgfsUtil.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/hgfsVirtualDir.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/hostType.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/hostinfo.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/imgcust-common/imgcust-api.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/imgcust-common/log.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/imgcust-common/process.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/impersonate.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/includeCheck.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/ioplGet.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/iovector.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/localconfig.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/log.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/logFixed.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/logToHost.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/loglevel_defs.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/loglevel_user.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/loglevel_userVars.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/memaligned.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/message.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/miscSolaris.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/mntinfo.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/msg.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/msgList.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/msgfmt.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/msgid.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/msgid_defs.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/mul64.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/mutexRank.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/mutexRankLib.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/netutil.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/nicInfo.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/panic.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/poll.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/pollImpl.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/posix.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/preference.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/procMgr.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/product.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/productState.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/random.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/removable_device.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/rpcin.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/rpcout.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/rpcvmx.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/rpcvmxext.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/sha1.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/sigPosixRegs.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/slashProc.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/sslDirect.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/str.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/strutil.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/su.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/syncDriver.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/syncDriverIoc.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/syncEvent.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/system.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/timeutil.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/unicode.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/unicodeBase.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/unicodeICU.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/unicodeOperations.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/unicodeTransforms.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/unicodeTypes.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/userlock.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/util.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/utilZero.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/uuid.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vix.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vixCommands.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vixOpenSource.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmGuestAppMonitorLib.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmGuestLib.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmSessionId.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vm_api.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vm_assert.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vm_atomic.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vm_atomic_arm64_begin.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vm_atomic_arm64_end.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vm_basic_asm.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vm_basic_asm_arm64.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vm_basic_asm_x86.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vm_basic_asm_x86_64.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vm_basic_asm_x86_common.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vm_basic_defs.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vm_basic_math.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vm_basic_types.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vm_compilation_options.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vm_ctype.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vm_device_version.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vm_legal.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vm_product.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vm_product_versions.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vm_tools_version.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vm_valgrind.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vm_version.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vm_vmx_type.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmblock.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmblock_user.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmcheck.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmci_defs.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmci_sockets.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmfs.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmk_exports.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmsignal.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmstdio.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmsupport.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmtoolsd_version.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmware.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmware/guestrpc/appInfo.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmware/guestrpc/capabilities.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmware/guestrpc/deploypkg.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmware/guestrpc/guestcust-events.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmware/guestrpc/powerops.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmware/guestrpc/serviceDiscovery.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmware/guestrpc/tclodefs.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmware/guestrpc/timesync.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmware/guestrpc/vmbackup.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmware/tools/desktopevents.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmware/tools/guestrpc.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmware/tools/i18n.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmware/tools/log.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmware/tools/plugin.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmware/tools/rpcdebug.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmware/tools/threadPool.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmware/tools/utils.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmware/tools/vmbackup.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmware_pack_begin.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmware_pack_end.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmware_pack_init.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmxrpc.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vthreadBase.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/wiper.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/x86_basic_defs.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/x86cpuid.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/x86cpuid_asm.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/x86vendor.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/xdg.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/include/xdrutil.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/lock/ul.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/lock/ulBarrier.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/lock/ulCondVar.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/lock/ulExcl.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/lock/ulInt.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/lock/ulIntShared.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/lock/ulRW.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/lock/ulRec.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/lock/ulSema.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/lock/ulStats.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/message/message.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/base64.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/codeset.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/codesetBase.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/codesetOld.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/codesetOld.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/codesetUTF8.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/dynarray.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/dynbuf.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/escape.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hashTable.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostType.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfo.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoHV.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoInt.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostname.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/idLinux.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/iovector.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/logFixed.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/machineID.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/miscSolaris.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixDlopen.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixInt.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPosix.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPwd.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/prng.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/random.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/sha1.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/sleep.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/strutil.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/timeutil.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/utilMem.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/util_misc.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/vmstdio.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/vthreadBase.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/netUtil/netUtilLinux.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/nicInfo/compareNicInfo.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/nicInfo/nicInfo.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/nicInfo/nicInfoInt.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/nicInfo/nicInfoPosix.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/nicInfo/util.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/panic/panic.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/panicDefault/panicDefault.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/poll/poll.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrPosix.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrSolaris.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcChannel/bdoorChannel.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcChannel/glib_stubs.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcChannel/rpcChannel.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcChannel/rpcChannelInt.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcChannel/simpleSocket.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcChannel/simpleSocket.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcChannel/vsockChannel.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcIn/rpcin.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcOut/rpcout.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcVmx/rpcvmx.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/slashProc/net.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/slashProc/slashProcNetInt.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/sslDirect/sslStubs.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/string/str.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/stubs/stub-config.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/stubs/stub-debug.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/stubs/stub-log.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/stubs/stub-msgfmt-fbsd.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/stubs/stub-panic.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/stubs/stub-user-msg.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/stubs/stub-user-panic.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/stubs/stub-user-util.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/stubs/stub-warning.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/syncDriver/nullDriver.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/syncDriver/syncDriverInt.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/syncDriver/syncDriverLinux.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/syncDriver/syncDriverPosix.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/syncDriver/vmSyncDriver.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/system/systemLinux.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/unicode/unicodeCommon.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/unicode/unicodeICU.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/unicode/unicodeInt.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/unicode/unicodeSimpleBase.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/unicode/unicodeSimpleCaseFolding.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/unicode/unicodeSimpleOperations.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/unicode/unicodeSimpleTransforms.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/unicode/unicodeSimpleTypes.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/unicode/unicodeStatic.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/user/util.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/user/utilBacktrace.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/vmCheck/vmcheck.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/vmSignal/vmsignal.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/wiper/wiperCommon.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/wiper/wiperPosix.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/lib/xdg/xdg.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/deployPkgFormat.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/libDeployPkg_version.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeploymentUtilities.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeploymentUtilities.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/mspackConfig.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/mspackWrapper.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/mspackWrapper.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/processPosix.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/libappmonitor/stub-debug.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/libappmonitor/vmGuestAppMonitorLib.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/libappmonitor/vmGuestAppMonitorLibInt.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/libappmonitor/vmguestappmonitorlib_version.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/libguestlib/guestSDKLog.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/libguestlib/vmGuestLib.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/libguestlib/vmGuestLibInt.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/libguestlib/vmguestlib_version.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/libhgfs/hgfslib.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/libvmtools/i18n.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/libvmtools/monotonicTimer.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/libvmtools/signalSource.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/libvmtools/vmtools.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/libvmtools/vmtoolsConfig.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/libvmtools/vmtoolsInt.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/libvmtools/vmtoolsLog.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/libvmtools/vmtoolslib_version.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/libvmtools/vmxLogger.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/freebsd/shared/compat_freebsd.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/freebsd/shared/compat_mount.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/freebsd/shared/compat_priv.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/freebsd/shared/compat_vop.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/freebsd/vmblock/os.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/freebsd/vmblock/os_panic.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/freebsd/vmblock/subr.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/freebsd/vmblock/vfsops.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/freebsd/vmblock/vmblock_k.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/freebsd/vmblock/vnops.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/freebsd/vmmemctl/kernelStubsBSD.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/freebsd/vmmemctl/os.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/shared/vmblock/block.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/shared/vmblock/block.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/shared/vmblock/stubs.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/shared/vmmemctl/backdoor_balloon.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/shared/vmmemctl/backdoor_balloon.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/shared/vmmemctl/balloonInt.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/shared/vmmemctl/balloon_def.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/shared/vmmemctl/dbllnklst.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/shared/vmmemctl/kernelStubs.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/shared/vmmemctl/kernelStubsSal.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/shared/vmmemctl/os.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/shared/vmmemctl/vmballoon.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/shared/vmmemctl/vmballoon.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/shared/vmxnet/eth_public.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/shared/vmxnet/net.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/shared/vmxnet/net_sg.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/shared/vmxnet/upt1_defs.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/shared/vmxnet/vmnet_def.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/shared/vmxnet/vmxnet2_def.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/shared/vmxnet/vmxnet3_defs.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/shared/vmxnet/vmxnet_def.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmblock/module.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmblock/module.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmblock/os.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmblock/vfsops.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmblock/vnops.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/debug.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/debug.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/filesystem.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/filesystem.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/hgfsBdGlue.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/hgfsBdGlue.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/hgfsSolaris.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/hgfsState.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/hgfsState.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/kernelStubs.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/kernelStubsSolaris.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/module.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/module.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/request.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/request.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/vnode.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/vnode.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmmemctl/kernelStubsSolaris.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmmemctl/os.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmmemctl/vmballoon_kstats.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmmemctl/vmballoon_kstats.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmxnet/vmxnet.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmxnet3/vmxnet3_main.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmxnet3/vmxnet3_rx.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmxnet3/vmxnet3_solaris.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmxnet3/vmxnet3_solaris_compat.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmxnet3/vmxnet3_tx.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmxnet3/vmxnet3_utils.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/namespacetool/namespacetool.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/rpctool/rpctool.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/appInfo/appInfo.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/appInfo/appInfoInt.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/appInfo/appInfoPosix.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/appInfo/appInfoUtil.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/deployPkg/deployPkg.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/deployPkg/deployPkgInt.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/deployPkg/deployPkgLog.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/deployPkg/deployPkgPlugin.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/desktopEvents/deFeatures.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/desktopEvents/desktopEvents.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/desktopEvents/desktopEventsInt.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/desktopEvents/reload.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/desktopEvents/sessionMgr.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/desktopEvents/x11Lock.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/desktopEvents/xioError.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/copyPasteCompat.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/copyPasteCompat.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/copyPasteCompatX11.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/copyPasteDnDX11.cpp
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/copyPasteUIX11.cpp
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/copyPasteUIX11.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dnd/dnd.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dnd/dndCPMsgV4.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dnd/dndCPMsgV4.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dnd/dndCPTransport.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dnd/dndClipboard.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dnd/dndClipboard.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dnd/dndCommon.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dnd/dndFileContentsUtil.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dnd/dndInt.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dnd/dndLinux.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dnd/dndMsg.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dnd/dndMsg.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dnd/dndXdg.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dnd/rpcBase.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dnd/rpcV3Util.hpp
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuest/copyPasteRpcV3.cc
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuest/copyPasteRpcV4.cc
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuest/dndCPTransportGuestRpc.cpp
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuest/dndCPTransportGuestRpc.hpp
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuest/dndRpcListener.hpp
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuest/dndRpcV4.cc
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuest/fileTransferRpcV4.cc
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuest/guestCopyPasteDest.cc
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuest/guestCopyPasteMgr.cc
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuest/guestCopyPasteSrc.cc
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuest/rpcV3Util.cpp
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuest/rpcV4Util.cpp
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuest/rpcV4Util.hpp
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuest/vmGuestDnDCPMgr.cc
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuest/vmGuestDnDMgr.cc
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuest/vmGuestDnDSrc.cc
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuest/vmGuestFileTransfer.cc
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuestBase/copyPasteDnDImpl.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuestBase/copyPasteDnDWrapper.cpp
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuestBase/copyPasteDnDWrapper.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuestBase/copyPasteDnDX11.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuestBase/dndFileList.cc
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuestBase/dndPluginInt.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuestBase/dndRpcV3.cc
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuestBase/dndUIX11.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuestBase/dragDetWndX11.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuestBase/guestDnDCPMgr.cc
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuestBase/guestDnDDest.cc
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuestBase/guestDnDMgr.cc
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuestBase/guestDnDSrc.cc
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuestBase/guestFileTransfer.cc
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndPluginIntX11.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndUIX11.cpp
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndcp.cpp
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dragDetWndX11.cpp
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/fakeMouseWayland/fakeMouseWayland.cpp
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/fakeMouseWayland/fakeMouseWayland.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/pointer.cpp
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/pointer.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/stringxx/string.cc
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/vmCopyPasteDnDWrapper.cpp
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/vmCopyPasteDnDWrapper.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/xutils/xutils.cc
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/diskInfo.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/diskInfoPosix.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/guestInfoInt.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/guestInfoServer.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/perfMonLinux.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/hgfsServer/hgfsPlugin.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/powerOps/powerOps.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/resolutionKMS/resolutionKMS.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/resolutionSet/libvmwarectrl.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/resolutionSet/libvmwarectrl.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/resolutionSet/resolutionCommon.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/resolutionSet/resolutionCommon.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/resolutionSet/resolutionDL.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/resolutionSet/resolutionDL.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/resolutionSet/resolutionInt.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/resolutionSet/resolutionRandR12.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/resolutionSet/resolutionRandR12.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/resolutionSet/resolutionSet.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/resolutionSet/resolutionX11.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/resolutionSet/vmwarectrl.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/resolutionSet/vmwarectrlproto.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/serviceDiscovery/serviceDiscovery.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/serviceDiscovery/serviceDiscoveryInt.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/serviceDiscovery/serviceDiscoveryPosix.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/timeSync/pllLinux.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/timeSync/pllNone.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/timeSync/slewAdjtime.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/timeSync/slewLinux.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/timeSync/timeSync.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/timeSync/timeSync.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/timeSync/timeSyncPosix.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/timeSync/timeSyncPosix.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/foundryToolsDaemon.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixPlugin.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixPluginInt.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixTools.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixToolsEnvVars.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixToolsInt.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vmbackup/nullProvider.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vmbackup/scriptOps.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vmbackup/stateMachine.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vmbackup/syncDriverOps.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vmbackup/syncManifest.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vmbackup/syncManifest.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vmbackup/vmBackupInt.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/vmtoolsd/cmdLine.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/vmtoolsd/mainLoop.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/vmtoolsd/mainPosix.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/vmtoolsd/pluginMgr.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/vmtoolsd/serviceObj.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/vmtoolsd/serviceObj.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/vmtoolsd/threadPool.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/vmtoolsd/toolsCoreInt.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/vmtoolsd/toolsHangDetector.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/vmtoolsd/toolsHangDetector.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/services/vmtoolsd/toolsRpc.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/tests/testDebug/testDebug.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/tests/testPlugin/testPlugin.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/tests/testVmblock/manual-blocker.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/tests/testVmblock/vmblocktest.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/tests/vmrpcdbg/debugChannel.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/tests/vmrpcdbg/vmrpcdbg.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/tests/vmrpcdbg/vmrpcdbgInt.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/toolbox/toolbox-cmd.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/toolbox/toolboxCmdInt.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/toolbox/toolboxcmd-config.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/toolbox/toolboxcmd-devices.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/toolbox/toolboxcmd-info.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/toolbox/toolboxcmd-logging.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/toolbox/toolboxcmd-scripts.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/toolbox/toolboxcmd-shrink.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/toolbox/toolboxcmd-stat.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/toolbox/toolboxcmd-time.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/toolbox/toolboxcmd_version.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/cli/main.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/VGAuthBasicDefs.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/VGAuthLog.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/VGAuthLog.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/VGAuthProto.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/VGAuthUtil.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/VGAuthUtil.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/audit.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/audit.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/certverify.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/certverify.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/createToken.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/i18n.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/i18n.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/prefs.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/prefs.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/s4u2self.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/serviceUser.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/usercheck.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/usercheck.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/vmxlog.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/vmxlog.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/lib/VGAuthInt.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/lib/alias.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/lib/auth.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/lib/authPosix.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/lib/comm.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/lib/common.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/lib/errortext.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/lib/impersonate.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/lib/impersonateLinux.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/lib/netPosix.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/lib/proto.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/public/VGAuthAlias.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/public/VGAuthAuthentication.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/public/VGAuthCommon.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/public/VGAuthError.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/public/VGAuthIdProvider.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/service/fileLogger.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/service/gio.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/service/log.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/service/main.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/service/service.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/service/servicePosix.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/service/signalSource.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/service/vgauthService_version.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/alias.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/file.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/filePosix.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/netPosix.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/proto.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/random.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/saml-xml-security-c.cpp
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/samlInt.hpp
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/service.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/serviceInt.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/ticket.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/verify.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vgauth/test/main.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vmblock-fuse/fsops.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vmblock-fuse/fsops.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/vmblock-fuse/main.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vmblock-fuse/os.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/vmblock-fuse/util.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vmblockmounter/vmblockmounter.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vmblockmounter/vmblockmounter_version.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/bdhandler.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/bdhandler.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/cache.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/cache.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/config.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/config.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/dir.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/file.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/file.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/filesystem.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/filesystem.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/fsutil.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/fsutil.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/link.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/linux/list.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/main.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/module.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/request.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/request.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/session.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/session.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/transport.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/transport.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/vmhgfs_version.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/vmware-user-suid-wrapper/main.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vmware-user-suid-wrapper/wrapper-freebsd.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vmware-user-suid-wrapper/wrapper-linux.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vmware-user-suid-wrapper/wrapper-solaris.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/vmware-user-suid-wrapper/wrapper.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/vmware-user-suid-wrapper/wrapper_version.h
Examining data/open-vm-tools-11.2.0/open-vm-tools/xferlogs/xferlogs.c
Examining data/open-vm-tools-11.2.0/open-vm-tools/xferlogs/xferlogs_version.h
FINAL RESULTS:
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/filePosix.c:2277:38: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if ((stat(oldPath, &st) == 0) && (chmod(newPath, st.st_mode) == -1)) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/glibUtils/fileLogger.c:331:14: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
(void) chmod(path, 0600);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c:5199:14: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(fileName, mode) == 0) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c:5205:13: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(fileName, permissions);
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/posix.h:674:21: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
#define Posix_Chmod chmod
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/posix.h:675:21: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
#define Posix_Chown chown
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/codeset.c:279:11: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
size = readlink("/proc/self/exe", path, sizeof path - 1);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPosix.c:278:10: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
ret = chmod(path, mode);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPosix.c:724:10: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
ret = chown(path, owner, group);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPosix.c:1476:24: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
ssize_t len = readlink(path, linkPath, size);
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrPosix.c:401:19: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
exeLen = readlink(cmdFilePath, exeRealPath, sizeof exeRealPath -1);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/deployPkg/deployPkgLog.c:87:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
(void) chmod(logPath, 0600);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/filePosix.c:133:8: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (chown(fileName, uid, gid) < 0) {
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/filePosix.c:178:8: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (chown(dstFilename, uid, gid) < 0) {
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/filePosix.c:244:10: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
ret = chmod(fileName, mode);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/netPosix.c:184:8: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(conn->pipeName, mode) < 0) {
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/netPosix.c:198:11: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (chown(conn->pipeName, uid, gid) < 0) {
data/open-vm-tools-11.2.0/open-vm-tools/vmware-user-suid-wrapper/wrapper-freebsd.c:86:19: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
if ((execLen = readlink(tmpPath, execPath, execPathSize - 1)) == -1) {
data/open-vm-tools-11.2.0/open-vm-tools/vmware-user-suid-wrapper/wrapper-linux.c:93:19: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
if ((execLen = readlink(tmpPath, execPath, execPathSize - 1)) == -1) {
data/open-vm-tools-11.2.0/open-vm-tools/hgfsmounter/hgfsmounter.c:126:37: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define LOG(format...) (beVerbose ? printf(format) : 0)
data/open-vm-tools-11.2.0/open-vm-tools/hgfsmounter/hgfsmounter.c:128:39: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define LOG(format, ...) (beVerbose ? printf(format, ##__VA_ARGS__) : 0)
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c:57:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define strcpy(dst,src) Str_Strcpy((dst), (src), 0x7FFFFFFF)
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c:58:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
#define strcat(dst,src) Str_Strcat((dst), (src), 0x7FFFFFFF)
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c:67:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#undef strcpy
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c:68:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
#undef strcat
data/open-vm-tools-11.2.0/open-vm-tools/lib/auth/authPosix.c:532:15: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
namep = crypt(pass, pw);
data/open-vm-tools-11.2.0/open-vm-tools/lib/auth/authPosix.c:539:7: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
crypt("glurp", pw);
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/file.c:2491:12: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if ((sscanf(fileList[i], fmtString, &curNr, &bytesProcessed) >= 1) &&
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIO.c:262:28: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
FileIOResolveLockBits(int *access) // IN/OUT: FILEIO_OPEN_* bits
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIO.c:271:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((*access & FILEIO_OPEN_EXCLUSIVE_LOCK) != 0) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIO.c:272:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
*access &= ~FILEIO_OPEN_EXCLUSIVE_LOCK;
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIO.c:273:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
*access |= FILEIO_OPEN_LOCK_MANDATORY;
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIO.c:275:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((*access & FILEIO_OPEN_LOCK_BEST) != 0) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIO.c:277:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
*access &= ~FILEIO_OPEN_LOCK_BEST;
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIO.c:279:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
*access |= FILEIO_OPEN_LOCK_MANDATORY;
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIO.c:281:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
*access |= FILEIO_OPEN_LOCK_ADVISORY;
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIO.c:286:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ASSERT(((*access & FILEIO_OPEN_LOCK_ADVISORY) == 0) ||
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIO.c:287:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
((*access & FILEIO_OPEN_LOCK_MANDATORY) == 0));
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIO.c:314:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
int access) // IN:
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIO.c:325:27: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
FileIOResolveLockBits(&access);
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIO.c:326:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ASSERT((access & FILEIO_OPEN_LOCKED) == 0);
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIO.c:329:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((access & FILEIO_OPEN_LOCK_MANDATORY) != 0) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIO.c:332:16: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
} else if ((access & FILEIO_OPEN_LOCK_ADVISORY) != 0) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIO.c:336:40: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
(access & FILEIO_OPEN_ACCESS_WRITE) == 0,
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:834:23: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
int access, // IN:
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:856:27: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
FileIOResolveLockBits(&access);
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:857:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ASSERT((access & FILEIO_OPEN_LOCKED) == 0 &&
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:858:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
(access & FILEIO_OPEN_EXCLUSIVE_LOCK) == 0);
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:860:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ASSERT((access & FILEIO_OPEN_LOCK_MANDATORY) == 0 ||
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:864:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access & FILEIO_OPEN_EXCLUSIVE_LOCK_MACOS) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:869:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((access & FILEIO_OPEN_SWMR_LOCK) != 0) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:871:19: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
} else if ((access & FILEIO_OPEN_MULTIWRITER_LOCK) != 0) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:873:19: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
} else if ((access & FILEIO_OPEN_LOCK_MANDATORY) != 0) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:875:19: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
} else if ((access & FILEIO_OPEN_OPTIMISTIC_LOCK) != 0) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:892:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((access & FILEIO_OPEN_LOCK_ADVISORY) != 0) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:893:31: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ret = FileIO_Lock(file, access);
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:899:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((access & (FILEIO_OPEN_ACCESS_READ | FILEIO_OPEN_ACCESS_WRITE)) ==
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:902:15: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
} else if (access & FILEIO_OPEN_ACCESS_WRITE) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:904:15: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
} else if (access & FILEIO_OPEN_ACCESS_READ) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:908:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access & FILEIO_OPEN_EXCLUSIVE_READ &&
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:909:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access & FILEIO_OPEN_EXCLUSIVE_WRITE) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:913:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access & FILEIO_OPEN_UNBUFFERED) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:917:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access &= ~FILEIO_OPEN_UNBUFFERED;
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:923:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access & FILEIO_OPEN_NONBLOCK) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:927:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access & FILEIO_OPEN_APPEND) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:932:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access & FILEIO_OPEN_ACCESS_NOFOLLOW) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:938:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access & FILEIO_OPEN_SYNC) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:944:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access & FILEIO_OPEN_ACCESS_NOFOLLOW) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:950:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access & FILEIO_OPEN_CLOSE_ON_EXEC) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:957:18: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
file->flags = access;
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:960:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access & FILEIO_OPEN_PRIVILEGED) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:975:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access & FILEIO_OPEN_PRIVILEGED) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:983:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access & FILEIO_OPEN_PRIVILEGED) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:1001:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access & (FILEIO_OPEN_UNBUFFERED | FILEIO_OPEN_SYNC)) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:1012:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!(access & FILEIO_OPEN_SYNC)) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:1026:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access & FILEIO_OPEN_DELETE_ASAP) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:1083:24: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
int access, // IN:
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:1088:45: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return FileIOCreateRetry(file, pathName, access, action, mode,
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:1115:19: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
int access, // IN:
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:1119:45: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return FileIOCreateRetry(file, pathName, access, action, mode, 0);
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:1146:22: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
int access, // IN:
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:1163:47: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
res = FileIOCreateRetry(file, pathName, access, action,
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:1179:45: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return FileIOCreateRetry(file, pathName, access, action,
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:1207:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
int access, // IN:
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:1210:44: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return FileIO_OpenRetry(file, pathName, access, action, 0);
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileInt.h:113:33: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
void FileIOResolveLockBits(int *access);
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileInt.h:256:23: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
int access,
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileLockPrimitive.c:302:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
int access;
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileLockPrimitive.c:330:4: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access |= FILEIO_OPEN_SHARE_DELETE;
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileLockPrimitive.c:333:44: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
result = FileIOCreateRetry(&desc, path, access, FILEIO_OPEN, 0444,
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileLockPrimitive.c:1588:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
int access;
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileLockPrimitive.c:1600:4: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access |= FILEIO_OPEN_EXCLUSIVE_LOCK;
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileLockPrimitive.c:1604:44: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
lockFile, access,
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileLockPrimitive.c:1669:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
int access;
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileLockPrimitive.c:1723:4: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access |= FILEIO_OPEN_SHARE_DELETE;
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileLockPrimitive.c:1725:4: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access |= FILEIO_OPEN_ACCESS_NOFOLLOW;
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileLockPrimitive.c:1730:53: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
result = FileIOCreateRetry(&desc, entryFilePath, access,
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileLockPrimitive.c:1928:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
int access;
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileLockPrimitive.c:1942:48: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
result = FileIOCreateRetry(&desc, lockFile, access, FILEIO_OPEN, 0644, 0);
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/filePosix.c:1702:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(existPath, DEVFS_MOUNT_PATH "%[^/]%*s", devfsName) == 1) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/filePosix.c:1722:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(canPath, VCFS_MOUNT_PATH "%[^/]%*s", vmfsVolumeName) != 1) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c:262:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
if (snprintf(nameBuffer, sizeof nameBuffer, PROC_SELF_FD "%d", fd) < 0) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/fileIO.h:334:32: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
int access,
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/fileIO.h:340:36: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
int access,
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/fileIO.h:347:30: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
int access,
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/fileIO.h:352:35: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
int access,
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/fileIO.h:465:30: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
int access);
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/fileIO.h:481:45: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
DWORD access,
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/posix.h:672:22: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
#define Posix_Access access
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/posix.h:678:21: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#define Posix_Execl execl
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/posix.h:679:22: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#define Posix_Execlp execlp
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/posix.h:680:21: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#define Posix_Execv execv
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/posix.h:682:22: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#define Posix_Execvp execvp
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/posix.h:684:23: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define Posix_Fprintf fprintf
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/posix.h:707:21: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#define Posix_Popen popen
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/posix.h:708:22: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define Posix_Printf printf
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/posix.h:717:22: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#define Posix_System system
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vm_basic_defs.h:479:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vm_basic_defs.h:479:19: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostType.c:128:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access("/etc/vmware/hostd/mockupEsxHost.txt", 0) != -1) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:320:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(u.release, "%d.%d.%d%s",
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:1428:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(tmpDistroPos, values[i].scanString, distroPart);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:3239:8: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (execv(pathLocalEncoding, argsLocalEncoding) == -1) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPosix.c:469:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ret = access(path, mode);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPosix.c:472:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ret = access(path, mode);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPosix.c:650:13: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
stream = popen(path, mode);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPosix.c:1028:10: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ret = execv(path, argv);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPosix.c:1105:10: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ret = execvp(file, argv);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPosix.c:1147:10: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ret = execv(path, argv);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPosix.c:1237:10: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ret = execvp(file, argv);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPosix.c:1332:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ret = system(tmpcommand);
data/open-vm-tools-11.2.0/open-vm-tools/lib/nicInfo/nicInfoPosix.c:996:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(file, R_OK) != -1) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrPosix.c:1550:10: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(shellPath, args);
data/open-vm-tools-11.2.0/open-vm-tools/lib/string/str.c:53:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf _vsnprintf
data/open-vm-tools-11.2.0/open-vm-tools/lib/string/str.c:73:12: [4] (format) vswprintf:
Potential format string problem (CWE-134). Make format string constant.
extern int vswprintf(wchar_t *wcs, size_t maxlen, const wchar_t *format, va_list args);
data/open-vm-tools-11.2.0/open-vm-tools/lib/string/str.c:130:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
retval = vsnprintf(str, size, format, ap);
data/open-vm-tools-11.2.0/open-vm-tools/lib/string/str.c:825:13: [4] (format) vswprintf:
Potential format string problem (CWE-134). Make format string constant.
retval = vswprintf(str, size, format, ap);
data/open-vm-tools-11.2.0/open-vm-tools/lib/system/systemLinux.c:328:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(cmd) == -1) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/xdg/xdg.c:82:23: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
FILE *cmdPipe = popen(xdgDetectDEExec, "r");
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:310:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (msg, CABCOMMANDLOG);
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:321:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (msg, CABCOMMANDLOG);
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:513:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data, token);
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:857:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fileName, dir);
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:1193:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(cfgFullPath, R_OK) != 0) {
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:1240:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cleanupCommand, CLEANUPCMD);
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:1312:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(imcDirPath, baseDirPath);
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:1688:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (arg, l->data);
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/mspackWrapper.c:81:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(fmtstr, args);
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/mspackWrapper.c:181:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fileName, file->filename);
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/processPosix.c:190:7: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(p->args[0], p->args);
data/open-vm-tools-11.2.0/open-vm-tools/libappmonitor/stub-debug.c:37:4: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/open-vm-tools-11.2.0/open-vm-tools/libappmonitor/stub-debug.c:50:4: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/open-vm-tools-11.2.0/open-vm-tools/libappmonitor/stub-debug.c:63:4: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/open-vm-tools-11.2.0/open-vm-tools/libguestlib/guestSDKLog.c:53:4: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/open-vm-tools-11.2.0/open-vm-tools/libguestlib/guestSDKLog.c:82:4: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/open-vm-tools-11.2.0/open-vm-tools/libguestlib/guestSDKLog.c:111:4: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/open-vm-tools-11.2.0/open-vm-tools/libvmtools/vmtoolsLog.c:284:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(cwd, W_OK) == -1) {
data/open-vm-tools-11.2.0/open-vm-tools/modules/freebsd/vmblock/os_panic.c:63:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(message, sizeof message - 1, fmt, args);
data/open-vm-tools-11.2.0/open-vm-tools/modules/freebsd/vmblock/vmblock_k.h:65:48: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define VMBLOCKFSDEBUG(format, args...) printf(format ,## args)
data/open-vm-tools-11.2.0/open-vm-tools/modules/freebsd/vmblock/vmblock_k.h:83:41: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define LOG(level, fmt, args...) printf(fmt, ##args)
data/open-vm-tools-11.2.0/open-vm-tools/modules/freebsd/vmmemctl/kernelStubsBSD.c:62:4: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(fmt, ap);
data/open-vm-tools-11.2.0/open-vm-tools/modules/freebsd/vmmemctl/kernelStubsBSD.c:89:4: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(fmt, ap);
data/open-vm-tools-11.2.0/open-vm-tools/modules/freebsd/vmmemctl/kernelStubsBSD.c:154:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
retval = vsnprintf(str, size, format, arguments);
data/open-vm-tools-11.2.0/open-vm-tools/modules/freebsd/vmmemctl/os.c:745:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(BALLOON_NAME_VERBOSE " initialized\n");
data/open-vm-tools-11.2.0/open-vm-tools/modules/freebsd/vmmemctl/os.c:789:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(BALLOON_NAME_VERBOSE " unloaded\n");
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/debug.c:444:7: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buffer, fmt, args);
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/kernelStubsSolaris.c:127:17: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int retval = vsnprintf(str, size, format, arguments);
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmmemctl/kernelStubsSolaris.c:127:17: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int retval = vsnprintf(str, size, format, arguments);
data/open-vm-tools-11.2.0/open-vm-tools/rpctool/rpctool.c:96:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, NOT_VMWARE_ERROR);
data/open-vm-tools-11.2.0/open-vm-tools/rpctool/rpctool.c:179:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, NOT_VMWARE_ERROR);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/deployPkg/deployPkgLog.c:190:7: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(_file, fmtstr, args);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/desktopEvents/reload.c:78:4: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp(VMUSER_TITLE, VMUSER_TITLE, NULL);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/fakeMouseWayland/fakeMouseWayland.cpp:109:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(dev.name, UINPUT_MAX_NAME_SIZE, UINPUT_DND_POINTER_NAME);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/perfMonLinux.c:232:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return (access(path, F_OK) == 0);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/resolutionSet/resolutionRandR12.c:134:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(_ofile, "Debug: " __VA_ARGS__); \
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/resolutionSet/resolutionRandR12.c:137:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(_ofile, "Warning: " __VA_ARGS__); \
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/resolutionSet/resolutionRandR12.c:288:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(output->name, RR12_OUTPUT_FORMAT, &num) != 1) {
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/resolutionSet/resolutionRandR12.c:692:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(modeInfo->name, RR12_MODE_FORMAT, &w, &h) == 2) {
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/resolutionSet/resolutionRandR12.c:731:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(name, sizeof name, RR12_MODE_FORMAT, width, height);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/resolutionSet/resolutionRandR12.c:842:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(modeInfo->name, RR12_MODE_FORMAT, &w, &h) != 2) {
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/resolutionSet/resolutionX11.c:394:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(xrrOutput->name, RR12_OUTPUT_FORMAT, &num) != 1 ||
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vmbackup/syncManifest.c:156:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
ret = fprintf(f, syncManifestFmt, TOOLS_VERSION_CURRENT,
data/open-vm-tools-11.2.0/open-vm-tools/services/vmtoolsd/toolsRpc.c:152:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(cmdGrepVmusrTools) == 0) {
data/open-vm-tools-11.2.0/open-vm-tools/services/vmtoolsd/toolsRpc.c:240:23: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
is_osp = (access("/usr/lib/vmware-tools/dsp", F_OK) == 0);
data/open-vm-tools-11.2.0/open-vm-tools/tests/testVmblock/vmblocktest.c:61:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__VA_ARGS__); \
data/open-vm-tools-11.2.0/open-vm-tools/tests/testVmblock/vmblocktest.c:69:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stream, __VA_ARGS__); \
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/lib/authPosix.c:348:18: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
crypt_pw = crypt(password, passwd);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/lib/authPosix.c:355:7: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
crypt("glurp", passwd);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/service/servicePosix.c:520:8: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (execv(path, args) == -1) {
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c:90:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msgStr, sizeof msgStr, msg, argPtr);
data/open-vm-tools-11.2.0/open-vm-tools/vmblock-fuse/os.h:62:4: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args); \
data/open-vm-tools-11.2.0/open-vm-tools/vmblock-fuse/os.h:143:15: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, "DEBUG: " fmt, ## args) : \
data/open-vm-tools-11.2.0/open-vm-tools/vmblock-fuse/os.h:150:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, "WARNING: " fmt, ## args)
data/open-vm-tools-11.2.0/open-vm-tools/vmblockmounter/vmblockmounter.c:54:39: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define LOG(format, ...) (beVerbose ? printf(format, ##__VA_ARGS__) : 0)
data/open-vm-tools-11.2.0/open-vm-tools/vmblockmounter/vmblockmounter.c:201:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(mountPoint, X_OK) < 0) {
data/open-vm-tools-11.2.0/open-vm-tools/vmblockmounter/vmblockmounter.c:218:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(sourceDir, X_OK) < 0) {
data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/config.c:110:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,
data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/config.c:164:19: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
accessResult = access(FUSER_MOUNT_BIN, F_OK);
data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/config.c:166:22: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
accessResult = access(FUSER_MOUNT_USR_BIN, F_OK);
data/open-vm-tools-11.2.0/open-vm-tools/vmware-user-suid-wrapper/main.c:323:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(execPath, VMTOOLSD_PATH);
data/open-vm-tools-11.2.0/open-vm-tools/vmware-user-suid-wrapper/wrapper.h:37:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define Error(fmt, args...) fprintf(stderr, "%s: " fmt, progname, ##args);
data/open-vm-tools-11.2.0/open-vm-tools/checkvm/checkvm.c:105:18: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "rph")) != EOF) {
data/open-vm-tools-11.2.0/open-vm-tools/hgfsmounter/hgfsmounter.c:1063:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "hno:vV")) != -1) {
data/open-vm-tools-11.2.0/open-vm-tools/hgfsmounter/hgfsmounter.c:1126:16: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
} else if (!realpath(mountPoint, canonicalizedPath)) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/posix.h:686:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
#define Posix_Getenv getenv
data/open-vm-tools-11.2.0/open-vm-tools/lib/lock/ulInt.h:152:4: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&lock->nativeLock);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/codesetOld.c:760:33: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *gFilenameEncoding = getenv("G_FILENAME_ENCODING");
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/codesetOld.c:782:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("G_BROKEN_FILENAMES")) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/machineID.c:144:16: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
dllHandle = LoadLibrary(TEXT("icmp.dll"));
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/machineID.c:154:16: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
dllHandle = LoadLibrary(TEXT("IpHlpApi.dll"));
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPosix.c:1440:8: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
p = realpath(path, rpath);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPosix.c:1599:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
rawValue = getenv(rawName);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPosix.c:1711:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (overWrite || !getenv(rawName)) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/nicInfo/nicInfoPosix.c:993:8: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (realpath("/etc/resolv.conf", resolvConf) != NULL) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/user/util.c:697:10: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
ret = getopt_long(argc, argv, shortOptString, longOpts, NULL);
data/open-vm-tools-11.2.0/open-vm-tools/libvmtools/vmtoolsLog.c:289:32: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *home = getenv("HOME");
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/appInfo/appInfo.c:680:21: [3] (random) g_rand_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
interval = g_rand_int_range(gRand,
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/deployPkg/deployPkgPlugin.c:63:4: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dragDetWndX11.cpp:47:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *xdgSessionType = getenv("XDG_SESSION_TYPE");
data/open-vm-tools-11.2.0/open-vm-tools/tests/testVmblock/vmblocktest.c:623:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return random() % max;
data/open-vm-tools-11.2.0/open-vm-tools/toolbox/toolbox-cmd.c:492:11: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, options, long_options, &option_index);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/i18n.c:473:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *envLocale = getenv("LANG");
data/open-vm-tools-11.2.0/open-vm-tools/vmblockmounter/vmblockmounter.c:150:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "hvV")) != -1) {
data/open-vm-tools-11.2.0/open-vm-tools/vmware-user-suid-wrapper/main.c:208:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
xdgSessionType = getenv("XDG_SESSION_TYPE");
data/open-vm-tools-11.2.0/open-vm-tools/hgfsclient/hgfsclient.c:260:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char escapedName[PATH_MAX + 1];
data/open-vm-tools-11.2.0/open-vm-tools/lib/appUtil/appUtilX11.c:744:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cbuf[PATH_MAX];
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c:690:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outAddr, &addr, Min(*outAddrLen, addrLen));
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c:734:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrBuf[NI_MAXHOST];
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c:827:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrBuf[NI_MAXHOST];
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c:2256:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(asock->remoteAddr), addr, addrLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c:3448:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char portString[PORT_STRING_LEN];
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c:3478:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempAddrString[ADDR_STRING_LEN];
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c:3510:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, aiIterator->ai_addr, aiIterator->ai_addrlen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c:3753:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cbuf[CMSG_SPACE(sizeof passFd)];
data/open-vm-tools-11.2.0/open-vm-tools/lib/dataMap/dataMap.c:490:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*buf, str, strLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/dataMap/dataMap.c:538:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*str, *buf, *strLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/dataMap/dataMap.c:875:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(clientData->buffer, str, copyLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/dataMap/dataMap.c:1108:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexStr[3];
data/open-vm-tools-11.2.0/open-vm-tools/lib/dataMap/dataMap.c:1534:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newLens, lenPtr, listSize * sizeof(int32));
data/open-vm-tools-11.2.0/open-vm-tools/lib/dataMap/dataMap.c:1538:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
newList[i] = (char *)malloc(newLens[i]);
data/open-vm-tools-11.2.0/open-vm-tools/lib/dataMap/dataMap.c:1543:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newList[i], oldList[i], newLens[i]);
data/open-vm-tools-11.2.0/open-vm-tools/lib/dataMap/dataMap.c:1601:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, entry->value.string.str, entry->value.string.length);
data/open-vm-tools-11.2.0/open-vm-tools/lib/dict/dictll.c:50:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufOut, bufIn, sizeIn);
data/open-vm-tools-11.2.0/open-vm-tools/lib/dict/dictll.c:520:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof UTF8_BOM - 1] = { 0 };
data/open-vm-tools-11.2.0/open-vm-tools/lib/dynxdr/xdrutil.c:63:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ret = &((char *)newarray)[*arrayLen * elemSz];
data/open-vm-tools-11.2.0/open-vm-tools/lib/err/err.c:173:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/file.c:550:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char encodedMachineID[16 + 1];
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/file.c:551:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rawMachineID[sizeof hashValue + sizeof hardwareID];
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/file.c:556:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rawMachineID, &hashValue, sizeof hashValue);
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/file.c:557:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rawMachineID[sizeof hashValue], &hardwareID,
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/file.c:914:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8 * 1024];
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/file.c:1227:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Msg_Append(MSGID(File.Copy.open.failure)
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:480:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmsgBuf[CMSG_SPACE(sizeof send_fd)];
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:2840:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curRel[32];
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileLockPosix.c:212:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[64];
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileLockPosix.c:213:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileLockPosix.c:227:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[22];
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileLockPrimitive.c:259:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
*((char **) table[i].valuePtr) = &p[1];
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileLockPrimitive.c:307:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[FL_MAX_ARGS];
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileLockPrimitive.c:758:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[FILELOCK_DATA_SIZE];
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileLockPrimitive.c:1462:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[FILELOCK_DATA_SIZE] = { 0 };
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/filePosix.c:1688:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vmfsVolumeName[FILE_MAXPATH];
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/filePosix.c:1700:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devfsName[FILE_MAXPATH];
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/filePosix.c:1912:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char canPath[FILE_MAXPATH];
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/filePosix.c:1913:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char canPath2[FILE_MAXPATH];
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileStandAlone.c:247:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vol, pathName, volLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileStandAlone.c:269:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dir, volEnd, dirLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileStandAlone.c:584:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newPath, newPrefix, newPrefixLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileStandAlone.c:585:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newPath + newPrefixLen, oldPath + oldPrefixLen,
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileStandAlone.c:714:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, pathName, pathNameLen + 1);
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileStandAlone.c:757:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(place, newExtension, newExtLen + 1);
data/open-vm-tools-11.2.0/open-vm-tools/lib/foundryMsg/foundryMsg.c:37:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char PlainToObfuscatedCharMap[256];
data/open-vm-tools-11.2.0/open-vm-tools/lib/foundryMsg/foundryMsg.c:38:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ObfuscatedToPlainCharMap[256];
data/open-vm-tools-11.2.0/open-vm-tools/lib/foundryMsg/foundryMsg.c:541:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(responseBuffer + sizeof(VixCommandResponseHeader),
data/open-vm-tools-11.2.0/open-vm-tools/lib/foundryMsg/foundryMsg.c:1674:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, serializedBufferBody, serializedBufferLength);
data/open-vm-tools-11.2.0/open-vm-tools/lib/foundryMsg/foundryPropertyListCommon.c:331:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(serializeBuffer[pos]), &(property->propertyID), propertyIDSize);
data/open-vm-tools-11.2.0/open-vm-tools/lib/foundryMsg/foundryPropertyListCommon.c:333:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(serializeBuffer[pos]), &(property->type), propertyTypeSize);
data/open-vm-tools-11.2.0/open-vm-tools/lib/foundryMsg/foundryPropertyListCommon.c:340:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(serializeBuffer[pos]), &valueLength, propertyValueLengthSize);
data/open-vm-tools-11.2.0/open-vm-tools/lib/foundryMsg/foundryPropertyListCommon.c:342:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(serializeBuffer[pos]), &(property->value.intValue), valueLength);
data/open-vm-tools-11.2.0/open-vm-tools/lib/foundryMsg/foundryPropertyListCommon.c:348:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(serializeBuffer[pos]), &valueLength, propertyValueLengthSize);
data/open-vm-tools-11.2.0/open-vm-tools/lib/foundryMsg/foundryPropertyListCommon.c:356:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(serializeBuffer[pos]), &valueLength, propertyValueLengthSize);
data/open-vm-tools-11.2.0/open-vm-tools/lib/foundryMsg/foundryPropertyListCommon.c:358:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(serializeBuffer[pos]), &(property->value.boolValue), valueLength);
data/open-vm-tools-11.2.0/open-vm-tools/lib/foundryMsg/foundryPropertyListCommon.c:364:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(serializeBuffer[pos]), &valueLength, propertyValueLengthSize);
data/open-vm-tools-11.2.0/open-vm-tools/lib/foundryMsg/foundryPropertyListCommon.c:366:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(serializeBuffer[pos]), &(property->value.int64Value), valueLength);
data/open-vm-tools-11.2.0/open-vm-tools/lib/foundryMsg/foundryPropertyListCommon.c:373:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(serializeBuffer[pos]), &valueLength, propertyValueLengthSize);
data/open-vm-tools-11.2.0/open-vm-tools/lib/foundryMsg/foundryPropertyListCommon.c:375:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(serializeBuffer[pos]),
data/open-vm-tools-11.2.0/open-vm-tools/lib/foundryMsg/foundryPropertyListCommon.c:676:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(property->value.blobValue.blobContents, blobPtr, *lengthPtr);
data/open-vm-tools-11.2.0/open-vm-tools/lib/foundryMsg/foundryPropertyListCommon.c:1458:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*resultValue,
data/open-vm-tools-11.2.0/open-vm-tools/lib/foundryMsg/foundryPropertyListCommon.c:1503:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(property->value.blobValue.blobContents, value, blobSize);
data/open-vm-tools-11.2.0/open-vm-tools/lib/glibUtils/fileLogger.c:113:4: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t buffer[256] = { 0 };
data/open-vm-tools-11.2.0/open-vm-tools/lib/hashMap/hashMap.c:399:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tableKey, key, map->keySize);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hashMap/hashMap.c:403:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tableData, data, map->dataSize);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hashMap/hashMap.c:957:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newKey, oldKey, map->keySize);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hashMap/hashMap.c:958:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newData, oldData, map->dataSize);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfs/cpName.c:263:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, in, len);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfs/cpName.c:312:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char out[128];
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfs/cpNameLinux.c:142:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, *bufIn, len);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfs/cpNameUtil.c:126:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufOut, HGFS_SERVER_POLICY_ROOT_SHARE_NAME, shareNameSize);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfs/cpNameUtil.c:204:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fullName, partialName, partialNameLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfs/cpNameUtil.c:206:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fullName + partialNameLen, partialNameSuffix, partialNameSuffixLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfs/cpNameUtil.c:214:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fullName + partialNameLen + partialNameSuffixLen + 1, nameIn + 2, nameLen - 2);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfs/cpNameUtil.c:217:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fullName + partialNameLen + partialNameSuffixLen, nameIn, nameLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfs/cpNameUtilLinux.c:160:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newData + origNewDataLen, convertedName, convertedNameLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfs/cpNameUtilLinux.c:180:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*cpConvertedName, cpNameToConvert, cpNameToConvertLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfs/hgfsEscape.c:50:29: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define memmove(s1,s2,n) bcopy(s2,s1,n)
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfs/hgfsEscape.c:189:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(escapeContext->outputBuffer + escapeContext->outputOffset,
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsBd/hgfsBd.c:273:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bdPacket, HGFS_SYNC_REQREP_CLIENT_CMD, HGFS_SYNC_REQREP_CLIENT_CMD_LEN);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServer.c:1002:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, existingFileNode->utf8Name, nameSize);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServer.c:1055:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, existingFileNode->utf8Name, nameSize);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServer.c:1111:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy->utf8Name, original->utf8Name, copy->utf8NameLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServer.c:1778:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newNode->shareName, shareName, shareNameLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServer.c:1789:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newNode->utf8Name, openInfo->utf8Name, newNode->utf8NameLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServer.c:1799:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rootDir, openInfo->shareInfo.rootDir, newNode->shareInfo.rootDirLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServer.c:2294:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy->utf8Dir, original->utf8Dir, copy->utf8DirLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServer.c:2302:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy->utf8ShareName, original->utf8ShareName, copy->utf8ShareNameLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServer.c:2732:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newBuffer, newLocalName, newBufferLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServer.c:5378:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *name = (const char *)keys[keyIdx];
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServer.c:5687:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempBuf[HGFS_PATH_MAX];
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServer.c:5803:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, tempBuf, prefixLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServer.c:5817:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, shareInfo->rootDir, shareInfo->rootDirLen + 1);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServer.c:5852:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, &tempBuf[startIndex], pathNameLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServer.c:7279:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char localTargetName[HGFS_PACKET_MAX];
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServer.c:7324:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTargetName, trgFileName, trgFileNameLength);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServer.c:8194:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempBuf[HGFS_PATH_MAX];
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServer.c:9529:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(currentPosition, HGFS_PARENT_DIR, HGFS_PARENT_DIR_LEN);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServer.c:9533:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(currentPosition, relativeTarget, strlen(relativeTarget) + sizeof '\0');
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServer.c:9655:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempName[20];
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServer.c:9690:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempName[20];
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c:94:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d_name[256];
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c:103:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d_name[1024];
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c:147:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d_name[NAME_MAX];
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c:168:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dirp[i].d_name, dirp_temp[i].d_name,
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c:210:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dirp->d_name, dirEntry->d_name, dirEntry->d_namlen + 1);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c:258:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nameBuffer[sizeof PROC_SELF_FD + STRLEN_OF_MAXINT_AS_STRING];
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c:278:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char finderInfo[32];
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c:2129:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2];
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c:3436:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, entryName, entryNameLen + 1);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c:3539:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dent->d_name, originalDent->d_name, nameLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c:3600:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fullName, search->utf8Dir, search->utf8DirLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c:3602:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&fullName[search->utf8DirLen + 1], dirEntry->d_name, length + 1);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c:3788:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8192];
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c:3868:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(myDents[myNumDents], newDent, newDent->d_reclen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c:4053:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(currentEntry->d_name, currentEntryName, currentEntryNameLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerPacketUtil.c:707:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iov[iovIndex].va, (char *)buf + copiedAmount, copyAmount);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerPacketUtil.c:749:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)buf + copiedAmount, iov[iovIndex].va, copyAmount);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerParameters.c:2499:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(reply->symlinkTarget.name, utf8TargetName, utf8TargetNameLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerParameters.c:2538:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(reply->symlinkTarget.name, utf8TargetName, utf8TargetNameLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerParameters.c:2860:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(replyCurrentEntry->shortName.name,
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerParameters.c:2866:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(replyCurrentEntry->fileName.name, entry->name, entry->nameLength);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerParameters.c:2937:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(replyDirent->fileName.name, utf8Name, utf8NameLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerParameters.c:2997:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(reply->fileName.name, utf8Name, utf8NameLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerParameters.c:3056:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(reply->fileName.name, utf8Name, utf8NameLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerParameters.c:5341:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(reply->capabilities, session->hgfsSessionCapabilities, capabilitiesLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerParameters.c:5407:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(capabilities, hgfsDefaultCapabilityTable, sizeof hgfsDefaultCapabilityTable);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerParameters.c:6010:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fileName->name, cpName, cpNameLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServerManagerGuest/hgfsChannelGuestBd.c:51:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char packetOut[HGFS_LARGE_PACKET_MAX]; /* For RPC msg callbacks. */
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServerPolicyGuest/hgfsServerPolicyGuest.c:305:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tempName, nameIn, nameInLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/impersonate/impersonatePosix.c:215:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZ];
data/open-vm-tools-11.2.0/open-vm-tools/lib/impersonate/impersonatePosix.c:257:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZ];
data/open-vm-tools-11.2.0/open-vm-tools/lib/impersonate/impersonatePosix.c:431:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZ];
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/codeset.h:453:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (!CodeSet_Utf16leToUtf8((const char *) strW, len * sizeof strW[0],
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/compat/compat_stdarg.h:63:33: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define va_copy(ap1, ap2) memcpy(ap1, ap2, sizeof(va_list))
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/guestInfo.h:88:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char macAddress[MAC_ADDR_SIZE]; // In the format "12-23-34-45-56-67"
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/guestInfo.h:89:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipAddress[MAX_IPS][IP_ADDR_SIZE];
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/guestInfo.h:102:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[PARTITION_NAME_SIZE];
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/guestStats.h:132:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[0]; // data - if dataSize is not zero.
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/hgfsDevLinux.h:90:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shareNameHost[MAXPATHLEN]; // must be ".host"
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/hgfsDevLinux.h:91:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shareNameDir[MAXPATHLEN]; // desired share name for mounting
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/hgfsDevLinux.h:124:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shareNameHost[MAXPATHLEN]; // must be ".host"
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/hgfsDevLinux.h:125:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shareNameDir[MAXPATHLEN]; // desired share name for mounting
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/hgfsProto.h:603:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1];
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/hgfsProto.h:617:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[12 * 4]; /* UTF8 max char size is 4 bytes. */
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/hgfsProto.h:646:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1];
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/hgfsProto.h:825:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char payload[1];
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/hgfsProto.h:852:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char payload[1];
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/hgfsProto.h:868:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char payload[1];
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/hgfsProto.h:898:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char payload[1];
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/hgfsProto.h:931:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char payload[1];
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/hgfsProto.h:1122:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char payload[1]; /* Directory entries. */
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/hgfsProto.h:2026:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char eaNames[1]; /* List of NULL terminated EA names.
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/hgfsProto.h:2044:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char eaData[1]; /* NULL termianed EA name followed by EA value. */
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/hgfsProto.h:2055:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1]; /* NULL terminated EA name followed by EA value. */
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/hgfsProto.h:2295:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1];
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/hgfsProto.h:2304:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1];
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/hgfsProto.h:2384:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char acl[1]; /* Multi-platform ACL as defined in RFC 3530. */
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/hgfsProto.h:2661:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char acl[1];
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/hgfsServer.h:37:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clientStorage[HGFS_VMX_IOV_CONTEXT_SIZE];
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/hostinfo.h:63:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shortName[MAX_OS_NAME_LEN + 1];
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/hostinfo.h:64:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullName[MAX_OS_FULLNAME_LEN + 1];
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/memaligned.h:380:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newbuf, buf, size);
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/mntinfo.h:141:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(thisMnt, \
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/posix.h:240:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/posix.h:275:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newhostent->h_addr_list[i], phe->h_addr_list[i], phe->h_length);
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/posix.h:537:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*pres)->ai_addr, cur->ai_addr, (*pres)->ai_addrlen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/posix.h:683:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define Posix_Fopen fopen
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/posix.h:703:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define Posix_Open open
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/removable_device.h:28:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[REMOVABLE_DEVICE_PRETTY_NAME_LENGTH];
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/sha1.h:113:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64];
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/sha1.h:120:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void SHA1Final(unsigned char digest[SHA1_HASH_LEN], SHA1_CTX* context);
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/sha1.h:161:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[SHA1_HASH_LEN]);
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/sha1.h:163:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[SHA1_HASH_LEN]);
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/util.h:411:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return memcpy(dst, src, nbytes);
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/uuid.h:150:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *UUID_ConvertToText(const uint8 id[UUID_SIZE]);
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vixCommands.h:442:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pvnGUID[64];
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vixCommands.h:1266:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char junk[2053];
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vm_assert.h:329:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
UNUSED_TYPE(typedef char AssertOnCompileFailed[AssertOnCompileMisused]); \
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vm_atomic.h:3546:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
UNUSED_TYPE(typedef char AssertOnCompileFailed[AssertOnCompileMisused]);\
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmblock_user.h:85:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[PATH_MAX];
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmblock_user.h:95:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + 1, path, pathLength);
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmblock_user.h:137:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tpath[MAXPATHLEN];
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmci_sockets.h:431:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sa_data[14];
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmci_sockets.h:467:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char svm_zero[sizeof(struct sockaddr) -
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmci_sockets.h:482:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char u2c_uuid_string[128];
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmci_sockets.h:627:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(VMCI_SOCKETS_DEFAULT_DEVICE, O_RDONLY);
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmci_sockets.h:629:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(VMCI_SOCKETS_CLASSIC_ESX_DEVICE, O_RDONLY);
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmci_sockets.h:716:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(VMCI_SOCKETS_DEFAULT_DEVICE, O_RDONLY);
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmci_sockets.h:718:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(VMCI_SOCKETS_CLASSIC_ESX_DEVICE, O_RDONLY);
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmci_sockets.h:849:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(VMCI_SOCKETS_DEFAULT_DEVICE, O_RDONLY);
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmci_sockets.h:851:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(VMCI_SOCKETS_CLASSIC_ESX_DEVICE, O_RDONLY);
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmci_sockets.h:902:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(VMCI_SOCKETS_DEFAULT_DEVICE, O_RDONLY);
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmci_sockets.h:904:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(VMCI_SOCKETS_CLASSIC_ESX_DEVICE, O_RDONLY);
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/wiper.h:63:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mountPoint[NATIVE_MAX_PATH];
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/xdrutil.h:124:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(__opaque_temp.val, (src), (srcSize)); \
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/xdrutil.h:125:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &__opaque_temp, sizeof __opaque_temp); \
data/open-vm-tools-11.2.0/open-vm-tools/lib/lock/ulStats.c:368:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char binEntry[32];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/base64.c:80:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const signed char base64Reverse[256] = {
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/base64.c:267:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[999];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/base64.c:313:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char random_in[8000];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/base64.c:314:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char random_out[16000];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/base64.c:677:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outBuf, theData, theDataSize);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/codeset.c:249:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/codeset.c:768:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(myBufOut, bufIn, sizeIn);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/codesetOld.c:143:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(myBufOut, bufIn, sizeIn);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/codesetOld.c:346:19: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
result = MultiByteToWideChar(codeIn, flags, bufIn, sizeIn,
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/codesetOld.c:727:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ret[20]; // max is "windows-4294967296"
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/codesetOld.c:1810:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufIn_dup, bufIn, sizeIn);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/codesetOld.c:2106:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/dynbuf.c:422:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b->data + b->size, data, size);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/dynbuf.c:523:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->data, src->data, src->size);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/escape.c:121:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char escSeq[2];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/escape.c:330:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufOut, result, strLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfo.c:51:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostinfoCachedOSName[MAX_OS_NAME_LEN];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfo.c:52:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostinfoCachedOSFullName[MAX_OS_FULLNAME_LEN];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfo.c:53:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostinfoCachedDetailedData[MAX_DETAILED_STRING_LEN];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfo.c:92:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[64];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoInt.h:38:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[MAX_DETAILED_FIELD_LEN];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoInt.h:61:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char hostinfoCachedOSName[MAX_OS_NAME_LEN];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoInt.h:62:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char hostinfoCachedOSFullName[MAX_OS_FULLNAME_LEN];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoInt.h:63:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char hostinfoCachedDetailedData[MAX_DETAILED_STRING_LEN];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:470:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SYSTEM_BITNESS_MAXLEN] = { '\0', };
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:591:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char escapedString[2 * MAX_DETAILED_FIELD_LEN + 1];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:592:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fieldString[MAX_DETAILED_FIELD_LEN];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:662:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char osName[MAX_OS_NAME_LEN];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:663:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char osNameFull[MAX_OS_FULLNAME_LEN];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:760:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char osName[MAX_OS_NAME_LEN];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:761:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char osNameFull[MAX_OS_FULLNAME_LEN];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:1422:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char distroPart[DISTRO_BUF_SIZE];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:1798:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char generic[128];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:2000:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char distro[DISTRO_BUF_SIZE];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:2001:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char distroShort[DISTRO_BUF_SIZE];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:2002:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char osName[MAX_OS_NAME_LEN];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:2003:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char osNameFull[MAX_OS_FULLNAME_LEN];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:2051:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char distroShort[DISTRO_BUF_SIZE];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:2052:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char osName[MAX_OS_NAME_LEN];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:2053:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char osNameFull[MAX_OS_FULLNAME_LEN];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:2138:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char osName[MAX_OS_NAME_LEN];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:2139:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char osNameFull[MAX_OS_FULLNAME_LEN];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:2140:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char solarisRelease[3] = "";
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:2440:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZ];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:2757:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:3013:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tempFds, keepFds, sizeof tempFds[0] * numKeepFds);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:3162:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(_PATH_DEVNULL, O_RDONLY);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:3168:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(_PATH_DEVNULL, O_WRONLY);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:3178:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pidString[32];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:3515:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mName[64] = { 0 };
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:3757:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:3782:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/proc/uptime", O_RDONLY);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:3815:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/proc/uptime", O_RDONLY);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:3919:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:3987:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _f[20 - 2 * sizeof(long) - sizeof(int)];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostname.c:72:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostName[1024] = { '\0' };
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostname.c:208:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/iovector.c:705:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *base = (char *)(entries[i].iov_base) + entryOffset;
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/iovector.c:764:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *base = (char *)(entries[i].iov_base) + entryOffset;
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/machineID.c:230:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[8];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/machineID.c:278:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[8];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/machineID.c:342:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hardwareID, LLADDR((struct sockaddr_dl *)p->ifa_addr), ETHER_ADDR_LEN);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/miscSolaris.c:75:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!noclose && (fd = open("/dev/null", O_RDWR, 0)) != -1) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPosix.c:144:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, flags, mode);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPosix.c:206:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen(path, mode);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPosix.c:1433:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rpath[PATH_MAX];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPosix.c:1741:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(keyStr, rawName, rawNameLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPosix.c:1742:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fullStr, rawName, rawNameLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPosix.c:1744:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fullStr + rawNameLen, rawValue, rawValueLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPosix.c:2083:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
m->mnt_fsname = memcpy(buf + n, fsname, len);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPosix.c:2093:20: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
m->mnt_dir = memcpy(buf + n, dir, len);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPosix.c:2103:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
m->mnt_type = memcpy(buf + n, type, len);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPosix.c:2113:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
m->mnt_opts = memcpy(buf + n, opts, len);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPosix.c:2303:9: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
fd = mkstemp(path);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPwd.c:307:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*dest, src, needLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPwd.c:567:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*newGrMem, orig->gr_mem[i], flen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPwd.c:817:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
pw->pw_name = memcpy(buf + n, pwname, len);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPwd.c:827:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
pw->pw_passwd = memcpy(buf + n, passwd, len);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPwd.c:837:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
pw->pw_gecos = memcpy(buf + n, gecos, len);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPwd.c:847:20: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
pw->pw_dir = memcpy(buf + n, dir, len);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPwd.c:857:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
pw->pw_shell = memcpy(buf + n, shell, len);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPwd.c:1105:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
gr->gr_name = memcpy(buf + n, grname, len);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPwd.c:1115:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
gr->gr_passwd = memcpy(buf + n, grpasswd, len);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPwd.c:1126:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
gr->gr_mem[i] = memcpy(buf + n, grmem[i], len);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/random.c:121:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(name, O_RDONLY);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/sha1.c:96:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c[64];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/sha1.c:174:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64]) // IN
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/sha1.c:220:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char workspace[64];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/sha1.c:294:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&context->buffer[curOfs], data, numRemaining);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/sha1.c:312:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&context->buffer[curOfs], data, len);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/sha1.c:333:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
SHA1Final(unsigned char digest[SHA1_HASH_LEN], // OUT
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/sha1.c:337:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char finalcount[8];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/strutil.c:129:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(token, str + startIndex, length);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/strutil.c:1082:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *)DynBuf_Get(b))[i + size] == '\0');
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/strutil.c:1207:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + plen, str, slen + 1 /* NUL */);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/strutil.c:1371:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
tmp = memcpy(tmp, orig, lenBefore);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/strutil.c:1373:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
tmp = memcpy(tmp, with, lenWith);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/strutil.c:1377:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, orig, strlen(orig));
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/timeutil.c:153:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[16] = { 0 };
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/timeutil.c:825:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dateStr[100] = "";
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/timeutil.c:826:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeStr[100] = "";
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/timeutil.c:856:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[26];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/timeutil.c:1272:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[16] = { 0 };
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/utilMem.c:305:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return memcpy(copy, s, size);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/utilMem.c:340:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return memcpy(copy, s, size);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/utilMem.c:486:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, count);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/util_misc.c:108:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char driveSpec[4];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/util_misc.c:115:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(driveSpec, path, 3);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/util_misc.c:557:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *chunks[UTIL_MAX_PATH_CHUNKS];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/util_misc.c:644:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/util_misc.c:749:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, chunks[i], chunkSize[i]);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/util_misc.c:1066:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipv6AddrStr[INET6_ADDRSTRLEN + 1];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/vthreadBase.c:176:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static __thread char vthreadName[VTHREADBASE_MAX_NAME];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/vthreadBase.c:444:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char name[48];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/vthreadBase.c:539:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[VTHREADBASE_MAX_NAME];
data/open-vm-tools-11.2.0/open-vm-tools/lib/netUtil/netUtilLinux.c:102:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipstr[INET_ADDRSTRLEN]) // OUT: converted address
data/open-vm-tools-11.2.0/open-vm-tools/lib/netUtil/netUtilLinux.c:160:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipstr[INET_ADDRSTRLEN] = "";
data/open-vm-tools-11.2.0/open-vm-tools/lib/netUtil/netUtilLinux.c:202:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipstr[INET_ADDRSTRLEN] = "";
data/open-vm-tools-11.2.0/open-vm-tools/lib/netUtil/netUtilLinux.c:398:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hwAddr, ifreq.ifr_hwaddr.sa_data, IFHWADDRLEN);
data/open-vm-tools-11.2.0/open-vm-tools/lib/nicInfo/nicInfo.c:54:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((ptr)->type##_val, (src), (size)); \
data/open-vm-tools-11.2.0/open-vm-tools/lib/nicInfo/nicInfo.c:392:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char macAddress[NICINFO_MAC_LEN],
data/open-vm-tools-11.2.0/open-vm-tools/lib/nicInfo/nicInfo.c:608:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hwAddrString[NICINFO_MAC_LEN];
data/open-vm-tools-11.2.0/open-vm-tools/lib/nicInfo/nicInfo.c:609:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hwAddr[16];
data/open-vm-tools-11.2.0/open-vm-tools/lib/nicInfo/nicInfo.c:668:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, source, sourceSize);
data/open-vm-tools-11.2.0/open-vm-tools/lib/nicInfo/nicInfoInt.h:42:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char macAddress[NICINFO_MAC_LEN], // IN
data/open-vm-tools-11.2.0/open-vm-tools/lib/nicInfo/nicInfoPosix.c:315:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char macAddress[NICINFO_MAC_LEN];
data/open-vm-tools-11.2.0/open-vm-tools/lib/nicInfo/nicInfoPosix.c:685:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char macAddress[NICINFO_MAC_LEN];
data/open-vm-tools-11.2.0/open-vm-tools/lib/nicInfo/nicInfoPosix.c:839:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[DNSINFO_MAX_ADDRLEN + 1];
data/open-vm-tools-11.2.0/open-vm-tools/lib/nicInfo/nicInfoPosix.c:926:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fptr = fopen(file, "rt");
data/open-vm-tools-11.2.0/open-vm-tools/lib/nicInfo/nicInfoPosix.c:928:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256];
data/open-vm-tools-11.2.0/open-vm-tools/lib/nicInfo/nicInfoPosix.c:983:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resolvConf[PATH_MAX];
data/open-vm-tools-11.2.0/open-vm-tools/lib/nicInfo/nicInfoPosix.c:1244:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipv6Buff[INET6_ADDRSTRLEN+1] = "no-support";
data/open-vm-tools-11.2.0/open-vm-tools/lib/nicInfo/nicInfoPosix.c:1245:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipv4Buff[INET_ADDRSTRLEN+1];
data/open-vm-tools-11.2.0/open-vm-tools/lib/nicInfo/nicInfoPosix.c:1652:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipstr[INET6_ADDRSTRLEN];
data/open-vm-tools-11.2.0/open-vm-tools/lib/panic/panic.c:529:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/open-vm-tools-11.2.0/open-vm-tools/lib/poll/poll.c:921:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char reinstallPoll[1];
data/open-vm-tools-11.2.0/open-vm-tools/lib/poll/poll.c:922:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char removePoll[1];
data/open-vm-tools-11.2.0/open-vm-tools/lib/poll/poll.c:1107:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof fds];
data/open-vm-tools-11.2.0/open-vm-tools/lib/poll/poll.c:1212:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof fds];
data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c:610:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1];
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrPosix.c:179:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[512];
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrPosix.c:201:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, tmp, numRead);
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrPosix.c:273:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *uptimeFile = fopen("/proc/uptime", "r");
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrPosix.c:329:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdFilePath[1024];
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrPosix.c:358:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cmdFd = open(cmdFilePath, O_RDONLY);
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrPosix.c:392:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exeRealPath[1024];
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrPosix.c:469:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cmdFd = open(cmdFilePath, O_RDONLY);
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrPosix.c:552:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cmdFd = open(cmdFilePath, O_RDONLY);
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrPosix.c:608:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
procInfo.procId = (pid_t) atoi(ent->d_name);
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrPosix.c:697:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[_POSIX2_LINE_MAX];
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrPosix.c:947:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&argNum, cmdLineRaw, sizeof argNum);
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrPosix.c:1142:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZ];
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrPosix.c:1463:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
workingDirFd = open(workingDir != NULL ? workingDir : "/tmp", O_RDONLY);
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrPosix.c:2267:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZ];
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrPosix.c:2376:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZ];
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrPosix.c:2495:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZ];
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrSolaris.c:128:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempPath[MAXPATHLEN];
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrSolaris.c:316:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempPath[MAXPATHLEN];
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrSolaris.c:643:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZ];
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrSolaris.c:757:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZ];
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrSolaris.c:819:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZ];
data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcChannel/bdoorChannel.c:184:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*result, reply, replyLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcChannel/rpcChannel.c:288:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(©, data, sizeof copy);
data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcChannel/simpleSocket.c:490:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpPtr, buf, len);
data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcChannel/simpleSocket.c:556:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newBuf, buf, len);
data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcChannel/simpleSocket.c:636:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(recvBuf, &packetLen, packetLenSize);
data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcChannel/vsockChannel.c:500:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*result, reply, replyLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcIn/rpcin.c:658:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newBuf, buf, len);
data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcIn/rpcin.c:875:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpPtr, buf, len);
data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcIn/rpcin.c:1365:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(in->last_result, statusStr, statusLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcIn/rpcin.c:1366:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(in->last_result + statusLen, result, resultLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcIn/rpcin.c:1443:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dumpBuffer[BYTE_DUMP_LIMIT + sizeof truncationTag];
data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcOut/rpcout.c:439:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(callerReply, myReply, s);
data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcOut/rpcout.c:473:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*reply, myReply, myRepLen);
data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcVmx/rpcvmx.c:36:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logBuf[RPCVMX_MAX_LOG_LEN + sizeof "log"];
data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcVmx/rpcvmx.c:159:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char receiveBuffer[16];
data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcVmx/rpcvmx.c:292:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ret = atoi(value);
data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcVmx/rpcvmx.c:320:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char setVersionCmd[128];
data/open-vm-tools-11.2.0/open-vm-tools/lib/string/str.c:300:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return memcpy(buf, src, len + 1);
data/open-vm-tools-11.2.0/open-vm-tools/lib/string/str.c:339:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, n);
data/open-vm-tools-11.2.0/open-vm-tools/lib/string/str.c:461:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + bufLen, src, srcLen + 1);
data/open-vm-tools-11.2.0/open-vm-tools/lib/string/str.c:903:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return memcpy(buf, src, (len + 1)*sizeof(wchar_t));
data/open-vm-tools-11.2.0/open-vm-tools/lib/string/str.c:939:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + bufLen, src, (srcLen + 1)*sizeof(wchar_t));
data/open-vm-tools-11.2.0/open-vm-tools/lib/string/str.c:1280:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024] = "";
data/open-vm-tools-11.2.0/open-vm-tools/lib/string/str.c:1316:4: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t buf[1024] = L"";
data/open-vm-tools-11.2.0/open-vm-tools/lib/string/str.c:1351:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/open-vm-tools-11.2.0/open-vm-tools/lib/string/str.c:1352:4: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t bufw[1024];
data/open-vm-tools-11.2.0/open-vm-tools/lib/string/str.c:1360:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char empty[1] = {'\0'};
data/open-vm-tools-11.2.0/open-vm-tools/lib/string/str.c:1361:4: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wempty[1] = {L'\0'};
data/open-vm-tools-11.2.0/open-vm-tools/lib/stubs/stub-log.c:90:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex[16 * 3 + 1];
data/open-vm-tools-11.2.0/open-vm-tools/lib/stubs/stub-log.c:91:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ascii[16 + 1];
data/open-vm-tools-11.2.0/open-vm-tools/lib/stubs/stub-user-msg.c:48:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1000];
data/open-vm-tools-11.2.0/open-vm-tools/lib/stubs/stub-user-msg.c:73:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1000];
data/open-vm-tools-11.2.0/open-vm-tools/lib/syncDriver/syncDriverLinux.c:203:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_RDONLY);
data/open-vm-tools-11.2.0/open-vm-tools/lib/syncDriver/vmSyncDriver.c:113:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = open(SYNC_PROC_PATH, O_RDONLY);
data/open-vm-tools-11.2.0/open-vm-tools/lib/unicode/unicodeCommon.c:268:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy, utf16, numBytes);
data/open-vm-tools-11.2.0/open-vm-tools/lib/unicode/unicodeSimpleBase.c:540:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(destBuffer, utf8Str, copyBytes);
data/open-vm-tools-11.2.0/open-vm-tools/lib/unicode/unicodeSimpleBase.c:572:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(destBuffer, utf16Buf, copyBytes);
data/open-vm-tools-11.2.0/open-vm-tools/lib/unicode/unicodeSimpleBase.c:596:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(destBuffer, currentBuf, copyBytes);
data/open-vm-tools-11.2.0/open-vm-tools/lib/unicode/unicodeSimpleBase.c:746:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, utf8Str, lengthInBytes + 1);
data/open-vm-tools-11.2.0/open-vm-tools/lib/unicode/unicodeSimpleTypes.c:73:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *names[MAXCHARSETNAMES]; // Encoding name and aliases
data/open-vm-tools-11.2.0/open-vm-tools/lib/unicode/unicodeSimpleTypes.c:2805:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char panicMsg[1024];
data/open-vm-tools-11.2.0/open-vm-tools/lib/user/util.c:114:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2] = { 'x', 'x' };
data/open-vm-tools-11.2.0/open-vm-tools/lib/user/utilBacktrace.c:114:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char thisLine[UTIL_BACKTRACE_LINE_LEN];
data/open-vm-tools-11.2.0/open-vm-tools/lib/wiper/wiperPosix.c:89:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char name[NATIVE_MAX_PATH];
data/open-vm-tools-11.2.0/open-vm-tools/lib/wiper/wiperPosix.c:106:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[WIPER_SECTOR_STEP * WIPER_SECTOR_SIZE];
data/open-vm-tools-11.2.0/open-vm-tools/lib/wiper/wiperPosix.c:212:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[64];
data/open-vm-tools-11.2.0/open-vm-tools/lib/wiper/wiperPosix.c:280:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resolvedPath[PATH_MAX];
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/deployPkgFormat.h:112:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[VMWAREDEPLOYPKG_SIGNATURE_LENGTH]; // Not null terminated.
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/deployPkgFormat.h:141:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seed[VMWAREDEPLOYPKG_SEED_LENGTH]; // offset 48
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/deployPkgFormat.h:142:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[VMWAREDEPLOYPKG_CMD_LENGTH]; // offset 56
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:341:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vmxResponse, response, responseLength);
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:640:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(packageName, O_RDONLY);
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:668:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*command, hdr.command, VMWAREDEPLOYPKG_CMD_LENGTH);
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:719:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(fileName, O_WRONLY|O_CREAT|O_EXCL, 0644);
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:860:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(fileName, "r");
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:921:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vmxResponse[64]; // buffer for responses from VMX calls
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:1018:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[1024];
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:1061:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scriptPath[1024];
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:1123:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[1024];
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:1531:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zipName[1024];
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:1532:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char copyBuf[4096];
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:1541:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((pkgFd = open(pkgName, O_RDONLY)) < 0) {
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:1546:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((zipFd = open(zipName, O_CREAT | O_WRONLY | O_TRUNC, 0700)) < 0) {
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:1624:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char token[strlen(command) + 1];
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeploymentUtilities.c:49:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256];
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeploymentUtilities.c:56:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cloudFile = fopen(cloudFilePath, "r");
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeploymentUtilities.c:64:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeploymentUtilities.c:123:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/mspackWrapper.c:180:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[strlen(file->filename)+1];
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/mspackWrapper.c:186:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outCabFile[sz];
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/processPosix.c:307:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/processPosix.c:326:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*saveTo + currSize, buf, count);
data/open-vm-tools-11.2.0/open-vm-tools/libappmonitor/vmGuestAppMonitorLib.c:321:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(filePath, "wb");
data/open-vm-tools-11.2.0/open-vm-tools/libguestlib/guestSDKLog.c:137:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/open-vm-tools-11.2.0/open-vm-tools/libguestlib/vmGuestLib.c:367:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char commandBuf[64];
data/open-vm-tools-11.2.0/open-vm-tools/libguestlib/vmGuestLib.c:481:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(HANDLE_DATA(handle), reply, replyLen);
data/open-vm-tools-11.2.0/open-vm-tools/libguestlib/vmGuestLib.c:691:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outStat, &stats->stats[statIdx], sizeof *outStat);
data/open-vm-tools-11.2.0/open-vm-tools/libguestlib/vmGuestLib.c:1242:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pathBuffer, dataV2->resourcePoolPath.value, size);
data/open-vm-tools-11.2.0/open-vm-tools/libguestlib/vmGuestLib.c:1259:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pathBuffer, stat->GuestLibV3Stat_u.resourcePoolPath.value, size);
data/open-vm-tools-11.2.0/open-vm-tools/libguestlib/vmGuestLib.c:1946:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char commandBuf[256];
data/open-vm-tools-11.2.0/open-vm-tools/libguestlib/vmGuestLibInt.h:114:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resourcePoolPath[512];
data/open-vm-tools-11.2.0/open-vm-tools/libguestlib/vmGuestLibInt.h:176:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[512];
data/open-vm-tools-11.2.0/open-vm-tools/libguestlib/vmGuestLibInt.h:210:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[0];
data/open-vm-tools-11.2.0/open-vm-tools/libvmtools/i18n.c:219:4: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t ctryName[10]; /* MSDN says: max is nine characters + terminator. */
data/open-vm-tools-11.2.0/open-vm-tools/libvmtools/i18n.c:220:4: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t langName[10]; /* MSDN says: max is nine characters + terminator. */
data/open-vm-tools-11.2.0/open-vm-tools/libvmtools/i18n.c:314:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idBuf[MSG_MAX_ID];
data/open-vm-tools-11.2.0/open-vm-tools/libvmtools/i18n.c:341:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(idBuf, idp, len);
data/open-vm-tools-11.2.0/open-vm-tools/libvmtools/signalSource.c:93:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&gHandler.currSignal, &info, sizeof info);
data/open-vm-tools-11.2.0/open-vm-tools/libvmtools/vmtools.c:67:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(array->data, data, elemSize * count);
data/open-vm-tools-11.2.0/open-vm-tools/libvmtools/vmtoolsLog.c:282:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX];
data/open-vm-tools-11.2.0/open-vm-tools/modules/freebsd/vmblock/os_panic.c:61:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char message[1024];
data/open-vm-tools-11.2.0/open-vm-tools/modules/freebsd/vmblock/vnops.c:664:4: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(cnp->cn_nameptr, &pathname[pathname_len + 1], cnp->cn_namelen);
data/open-vm-tools-11.2.0/open-vm-tools/modules/freebsd/vmmemctl/kernelStubsBSD.c:121:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return memcpy(buf, src, srcLen + 1); // Extra byte = terminator
data/open-vm-tools-11.2.0/open-vm-tools/modules/freebsd/vmmemctl/os.c:249:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, size);
data/open-vm-tools-11.2.0/open-vm-tools/modules/freebsd/vmmemctl/os.c:848:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PAGE_SIZE];
data/open-vm-tools-11.2.0/open-vm-tools/modules/shared/vmblock/block.c:84:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[OS_PATH_MAX];
data/open-vm-tools-11.2.0/open-vm-tools/modules/shared/vmmemctl/kernelStubs.h:158:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
# define atoi(s) simple_strtol(((s != NULL) ? s : ""), NULL, 10)
data/open-vm-tools-11.2.0/open-vm-tools/modules/shared/vmmemctl/kernelStubs.h:164:5: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int atoi(const char *);
data/open-vm-tools-11.2.0/open-vm-tools/modules/shared/vmxnet/eth_public.h:405:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
return !(((char *)addr)[0] & 0x1);
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmblock/module.h:102:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXNAMELEN];
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmblock/vfsops.c:124:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vip->name, dvip->name, dvip->nameLen);
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmblock/vfsops.c:134:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(curr, name, nameLen);
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/debug.c:437:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/hgfsBdGlue.c:64:4: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(req->packet, packetBuffer, req->packetSize);
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/hgfsBdGlue.c:92:7: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(replyPacket, req->packet, packetSize);
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/hgfsSolaris.h:151:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char packet[HGFS_PACKET_MAX]; /* Contains both requests and replies */
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/hgfsState.c:1245:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fp->fileName, fileName, len + 1);
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/hgfsState.c:1473:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[SHA1_HASH_LEN];
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/hgfsState.h:102:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[MAXPATHLEN + 1];
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/kernelStubs.h:117:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
# define atoi(s) simple_strtol(((s != NULL) ? s : ""), NULL, 10)
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/kernelStubs.h:123:5: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int atoi(const char *);
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/kernelStubsSolaris.c:96:4: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(src, buf, len + 1);
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/kernelStubsSolaris.c:374:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newPtr, ptr, lenUsed);
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/vnode.c:1282:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN + 1]; /* Temporary buffer for full path */
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/vnode.c:1547:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullname[MAXPATHLEN + 1];
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/vnode.c:1626:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullpath[MAXPATHLEN + 1];
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/vnode.c:1750:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srcFullPath[MAXPATHLEN + 1];
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/vnode.c:1751:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dstFullPath[MAXPATHLEN + 1];
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/vnode.c:1912:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullname[MAXPATHLEN + 1];
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/vnode.c:2055:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullpath[MAXPATHLEN + 1];
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/vnode.c:2236:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nameBuf[MAXNAMELEN + 1];
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/vnode.c:2237:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char escName[MAXNAMELEN + 1];
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/vnode.c:2238:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullName[MAXPATHLEN + 1];
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/vnode.c:2289:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dirp->d_name, escName, ret);
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/vnode.c:2581:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&fidp->fid_data, &HGFS_VP_TO_NODEID(vp), sizeof HGFS_VP_TO_NODEID(vp));
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/vnode.c:4106:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nameOut, reply->fileName.name, reply->fileName.length);
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/vnode.c:5411:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outBuf, path, pathLen);
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/vnode.c:5457:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outBuf + pathLen + 1, file, fileLen);
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/vnode.c:5556:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof *dirp + MAXNAMELEN];
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/vnode.c:5625:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nameBuf[MAXNAMELEN + 1];
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/vnode.c:5626:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char escName[MAXNAMELEN + 1];
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/vnode.c:5627:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullName[MAXPATHLEN + 1];
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/vnode.c:5680:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dirp->d_name, escName, ret);
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmmemctl/kernelStubsSolaris.c:96:4: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(src, buf, len + 1);
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmmemctl/kernelStubsSolaris.c:374:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newPtr, ptr, lenUsed);
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmmemctl/os.c:194:4: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(src, dest, size);
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmxnet/vmxnet.c:145:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char drvName[SOLVMXNET_MAXNAME]; /* Driver name string */
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmxnet/vmxnet.c:473:7: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(ep, dp->multicastList[dp->multiCount].ether_addr_octet,
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmxnet/vmxnet.c:491:9: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(&dp->multicastList[i+1], &dp->multicastList[i], copyLen);
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmxnet/vmxnet.c:863:16: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(tp->b_rptr, txBuf->dmaMem.buf, len);
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmxnet3/vmxnet3_main.c:891:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newMfTable.buf, dp->mfTable.buf, dp->mfTable.bufLen);
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmxnet3/vmxnet3_main.c:892:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newMfTable.buf + dp->mfTable.bufLen, macaddr, 6);
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmxnet3/vmxnet3_main.c:894:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newMfTable.buf, dp->mfTable.buf, macIdx);
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmxnet3/vmxnet3_main.c:895:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newMfTable.buf + macIdx,
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmxnet3/vmxnet3_main.c:968:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dp->macaddr, macaddr, 6);
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmxnet3/vmxnet3_main.c:1207:10: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(&dp->cur_mtu, prop_val, sizeof (uint32_t));
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmxnet3/vmxnet3_main.c:1232:10: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(prop_val, &new_mtu, sizeof (new_mtu));
data/open-vm-tools-11.2.0/open-vm-tools/rpctool/rpctool.c:215:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/appInfo/appInfo.c:285:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpBuf[1024];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/deployPkg/deployPkg.c:184:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char resultBuffer[FILE_MAXPATH];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/deployPkg/deployPkg.c:213:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errMsg[2048];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/deployPkg/deployPkgLog.c:67:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logPath[2048];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/deployPkg/deployPkgLog.c:83:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_file = fopen(logPath, "w");
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/desktopEvents/sessionMgr.c:152:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errorBuf[128];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/desktopEvents/x11Lock.c:191:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[256];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/copyPasteCompatX11.c:100:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char gGuestSelPrimaryBuf[MAX_SELECTION_BUFFER_LENGTH];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/copyPasteCompatX11.c:101:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char gGuestSelClipboardBuf[MAX_SELECTION_BUFFER_LENGTH];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/copyPasteCompatX11.c:104:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char gHostClipboardBuf[MAX_SELECTION_BUFFER_LENGTH + 1];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/copyPasteCompatX11.c:465:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(target, selection_data->data, len + 1);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/copyPasteCompatX11.c:479:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(target, gtk_selection_data_get_data(selection_data), len + 1);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/copyPasteCompatX11.c:522:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(target, utf8Str, len + 1);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/copyPasteCompatX11.c:524:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(target, utf8Str, MAX_SELECTION_BUFFER_LENGTH - 1);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/copyPasteCompatX11.c:528:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(target, utf8Str, len + 1);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/copyPasteUIX11.cpp:1657:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(params->fileBlockName.c_str(), O_RDONLY);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/copyPasteUIX11.cpp:1666:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(VMBLOCK_FUSE_READ_RESPONSE)];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dnd/dndCPMsgV4.c:209:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*packet, msg, DND_CP_MSG_HEADERSIZE_V4);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dnd/dndCPMsgV4.c:211:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*packet + DND_CP_MSG_HEADERSIZE_V4,
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dnd/dndCPMsgV4.c:252:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg, msgHdr, DND_CP_MSG_HEADERSIZE_V4);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dnd/dndCPMsgV4.c:257:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->binary,
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dnd/dndCPMsgV4.c:333:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->binary + msg->hdr.payloadOffset,
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dnd/dndClipboard.c:124:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->buf, src->buf, src->size);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dnd/dndClipboard.c:327:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newBuf, clipitem, size);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dnd/dndCommon.c:474:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fullName, partialName, partialNameLen);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dnd/dndCommon.c:475:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fullName + partialNameLen, partialNameSuffix, partialNameSuffixLen);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dnd/dndCommon.c:476:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fullName + partialNameLen + partialNameSuffixLen, nameIn, nameSize);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dnd/dndCommon.c:748:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->buffer, msg, msgSize);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dnd/dndCommon.c:827:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*packet)->payload,
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dnd/dndCommon.c:887:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->buffer + buf->offset,
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dnd/dndCommon.c:943:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*packet)->payload, msg, msgSize);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dnd/dndCommon.c:1011:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, b->pos, len);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dnd/dndLinux.c:478:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(VMBLOCK_FUSE_READ_RESPONSE)];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuest/copyPasteRpcV3.cc:285:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&success, DynBuf_Get(buf), DynBuf_GetSize(buf));
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuest/dndCPTransportGuestRpc.cpp:382:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rpc + nrWritten, msg, length);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuest/dndCPTransportGuestRpc.hpp:72:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *mCmdStrTable[TRANSPORT_INTERFACE_MAX];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuest/dndCPTransportGuestRpc.hpp:73:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *mDisableStrTable[TRANSPORT_INTERFACE_MAX];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuest/guestCopyPasteSrc.cc:105:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cpName[FILE_MAXPATH];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuest/rpcV4Util.cpp:214:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msgOut->binary, binary,binarySize);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuest/vmGuestFileTransfer.cc:84:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char replyPacket[HGFS_LARGE_PACKET_MAX];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuestBase/dndFileList.cc:382:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outPath[FILE_MAXPATH + 100];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuestBase/dndRpcV3.cc:574:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&x, (const char *)DynBuf_Get(buf), sizeof(int32));
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuestBase/dndRpcV3.cc:581:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&y, (const char *)DynBuf_Get(buf), sizeof(int32));
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuestBase/dndRpcV3.cc:618:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&x, (const char *)DynBuf_Get(buf), sizeof(int32));
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuestBase/dndRpcV3.cc:625:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&y, (const char *)DynBuf_Get(buf), sizeof(int32));
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuestBase/guestDnDSrc.cc:179:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cpName[FILE_MAXPATH];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/stringxx/string.cc:2228:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[0], p, n * sizeof buf[0]);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/vmCopyPasteDnDWrapper.cpp:172:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int version = atoi(reply);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/vmCopyPasteDnDWrapper.cpp:219:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
version = atoi(reply);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/vmCopyPasteDnDWrapper.cpp:272:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_cpVersion = atoi(reply);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/vmCopyPasteDnDWrapper.cpp:304:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_dndVersion = atoi(reply);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/vmCopyPasteDnDWrapper.cpp:334:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(1 == atoi(reply))) {
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/diskInfo.c:236:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char labelPath[PATH_MAX];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/diskInfo.c:238:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[25];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/diskInfo.c:243:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((labelFile = fopen(labelPath, "r")) == NULL) {
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/diskInfo.c:405:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devClassPath[PATH_MAX];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/diskInfo.c:424:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
devClass = fopen((const char *)devClassPath, "r");
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/diskInfo.c:462:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sas_portPath[PATH_MAX];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/diskInfo.c:546:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nsidPath[PATH_MAX];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/diskInfo.c:557:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
devNsid = fopen((const char *)nsidPath, "r");
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/diskInfo.c:593:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nsid = atoi(nsidStr);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/diskInfo.c:644:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devPath[PATH_MAX];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/diskInfo.c:645:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pciDevPath[PATH_MAX];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/diskInfo.c:653:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devName[DISK_DEVICE_NAME_SIZE];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/diskInfo.c:787:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char slavesPath[PATH_MAX];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/diskInfo.c:788:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devPath[PATH_MAX];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/diskInfo.c:876:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZ];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/diskInfo.c:877:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pattern[128];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/diskInfo.c:879:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((mountinfo = fopen(LINUX_PROC_SELF_MOUNTINFO, "r")) == NULL) {
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/diskInfo.c:950:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char blockDevPath[PATH_MAX];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/guestInfoInt.h:48:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char DiskDevName[DISK_DEVICE_NAME_SIZE];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/guestInfoInt.h:53:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[PARTITION_NAME_SIZE];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/guestInfoInt.h:54:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fsType[FSTYPE_SIZE];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/guestInfoInt.h:57:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid[PARTITION_NAME_SIZE];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/guestInfoServer.c:119:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *value[INFO_MAX];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/guestInfoServer.c:533:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256]; // Size is derived from the SUS2 specification
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/guestInfoServer.c:892:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[32];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/guestInfoServer.c:911:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(request, header, headerLen);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/guestInfoServer.c:912:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(request + headerLen, info, infoSize);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/guestInfoServer.c:1049:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(message, request, strlen(request));
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/guestInfoServer.c:1050:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(message + strlen(request), info, infoLength);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/guestInfoServer.c:1089:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info64, info, sizeof(struct NicInfoV3));
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/guestInfoServer.c:1094:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&info64->nics.nics_val[idx], &info->nics.nics_val[idx],
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/guestInfoServer.c:1222:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpBuf[1024];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/guestInfoServer.c:1481:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(request + offset, &partitionCount, sizeof partitionCount);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/guestInfoServer.c:1488:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(request + offset + sizeof partitionCount, pdi->partitionList,
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/perfMonLinux.c:228:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX]; // PATH_MAX is defined to 4096
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/perfMonLinux.c:256:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[512];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/perfMonLinux.c:441:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[4096]; // Close to length of /proc/stat intr line
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/perfMonLinux.c:514:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[512];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/perfMonLinux.c:709:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[512];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/perfMonLinux.c:732:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char diskName[NAME_MAX + 1]; // NAME_MAX is defined to 255
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/hgfsServer/hgfsPlugin.c:107:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char reply[HGFS_LARGE_PACKET_MAX];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/hgfsServer/hgfsPlugin.c:431:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[NET_BUFFER_SIZE];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/resolutionSet/resolutionCommon.c:149:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(devNode, O_RDWR);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/resolutionSet/resolutionCommon.c:409:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
driver = fopen(paths[i], "r");
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/resolutionSet/resolutionRandR12.c:132:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define LOG_START _ofile = fopen(_LOCAL_LOG_, "a")
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/resolutionSet/resolutionRandR12.c:676:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[RR12_MODE_MAXLEN];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/resolutionSet/resolutionX11.c:588:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[200];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/serviceDiscovery/serviceDiscoveryPosix.c:67:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SERVICE_DISCOVERY_VALUE_MAX_SIZE];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/serviceDiscovery/serviceDiscoveryPosix.c:154:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SERVICE_DISCOVERY_VALUE_MAX_SIZE];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/foundryToolsDaemon.c:173:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char resultBuffer[DEFAULT_RESULT_MSG_MAX_LENGTH];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/foundryToolsDaemon.c:288:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char resultBuffer[DEFAULT_RESULT_MSG_MAX_LENGTH];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/foundryToolsDaemon.c:538:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char resultBuffer[DEFAULT_RESULT_MSG_MAX_LENGTH];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/foundryToolsDaemon.c:686:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char resultBuffer[DEFAULT_RESULT_MSG_MAX_LENGTH];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/foundryToolsDaemon.c:811:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char resultBuffer[DEFAULT_RESULT_MSG_MAX_LENGTH];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/foundryToolsDaemon.c:1013:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tcloBuffer[GUESTMSG_MAX_IN_SIZE];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/foundryToolsDaemon.c:1102:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(destPtr, resultValue, resultValueLength);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixTools.c:946:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, *envp, nameLen);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixTools.c:1154:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char resultBuffer[32];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixTools.c:1264:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char resultBuffer[32]; // more than enough to hold a 64 bit pid
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixTools.c:3007:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char disabledName[128];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixTools.c:3880:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char resultBuffer[32];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixTools.c:4535:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, envVar, nameLen);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixTools.c:5276:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char resultBuffer[GUESTMSG_MAX_IN_SIZE];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixTools.c:5935:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(finalResultBuffer + len,
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixTools.c:6680:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newFileNameList + 2, fileNameList, (numFiles - 2) * sizeof(char *));
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixTools.c:7551:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char resultBuffer[32];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixTools.c:8664:13: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t tempPath[MAX_PATH];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixTools.c:8829:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hgfsReplyPacket[HGFS_LARGE_PACKET_MAX];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixTools.c:8921:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char resultBuffer[GUESTMSG_MAX_IN_SIZE];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixTools.c:9394:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipAddr[IP_ADDR_SIZE];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixTools.c:9395:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subnetMask[IP_ADDR_SIZE];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixTools.c:9819:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char resultBuffer[GUESTMSG_MAX_IN_SIZE];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixTools.c:10020:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char resultBuffer[GUESTMSG_MAX_IN_SIZE];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixTools.c:10837:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char authnDisabledName[64]; // Authentication.<AuthenticationType>.disabled
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixTools.c:11554:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char actualIpAddress[IP_ADDR_SIZE];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixTools.c:11555:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char actualSubnetMask[IP_ADDR_SIZE];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vmbackup/syncManifest.c:149:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(manifest->path, "w");
data/open-vm-tools-11.2.0/open-vm-tools/tests/testVmblock/manual-blocker.c:68:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(VMBLOCK_DEVICE, VMBLOCK_DEVICE_MODE);
data/open-vm-tools-11.2.0/open-vm-tools/tests/testVmblock/vmblocktest.c:193:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
blockFd = open(CONTROLFILE, CONTROLFILE_MODE);
data/open-vm-tools-11.2.0/open-vm-tools/tests/testVmblock/vmblocktest.c:216:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX];
data/open-vm-tools-11.2.0/open-vm-tools/tests/testVmblock/vmblocktest.c:472:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(info->files[index].accessorName, O_RDONLY);
data/open-vm-tools-11.2.0/open-vm-tools/tests/vmrpcdbg/debugChannel.c:196:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy, data, dataLen);
data/open-vm-tools-11.2.0/open-vm-tools/toolbox/toolboxcmd-stat.c:135:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/cli/main.c:817:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char longName[32];
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/cli/main.c:818:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shortName[3];
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/VGAuthBasicDefs.h:77:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
UNUSED_TYPE(typedef char AssertOnCompileFailed[AssertOnCompileMisused]); \
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/VGAuthLog.c:171:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errMsg[4096];
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/VGAuthLog.c:207:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errMsg[4096];
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/certverify.c:137:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nameBuf[512];
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/certverify.c:293:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, sslCertHeader, strlen(sslCertHeader));
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/certverify.c:308:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpCertStr, sslCertFooter, strlen(sslCertFooter));
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/i18n.c:450:4: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t ctryName[10]; /* MSDN says: max is nine characters + terminator. */
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/i18n.c:451:4: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t langName[10]; /* MSDN says: max is nine characters + terminator. */
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/i18n.c:788:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idBuf[MSG_MAX_ID];
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/i18n.c:809:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(idBuf, idp, len);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/usercheck.c:112:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZ];
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/usercheck.c:163:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZ];
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/vmxlog.c:177:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char svm_zero[sizeof(struct sockaddr) -
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/vmxlog.c:279:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, (char *)&slen, sizeof slen);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/vmxlog.c:282:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &hdr, sizeof hdr);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/vmxlog.c:284:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &payload, sizeof payload);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/vmxlog.c:286:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, cmd, len);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/vmxlog.c:404:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/lib/VGAuthInt.h:87:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char testBuffer[10240];
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/lib/comm.c:368:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2];
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/lib/impersonateLinux.c:100:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZ];
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/lib/impersonateLinux.c:177:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZ];
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/lib/impersonateLinux.c:232:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZ];
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/lib/netPosix.c:211:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[READ_BUFSIZE];
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/lib/proto.c:807:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
reply->sequenceNumber = atoi(val);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/lib/proto.c:812:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
reply->errorCode = atoi(val);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/lib/proto.c:820:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
reply->replyData.sessionReq.version = atoi(val);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/lib/proto.c:1328:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (reply->replyData.sessionReq.version != atoi(VGAUTH_PROTOCOL_VERSION)) {
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/lib/proto.c:1330:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
__FUNCTION__, atoi(VGAUTH_PROTOCOL_VERSION),
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/service/servicePosix.c:157:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pidBuf[32];
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/service/servicePosix.c:171:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pid = atoi(pidBuf);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/service/servicePosix.c:444:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(_PATH_DEVNULL, O_RDONLY);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/service/servicePosix.c:450:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(_PATH_DEVNULL, O_WRONLY);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/service/servicePosix.c:459:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pidString[32];
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/service/signalSource.c:100:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sigHandler.currSignal, &info, sizeof info);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/netPosix.c:338:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[READ_BUFSIZE];
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/proto.c:678:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
req->sequenceNumber = atoi(val);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/proto.c:705:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
req->reqData.sessionReq.version = atoi(val);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/proto.c:750:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
req->reqData.addAlias.addMapped = ((atoi(val) == 1) ? TRUE : FALSE);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/proto.c:875:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iVal = atoi(val);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/proto.c:1513:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (req->reqData.sessionReq.version != atoi(VGAUTH_PROTOCOL_VERSION)) {
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/proto.c:1517:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(VGAUTH_PROTOCOL_VERSION));
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/random.c:84:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(GENERIC_RANDOM_DEVICE, O_RDONLY);
data/open-vm-tools-11.2.0/open-vm-tools/vmblock-fuse/fsops.c:104:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target[PATH_MAX + 1];
data/open-vm-tools-11.2.0/open-vm-tools/vmblock-fuse/fsops.c:178:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target[PATH_MAX + 1];
data/open-vm-tools-11.2.0/open-vm-tools/vmblock-fuse/fsops.c:255:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target[PATH_MAX + 1];
data/open-vm-tools-11.2.0/open-vm-tools/vmblock-fuse/fsops.c:612:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char trimmedBuf[PATH_MAX + 1];
data/open-vm-tools-11.2.0/open-vm-tools/vmblock-fuse/fsops.c:623:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(trimmedBuf, buf, size);
data/open-vm-tools-11.2.0/open-vm-tools/vmblock-fuse/fsops.c:692:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, VMBLOCK_FUSE_READ_RESPONSE, sizeof VMBLOCK_FUSE_READ_RESPONSE);
data/open-vm-tools-11.2.0/open-vm-tools/vmblock-fuse/fsops.c:697:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target[PATH_MAX+1];
data/open-vm-tools-11.2.0/open-vm-tools/vmblock-fuse/fsops.c:698:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char targetLink[PATH_MAX+1];
data/open-vm-tools-11.2.0/open-vm-tools/vmblock-fuse/util.c:50:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, len);
data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/cache.c:49:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[0]; /* path of the file corresponding the the attr */
data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/config.c:215:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
modulesDepFd = open(modulesDep, O_RDONLY);
data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/config.c:278:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char procFilesystems[4096];
data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/config.c:282:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
procFilesystemsFd = open(PROC_FILESYSTEMS, O_RDONLY);
data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/file.c:630:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, payload, actualSize);
data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/file.c:819:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(payload, buf, requiredSize);
data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/fsutil.c:142:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr->fileName, name, length);
data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/link.c:89:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fileNameP->name, symname, targetNameBytes);
data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/link.c:124:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fileNameP->name, symname, targetNameBytes);
data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/request.c:66:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(req->packet, HGFS_SYNC_REQREP_CLIENT_CMD,
data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/request.c:440:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(HGFS_REQ_PAYLOAD(req), reply, replySize);
data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/request.h:110:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char packet[HGFS_LARGE_PACKET_MAX + HGFS_CLIENT_CMD_LEN];
data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/transport.c:81:50: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
HgfsChannelStatus status = (*channel)->ops.open(*channel);
data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/transport.h:40:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
HgfsChannelStatus (*open)(struct HgfsTransportChannel *);
data/open-vm-tools-11.2.0/open-vm-tools/vmware-user-suid-wrapper/main.c:179:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char blockFdStr[8];
data/open-vm-tools-11.2.0/open-vm-tools/vmware-user-suid-wrapper/main.c:181:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uinputFdStr[8];
data/open-vm-tools-11.2.0/open-vm-tools/vmware-user-suid-wrapper/main.c:183:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/open-vm-tools-11.2.0/open-vm-tools/vmware-user-suid-wrapper/main.c:184:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[8];
data/open-vm-tools-11.2.0/open-vm-tools/vmware-user-suid-wrapper/main.c:220:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
blockFd = open(VMBLOCK_FUSE_DEVICE, VMBLOCK_FUSE_DEVICE_MODE);
data/open-vm-tools-11.2.0/open-vm-tools/vmware-user-suid-wrapper/main.c:222:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
blockFd = open(VMBLOCK_DEVICE, VMBLOCK_DEVICE_MODE);
data/open-vm-tools-11.2.0/open-vm-tools/vmware-user-suid-wrapper/main.c:226:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
uinputFd = open("/dev/uinput", O_WRONLY | O_NONBLOCK);
data/open-vm-tools-11.2.0/open-vm-tools/vmware-user-suid-wrapper/main.c:228:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
uinputFd = open("/dev/input/uinput", O_WRONLY | O_NONBLOCK);
data/open-vm-tools-11.2.0/open-vm-tools/vmware-user-suid-wrapper/wrapper-freebsd.c:62:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpPath[MAXPATHLEN];
data/open-vm-tools-11.2.0/open-vm-tools/vmware-user-suid-wrapper/wrapper-linux.c:69:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpPath[MAXPATHLEN];
data/open-vm-tools-11.2.0/open-vm-tools/vmware-user-suid-wrapper/wrapper-linux.c:86:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmpPath, "/vmtoolsd");
data/open-vm-tools-11.2.0/open-vm-tools/xferlogs/xferlogs.c:111:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_BASE64_SIZE];
data/open-vm-tools-11.2.0/open-vm-tools/xferlogs/xferlogs.c:117:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char base64B[BUF_BASE64_SIZE * 2] = ">";
data/open-vm-tools-11.2.0/open-vm-tools/xferlogs/xferlogs.c:120:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(filename, "rb"))) {
data/open-vm-tools-11.2.0/open-vm-tools/xferlogs/xferlogs.c:164:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_OUT_SIZE];
data/open-vm-tools-11.2.0/open-vm-tools/xferlogs/xferlogs.c:167:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[256];
data/open-vm-tools-11.2.0/open-vm-tools/xferlogs/xferlogs.c:174:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(filename, "rt"))) {
data/open-vm-tools-11.2.0/open-vm-tools/xferlogs/xferlogs.c:188:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tstamp[32];
data/open-vm-tools-11.2.0/open-vm-tools/xferlogs/xferlogs.c:256:33: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(outfp = fopen(fname, "wb"))) {
data/open-vm-tools-11.2.0/open-vm-tools/hgfsmounter/hgfsmounter.c:1079:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newLength = strlen(optionString) + strlen(",") +
data/open-vm-tools-11.2.0/open-vm-tools/hgfsmounter/hgfsmounter.c:1079:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newLength = strlen(optionString) + strlen(",") +
data/open-vm-tools-11.2.0/open-vm-tools/hgfsmounter/hgfsmounter.c:1080:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(optarg) + sizeof '\0';
data/open-vm-tools-11.2.0/open-vm-tools/hgfsmounter/hgfsmounter.c:1201:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{shareName, strlen(shareName) + 1},
data/open-vm-tools-11.2.0/open-vm-tools/hgfsmounter/hgfsmounter.c:1203:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{(void *)mountPoint, strlen(mountPoint) + 1},
data/open-vm-tools-11.2.0/open-vm-tools/lib/appUtil/appUtilX11.c:132:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iconNameLen = strlen(iconName) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/lib/appUtil/appUtilX11.c:137:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*baseIconName != '/' && ctmp2 && strlen(ctmp2) <= 5) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/appUtil/appUtilX11.c:175:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iconSearchNameSize = strlen(iconName) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/lib/appUtil/appUtilX11.c:802:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cwd[strlen(cwd) - 1] == '/' ? "" : "/",
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncSocketBase.c:837:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(needle);
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncSocketInterface.c:1721:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Bool read, // IN
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncSocketInterface.c:1727:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = VT(asock)->doOneMsg(asock, read, timeoutMS);
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncSocketVTable.h:132:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*doOneMsg)(AsyncSocket *s, Bool read, int timeoutMS);
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c:258:67: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static int AsyncTCPSocketBlockingWork(AsyncTCPSocket *asock, Bool read,
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c:363:56: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static int AsyncTCPSocketDoOneMsg(AsyncSocket *s, Bool read, int timeoutMS);
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c:1953:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(path) + 1 > sizeof addr.sun_path) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c:2710:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Bool read, // IN:
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c:2735:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read && SSL_Pending(asock[i]->sslSock)) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c:2745:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
pfd[i].events = read ? POLLIN : POLLOUT;
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c:2775:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
retval = select(1, read ? &rwfds : NULL, read ? NULL : &rwfds,
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c:2775:51: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
retval = select(1, read ? &rwfds : NULL, read ? NULL : &rwfds,
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c:2782:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
retval = select(1, read ? &rwfds : NULL, read ? NULL : &rwfds,
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c:2782:51: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
retval = select(1, read ? &rwfds : NULL, read ? NULL : &rwfds,
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c:2875:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (pfd[i].revents & (read ? POLLIN : POLLOUT)) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c:2923:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Bool read, // IN:
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c:2935:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read && s->fd == -1) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c:2951:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return AsyncTCPSocketPollWork(asock, numSock, p, read, timeoutMS, s,
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c:3091:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Bool read, // IN:
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c:3121:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((numBytes = read ? SSL_Read(s->sslSock, buf, len)
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c:3133:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read ? "recv" : "send");
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c:3137:55: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TCPSOCKWARN(s, "blocking %s error %d: %s\n", read ? "recv" : "send",
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c:3153:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
error = AsyncTCPSocketPoll(s, read, done - now, &asock);
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c:4145:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c:4180:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
error = AsyncTCPSocketPoll(s, read, done - now, &asock);
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c:4187:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c:4209:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read && removed) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c:4257:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Bool read, // IN
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c:4267:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c:4292:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
retVal = AsyncTCPSocketPoll(s, read, timeoutMS, &asock);
data/open-vm-tools-11.2.0/open-vm-tools/lib/asyncsocket/asyncsocket.c:4331:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
retVal = AsyncTCPSocketPoll(s, read, timeoutMS, &asock);
data/open-vm-tools-11.2.0/open-vm-tools/lib/auth/authPosix.c:400:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!CodeSet_Validate(user, strlen(user), "UTF-8")) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/auth/authPosix.c:404:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!CodeSet_Validate(pass, strlen(pass), "UTF-8")) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/auth/authPosix.c:498:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!CodeSet_Validate(user, strlen(user), "UTF-8")) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/auth/authPosix.c:502:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!CodeSet_Validate(pass, strlen(pass), "UTF-8")) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/dataMap/dataMap.c:2082:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strLen = strlen(str);
data/open-vm-tools-11.2.0/open-vm-tools/lib/dataMap/dataMap.c:2504:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT(maxBuffSize > strlen(truncStr));
data/open-vm-tools-11.2.0/open-vm-tools/lib/dataMap/dataMap.c:2505:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Str_Strcpy(buffPtr + maxBuffSize - strlen(truncStr) - 1, truncStr,
data/open-vm-tools-11.2.0/open-vm-tools/lib/dataMap/dataMap.c:2506:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(truncStr) + 1);
data/open-vm-tools-11.2.0/open-vm-tools/lib/dict/dictll.c:425:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
evalue = Escape_Do('|', toEscape, value, (uint32)strlen(value), &size);
data/open-vm-tools-11.2.0/open-vm-tools/lib/dict/dictll.c:426:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( !DynBuf_Append(output, name, (uint32)strlen(name))
data/open-vm-tools-11.2.0/open-vm-tools/lib/dict/dictll.c:438:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = (uint32)strlen(value);
data/open-vm-tools-11.2.0/open-vm-tools/lib/err/err.c:193:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(info->string);
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/file.c:922:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Msg_Append(MSGID(File.CopyFromFdToFd.read.failure)
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/file.c:2187:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(edirName) - 1;
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/file.c:2492:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(bytesProcessed == strlen(fileList[i]))) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/file.c:2582:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ext = fileName + strlen(fileName);
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/file.c:2721:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncmp(fullPath, fullBase, strlen(fullBase)) != 0) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileIOPosix.c:1362:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
res = read(fd->posix, buf, requested);
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileLockPosix.c:163:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buffer, bufferSize - 1);
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileLockPosix.c:271:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p) > LOG_MAX_PROC_NAME) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileLockPrimitive.c:1215:11: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
save = umask(0);
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileLockPrimitive.c:1223:4: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(save);
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/filePosix.c:656:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = File_PathJoin(ancestorRealPath, path + strlen(ancestorPath));
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/filePosix.c:1492:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(FS_VMFS_ON_ESX)) == 0;
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/filePosix.c:1495:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(FS_VSAND_ON_ESX)) == 0;
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/filePosix.c:1699:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(existPath, DEVFS_MOUNT_POINT, strlen(DEVFS_MOUNT_POINT)) == 0) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/filePosix.c:1721:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(canPath, VCFS_MOUNT_POINT, strlen(VCFS_MOUNT_POINT)) != 0 ||
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/filePosix.c:1732:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(FS_VSAN_URI_PREFIX)) == 0) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/filePosix.c:1740:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(FS_VMFS_ON_ESX)) == 0) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/filePosix.c:1826:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
used += strlen(mnt.mnt_fsname) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/filePosix.c:1829:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
used += strlen(mnt.mnt_dir) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/filePosix.c:1832:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
used += strlen(mnt.mnt_type) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/filePosix.c:1835:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
used += strlen(mnt.mnt_opts) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/filePosix.c:1984:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t canPathLen = strlen(canPath);
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/filePosix.c:1989:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ptr) > 1 ? ptr : "", diff);
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/filePosix.c:2071:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
resultSize = MAX(strlen(path), 1) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileStandAlone.c:212:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(pathName);
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileStandAlone.c:420:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = FileFindLastDirsep(fullPath, strlen(fullPath));
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileStandAlone.c:489:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t i = strlen(dir2);
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileStandAlone.c:543:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t oldPathLen = strlen(oldPath);
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileStandAlone.c:552:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oldPrefixLen = strlen(oldPrefix);
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileStandAlone.c:576:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t newPrefixLen = strlen(newPrefix);
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileStandAlone.c:638:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(elem);
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileStandAlone.c:643:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = next ? next - path : strlen(path);
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileStandAlone.c:647:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(path, next + 1, strlen(next + 1) + 1);
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileStandAlone.c:709:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pathNameLen = strlen(pathName);
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileStandAlone.c:710:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newExtLen = strlen(newExtension);
data/open-vm-tools-11.2.0/open-vm-tools/lib/file/fileStandAlone.c:791:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = FileFindLastDirsep(result, strlen(pathName));
data/open-vm-tools-11.2.0/open-vm-tools/lib/foundryMsg/foundryMsg.c:645:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
providedCredentialLength = strlen(credential);
data/open-vm-tools-11.2.0/open-vm-tools/lib/foundryMsg/foundryMsg.c:1045:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nameLength = strlen(userName);
data/open-vm-tools-11.2.0/open-vm-tools/lib/foundryMsg/foundryMsg.c:1048:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
passwordLength = strlen(password);
data/open-vm-tools-11.2.0/open-vm-tools/lib/foundryMsg/foundryMsg.c:1133:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
srcPtr = srcPtr + strlen(srcPtr);
data/open-vm-tools-11.2.0/open-vm-tools/lib/foundryMsg/foundryMsg.c:1197:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return VixMsgEncodeBuffer(str, strlen(str), TRUE, result);
data/open-vm-tools-11.2.0/open-vm-tools/lib/foundryMsg/foundryPropertyListCommon.c:245:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
valueLength = strlen(property->value.strValue) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/lib/foundryMsg/foundryPropertyListCommon.c:347:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
valueLength = (int) strlen(property->value.strValue) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/lib/glibUtils/fileLogger.c:172:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *end = start + strlen(vars[i]);
data/open-vm-tools-11.2.0/open-vm-tools/lib/glibUtils/fileLogger.c:173:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t offset = (start - last) + strlen(vars[i+1]);
data/open-vm-tools-11.2.0/open-vm-tools/lib/guestApp/guestApp.c:229:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pathLen = strlen(pathUtf8);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfs/cpNameUtil.c:200:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nameLen = strlen(nameIn);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfs/hgfsEscape.c:841:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
componentSize = strlen(currentComponent) + 1; // Unescaped size
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfs/hgfsEscape.c:845:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
componentSize = strlen(currentComponent) + 1; // Size of the next component
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfs/hgfsEscape.c:885:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeIn = strlen(curOutBuffer);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServer.c:1782:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newNode->utf8NameLen = strlen(openInfo->utf8Name);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServer.c:1792:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newNode->shareInfo.rootDirLen = strlen(openInfo->shareInfo.rootDir);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServer.c:2365:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newSearch->utf8DirLen = strlen(utf8Dir);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServer.c:2368:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newSearch->utf8ShareNameLen = strlen(utf8ShareName);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServer.c:2371:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newSearch->shareInfo.rootDirLen = strlen(rootDir);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServer.c:2714:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newBufferLen = strlen(newLocalName);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServer.c:3920:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*shareNameLen = strlen(*shareName);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServer.c:5383:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(name, share->path, strlen(name)) == 0) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServer.c:5579:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(wiperError) > 0) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServer.c:5730:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
shareInfo->rootDirLen = strlen(shareInfo->rootDir);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServer.c:6113:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nameStatus = HgfsServerPolicy_GetShareOptions(shareName, strlen(shareName),
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServer.c:8541:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
targetNameLen = targetName ? strlen(targetName) : 0;
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServer.c:9524:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
targetSize = level * HGFS_PARENT_DIR_LEN + strlen(relativeTarget) + sizeof '\0';
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServer.c:9533:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(currentPosition, relativeTarget, strlen(relativeTarget) + sizeof '\0');
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c:1155:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(fileName),
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c:1477:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dentryNameLen = strlen(dentryName);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c:1682:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(currentComponent) + 1);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c:2285:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(shareName),
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c:2290:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sharePathLen < strlen(myTargetName) &&
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c:2305:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stats.st_size = strlen(myTargetName);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c:2326:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!CodeSet_Utf8FormDToUtf8FormC(myTargetName, strlen(myTargetName),
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c:2355:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nameStatus = HgfsServerPolicy_GetShareMode(shareName, strlen(shareName),
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c:3260:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(dent->d_name);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c:3520:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nameLen = strlen(originalDent->d_name);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c:3587:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(dirEntry->d_name);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c:4189:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
error = read(file, payload, requiredSize);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c:4219:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
error = read(file, payload, requiredSize);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c:4953:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fileDirName) == 0) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerParameters.c:5723:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t shareNameLen = strlen(shareName);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerParameters.c:5724:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result += strlen(fileName) + 1 + shareNameLen;
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerParameters.c:5960:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t shareNameLen = strlen(shareName) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServer/hgfsServerParameters.c:5961:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t fileNameLen = strlen(fileName) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServerPolicyGuest/hgfsServerPolicyGuest.c:195:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rootShare->pathLen = strlen(rootShare->path);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsServerPolicyGuest/hgfsServerPolicyGuest.c:196:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rootShare->nameLen = strlen(rootShare->name);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsUri/hgfsUriPosix.c:85:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
UnicodeIndex relativePathStart = strlen(sharesDefaultRootPath);
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsUri/hgfsUriPosix.c:86:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(pathName) > relativePathStart
data/open-vm-tools-11.2.0/open-vm-tools/lib/hgfsUri/hgfsUriPosix.c:91:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HgfsEscape_Undo(relativeSharePath, strlen(relativeSharePath) + 1);
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/asyncsocket.h:622:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int AsyncSocket_DoOneMsg(AsyncSocket *s, Bool read, int timeoutMS);
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/codeset.h:419:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!CodeSet_Utf8ToUtf16le(str, strlen(str), (char **) &strW, NULL)) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/dynbuf.h:312:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return DynBuf_Append(buf, string, strlen(string) + 1 /* NUL */);
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/dynbuf.h:340:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DynBuf_SafeAppend(buf, string, strlen(string) + 1 /* NUL */);
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/iovector.h:60:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Bool read; /* is it a readv operation? else it's write */
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/iovector.h:89:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Bool read);
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/memaligned.h:225:10: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
buf = memalign(PAGE_SIZE, size);
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/sslDirect.h:56:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define SSLGeneric_read(sock,buf,num) read(sock, buf, num)
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/utilZero.h:213:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Util_Zero(str, strlen(str));
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/utilZero.h:305:22: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Util_Zero(str, wcslen(str) * sizeof *str);
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vm_atomic.h:1879:9: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
Bool equal;
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vm_atomic.h:1887:16: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
"=qm" (equal),
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vm_atomic.h:1931:16: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
: "=qm" (equal),
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vm_atomic.h:1954:16: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
"=qm" (equal),
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vm_atomic.h:1965:11: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return equal;
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vm_atomic.h:2002:9: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
Bool equal;
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vm_atomic.h:2009:16: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
"=qm" (equal),
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vm_atomic.h:2015:11: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return equal;
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vm_basic_defs.h:494:1: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(unsigned long usec)
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmblock_user.h:88:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pathLength = strlen(path);
data/open-vm-tools-11.2.0/open-vm-tools/lib/include/vmci_sockets.h:910:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(io.u2c_uuid_string, uuidString, sizeof io.u2c_uuid_string - 1);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/base64.c:282:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((bufMax > strlen(test->out)) && (bufSize < strlen(test->out))) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/base64.c:282:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((bufMax > strlen(test->out)) && (bufSize < strlen(test->out))) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/base64.c:284:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
test->in, bufSize, strlen(test->out));
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/base64.c:293:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r = Base64_Encode(test->out, strlen(test->out),
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/base64.c:297:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bufMax <= strlen(test->in) && r == 0) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/base64.c:298:106: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("Good: %s. Failed for bufMax %"FMTSZ"u (required %"FMTSZ"u)\n", test->out, bufMax, strlen(test->in));
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/base64.c:300:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!r || bufSize != strlen(test->in) ||
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/base64.c:614:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
theDataSize = Base64_DecodedLength(src, strlen(src));
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/codeset.c:347:37: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcslen(shortPathW) * sizeof *shortPathW,
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/codeset.c:489:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t length = strlen(icuDataDir);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/codeset.c:495:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!DynBuf_Append(&dbpath, DIRSEPS, strlen(DIRSEPS))) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/codeset.c:499:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!DynBuf_Append(&dbpath, ICU_DATA_FILE, strlen(ICU_DATA_FILE)) ||
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/codeset.c:538:26: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcslen(modPath) * sizeof(utf16_t)) ||
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/codeset.c:540:26: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcslen(DIRSEPS_W) * sizeof(utf16_t)) ||
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/codeset.c:542:26: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcslen(ICU_DATA_FILE_W) * sizeof(utf16_t)) ||
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/codeset.c:596:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (DynBuf_Append(&dbpath, modPath, strlen(modPath)) &&
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/codeset.c:597:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DynBuf_Append(&dbpath, DIRSEPS, strlen(DIRSEPS)) &&
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/codeset.c:599:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ICU_DATA_FILE)) &&
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/codeset.c:620:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!DynBuf_Append(&dbpath, icuDataDir, strlen(icuDataDir))) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/codeset.c:631:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& DynBuf_Append(&dbpath, icuDir, strlen(icuDir));
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/codeset.c:641:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!DynBuf_Append(&dbpath, POSIX_ICU_DIR, strlen(POSIX_ICU_DIR)) ||
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/codeset.c:642:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!DynBuf_Append(&dbpath, "/icu", strlen("/icu"))) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/codeset.c:647:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!DynBuf_Append(&dbpath, DIRSEPS, strlen(DIRSEPS)) ||
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/codeset.c:648:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!DynBuf_Append(&dbpath, ICU_DATA_FILE, strlen(ICU_DATA_FILE)) ||
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/codesetBase.c:158:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = p + strlen(utf8);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/codesetBase.c:202:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = p + strlen(utf8);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/codesetBase.c:267:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = p + strlen(utf8);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/codesetOld.c:602:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DynBuf_SetSize(db, strlen((char *)DynBuf_Get(db)));
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/dynbuf.c:114:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(str);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/escape.c:105:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escStrLen = strlen(escStr);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/escape.c:458:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out = Escape_AnsiToUnix(tests[i].in, strlen(tests[i].in), NULL);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/escape.c:772:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (buf[read] != '\0') {
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/escape.c:773:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (buf[read] == '\\') {
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/escape.c:782:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
} else if (sscanf(&buf[read], "\\%03o", &val) == 1) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/escape.c:786:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
buf[write] = buf[read];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/escape.c:789:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
buf[write] = buf[read];
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/escape.c:820:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out = Escape_Sh(tests[i].in, strlen(tests[i].in), NULL);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:536:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lastCharPos = strlen(osNameFull) - 1;
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:1397:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, distroOrig, bufSize) != bufSize) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:1432:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmpDistroPos += strlen(values[i].name) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:2357:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(line, "processor", strlen("processor")) == 0) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:2759:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, sizeof buf);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:3080:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int res = read(pipeFds[0], &err, sizeof err);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:3337:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
e = s + strlen(s);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:3822:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
res = read(fd, buf, sizeof buf - 1);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:3877:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(string);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/hostinfoPosix.c:3929:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buffer, sizeof buffer - 1);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/idLinux.c:580:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
actual = read(fds[0], (void *)&data + rcvd, sizeof data - rcvd);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/idLinux.c:637:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t actual = read(fds[1], &buf, sizeof buf);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/idLinux.c:892:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
environmentItems[0].valueLength = strlen(localizedDescription);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/iovector.c:66:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Log("%s\n", iov->read ? "READ" : "WRITE");
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/iovector.c:104:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ASSERT(iov->read);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/iovector.c:217:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Bool read) // IN
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/iovector.c:222:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
v->read = read;
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPosix.c:1730:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rawNameLen = strlen(rawName) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPosix.c:1731:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rawValueLen = strlen(rawValue) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPosix.c:2078:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(fsname) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPosix.c:2088:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(dir) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPosix.c:2098:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(type) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPosix.c:2108:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(opts) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPwd.c:300:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t needLen = strlen(src) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPwd.c:561:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
flen = strlen(orig->gr_mem[i]) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPwd.c:812:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(pwname) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPwd.c:822:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(passwd) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPwd.c:832:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(gecos) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPwd.c:842:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(dir) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPwd.c:852:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(shell) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPwd.c:1100:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(grname) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPwd.c:1110:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(grpasswd) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/posixPwd.c:1121:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(grmem[i]) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/random.c:135:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t bytesRead = read(fd, buffer, size);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/sleep.c:61:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(usec);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/strutil.c:101:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT(*index <= strlen(str));
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/strutil.c:891:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return Str_Strncasecmp(s, prefix, strlen(prefix)) == 0;
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/strutil.c:922:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(s);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/strutil.c:923:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
suffixlen = strlen(suffix);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/strutil.c:961:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(s);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/strutil.c:962:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
suffixlen = strlen(suffix);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/strutil.c:1193:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t plen = (*prefix == NULL) ? 0 : strlen(*prefix);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/strutil.c:1194:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t slen = strlen(str);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/strutil.c:1303:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(res);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/strutil.c:1353:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenWhat = strlen(what);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/strutil.c:1354:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenWith = strlen(with);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/strutil.c:1362:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenNew = strlen(orig) + (lenWith - lenWhat) * occurrences;
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/strutil.c:1377:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(tmp, orig, strlen(orig));
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/strutil.c:1586:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int itemLen = strlen(item);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/strutil.c:1597:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tokenLen = strlen(list);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/strutil.c:1722:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int maxSize = strlen(list) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/timeutil.c:148:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(date) == 8) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/timeutil.c:151:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen(date) == 10) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/timeutil.c:865:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str[strlen(str) - 1] = '\0'; // Remove the trailing '\n'.
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/timeutil.c:1283:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(date) != 8) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/timeutil.c:1286:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(date); i++) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/util_misc.c:339:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!path || strlen(path) < 2) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/util_misc.c:631:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
chunkSize[0] = strlen(chunks[0]);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/util_misc.c:727:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
chunkSize[i] = strlen(expand);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/util_misc.c:911:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(path),
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/vmstdio.c:91:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(stream);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/vmstdio.c:118:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(stream);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/vthreadBase.c:478:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (vmx86_debug && strlen(name) >= VTHREADBASE_MAX_NAME) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/vthreadBase.c:491:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(vthreadName, name, sizeof vthreadName - 1);
data/open-vm-tools-11.2.0/open-vm-tools/lib/misc/vthreadBase.c:513:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, name, VTHREADBASE_MAX_NAME - 1);
data/open-vm-tools-11.2.0/open-vm-tools/lib/nicInfo/nicInfoPosix.c:272:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(label);
data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c:80:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
PollEntryInfo read;
data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c:172:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(_e), (_e)->read.cb, (_e)->read.clientData, \
data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c:172:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(_e), (_e)->read.cb, (_e)->read.clientData, \
data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c:173:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(_e)->read.flags, (_e)->type); \
data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c:386:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
PollGtkEntryInfoMatches(¤t->read, search);
data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c:453:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (entry->read.cb && entry->read.timesNotFired > 0) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c:453:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (entry->read.cb && entry->read.timesNotFired > 0) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c:614:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ASSERT(entry->read.cb && entry->read.flags & POLL_FLAG_SOCKET);
data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c:614:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ASSERT(entry->read.cb && entry->read.flags & POLL_FLAG_SOCKET);
data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c:618:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
entry->read.timesNotFired = 1;
data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c:692:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (POLL_FLAG_READ & entry->read.flags) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c:705:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((entry->read.flags | entry->write.flags) & POLL_FLAG_SOCKET) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c:708:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (entry->read.flags & POLL_FLAG_READ) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c:714:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
} else if ((entry->read.flags | entry->write.flags) & POLL_FLAG_FD) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c:760:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (foundEntry->read.flags) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c:762:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
newEntry->read = foundEntry->read;
data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c:874:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
*foundClientData = foundEntry->read.clientData;
data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c:1026:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
newEntry->read.flags = flags;
data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c:1027:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
newEntry->read.cb = f;
data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c:1028:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
newEntry->read.clientData = clientData;
data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c:1029:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
newEntry->read.cbLock = lock;
data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c:1030:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
newEntry->read.classSet = classSet;
data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c:1056:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ASSERT(foundEntry->read.cb != NULL);
data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c:1057:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
newEntry->read = foundEntry->read;
data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c:1060:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ASSERT(foundEntry->read.flags == 0);
data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c:1061:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ASSERT(foundEntry->read.cb == NULL);
data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c:1071:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ASSERT(((newEntry->read.flags ^ newEntry->write.flags) & POLL_FLAG_SOCKET)
data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c:1226:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (eventEntry->read.cb &&
data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c:1228:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cbFunc = eventEntry->read.cb;
data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c:1229:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
clientData = eventEntry->read.clientData;
data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c:1230:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cbLock = eventEntry->read.cbLock;
data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c:1231:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = (eventEntry->read.flags & POLL_FLAG_PERIODIC) != 0;
data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c:1268:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
eventEntry->read.timesNotFired++;
data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c:1277:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
eventEntry->read.timesNotFired == 1) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c:1317:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
} else if (!fireWriteCallback && eventEntry->read.timesNotFired > 0) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c:1318:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
eventEntry->read.timesNotFired = 0;
data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c:1350:66: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
} else if (!fireWriteCallback && eventEntry && eventEntry->read.cb &&
data/open-vm-tools-11.2.0/open-vm-tools/lib/pollGtk/pollGtk.c:1351:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(eventEntry->read.flags & POLL_FLAG_SOCKET)) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrPosix.c:183:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
numRead = read(fd, tmp, sizeof(tmp));
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrPosix.c:211:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
numRead = read(fd, tmp, sizeof(tmp));
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrPosix.c:346:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strspn(ent->d_name, "0123456789") != strlen(ent->d_name)) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrPosix.c:594:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(cmdLineTemp) - 1 ;
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrPosix.c:762:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(kp->ki_comm) + 1 < sizeof kp->ki_comm) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrPosix.c:779:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!DynBuf_Append(&dbuf, *cmdLineTemp, strlen(*cmdLineTemp))) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrPosix.c:960:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmdLineTemp += strlen(cmdLineTemp) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrPosix.c:999:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!DynBuf_Append(argsBuf, argUnicode, strlen(argUnicode))) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrPosix.c:1168:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(kptmp->kp_proc.p_comm) + 1 < sizeof kptmp->kp_proc.p_comm) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrPosix.c:1438:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!CodeSet_Utf8ToCurrent(cmd, strlen(cmd), &cmdCurrent, NULL)) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrPosix.c:1444:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!CodeSet_Utf8ToCurrent(workingDir, strlen(workingDir), &workDir, NULL)) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrPosix.c:1805:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(readFd, &resultPid, sizeof resultPid) != sizeof resultPid) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrPosix.c:1921:19: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrPosix.c:1929:13: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrPosix.c:2154:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(asyncProc->fd, &status, sizeof status) != sizeof status) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrPosix.c:2159:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(asyncProc->fd, &asyncProc->exitCode,
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrSolaris.c:162:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
numRead = read(psInfoFd, &procInfo, sizeof procInfo);
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrSolaris.c:176:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(procInfo.pr_fname) + 1 < sizeof procInfo.pr_fname) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrSolaris.c:194:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen(procInfo.pr_psargs) + 1 >= sizeof procInfo.pr_psargs) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrSolaris.c:350:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DynBuf_Append(&cmdLine, buf, strlen(buf));
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrSolaris.c:457:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextArgOff = argOff + strlen(argBuf) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrSolaris.c:458:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
argBufPtr = argBuf + strlen(argBuf);
data/open-vm-tools-11.2.0/open-vm-tools/lib/procMgr/procMgrSolaris.c:466:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(argBuf) + 1)) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcChannel/rpcChannel.c:373:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!DynXdr_AppendRaw(&xdrs, cmd, strlen(cmd))) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcChannel/rpcChannel.c:440:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nameLen = strlen(name);
data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcChannel/rpcChannel.c:608:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT(rpc->name != NULL && strlen(rpc->name) > 0);
data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcChannel/rpcChannel.c:783:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data->resultLen = strlen(data->result);
data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcChannel/rpcChannel.c:809:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data->resultLen = strlen(data->result);
data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcChannel/rpcChannel.c:1188:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*resultLen = strlen(*result);
data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcChannel/rpcChannel.c:1197:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*resultLen = strlen(*result);
data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcChannel/rpcChannel.c:1205:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*resultLen = strlen(*result);
data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcChannel/simpleSocket.c:417:10: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000);
data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcChannel/vsockChannel.c:303:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*repLen = strlen(*reply);
data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcIn/rpcin.c:338:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p->length = strlen(name);
data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcIn/rpcin.c:1346:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
resultLen = strlen(result);
data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcIn/rpcin.c:1353:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
resultLen = strlen(result);
data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcIn/rpcin.c:1358:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
statusLen = strlen(statusStr);
data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcIn/rpcin.c:1909:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*resultLen = strlen(*result);
data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcOut/rpcout.c:250:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*repLen = strlen(*reply);
data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcOut/rpcout.c:257:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*repLen = strlen(*reply);
data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcOut/rpcout.c:266:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*repLen = strlen(*reply);
data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcOut/rpcout.c:434:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
myRepLen = strlen(myReply);
data/open-vm-tools-11.2.0/open-vm-tools/lib/rpcVmx/rpcvmx.c:66:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t prefixLen = strlen(prefix);
data/open-vm-tools-11.2.0/open-vm-tools/lib/slashProc/net.c:887:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT(strlen(ip6String) == 32);
data/open-vm-tools-11.2.0/open-vm-tools/lib/sslDirect/sslStubs.c:111:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(sslSock->fd, buf, num);
data/open-vm-tools-11.2.0/open-vm-tools/lib/string/str.c:296:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(src);
data/open-vm-tools-11.2.0/open-vm-tools/lib/string/str.c:407:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((subLen = strlen(sub)) == 0) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/string/str.c:453:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufLen = strlen(buf);
data/open-vm-tools-11.2.0/open-vm-tools/lib/string/str.c:454:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
srcLen = strlen(src);
data/open-vm-tools-11.2.0/open-vm-tools/lib/string/str.c:507:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufLen = strlen(buf);
data/open-vm-tools-11.2.0/open-vm-tools/lib/string/str.c:511:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufLen + strlen(src) < bufSize)) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/string/str.c:520:11: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
return strncat(buf, src, n);
data/open-vm-tools-11.2.0/open-vm-tools/lib/string/str.c:633:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t bufSize = strlen(format);
data/open-vm-tools-11.2.0/open-vm-tools/lib/string/str.c:899:10: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = wcslen(src);
data/open-vm-tools-11.2.0/open-vm-tools/lib/string/str.c:931:13: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufLen = wcslen(buf);
data/open-vm-tools-11.2.0/open-vm-tools/lib/string/str.c:932:13: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
srcLen = wcslen(src);
data/open-vm-tools-11.2.0/open-vm-tools/lib/string/str.c:970:20: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t bufLen = wcslen(buf);
data/open-vm-tools-11.2.0/open-vm-tools/lib/string/str.c:985:17: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufLen + wcslen(src) >= bufSize) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/string/str.c:994:11: [1] (buffer) wcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
return wcsncat(buf, src, n);
data/open-vm-tools-11.2.0/open-vm-tools/lib/string/str.c:1030:14: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufSize = wcslen(format);
data/open-vm-tools-11.2.0/open-vm-tools/lib/string/str.c:1282:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int expectedCount = strlen(expected);
data/open-vm-tools-11.2.0/open-vm-tools/lib/string/str.c:1318:24: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int expectedCount = wcslen(expected);
data/open-vm-tools-11.2.0/open-vm-tools/lib/system/systemLinux.c:752:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
itemSize = strlen(key) + strlen(value) + sizeof "=";
data/open-vm-tools-11.2.0/open-vm-tools/lib/system/systemLinux.c:752:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
itemSize = strlen(key) + strlen(value) + sizeof "=";
data/open-vm-tools-11.2.0/open-vm-tools/lib/unicode/unicodeCommon.c:200:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buffer);
data/open-vm-tools-11.2.0/open-vm-tools/lib/unicode/unicodeICU.c:265:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int32_t utf8SrcLen = strlen(utf8Src);
data/open-vm-tools-11.2.0/open-vm-tools/lib/unicode/unicodeICU.c:354:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int32_t utf8SrcLen = strlen(utf8Src);
data/open-vm-tools-11.2.0/open-vm-tools/lib/unicode/unicodeICU.c:447:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int32_t utf8SrcLen = strlen(utf8Src);
data/open-vm-tools-11.2.0/open-vm-tools/lib/unicode/unicodeSimpleBase.c:378:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen((const char *)str);
data/open-vm-tools-11.2.0/open-vm-tools/lib/unicode/unicodeSimpleBase.c:421:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen((const char *)utf8) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/lib/unicode/unicodeSimpleBase.c:538:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(utf8Str);
data/open-vm-tools-11.2.0/open-vm-tools/lib/unicode/unicodeSimpleBase.c:564:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(utf8Str),
data/open-vm-tools-11.2.0/open-vm-tools/lib/unicode/unicodeSimpleBase.c:588:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!CodeSet_GenericToGeneric("UTF-8", utf8Str, strlen(utf8Str),
data/open-vm-tools-11.2.0/open-vm-tools/lib/unicode/unicodeSimpleBase.c:816:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf16 = Util_SafeMalloc(sizeof *utf16 * (strlen(asciiBytes) + 1));
data/open-vm-tools-11.2.0/open-vm-tools/lib/unicode/unicodeSimpleTypes.c:2436:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = Util_SafeMalloc(strlen(encodingName) + 1);
data/open-vm-tools-11.2.0/open-vm-tools/lib/unicode/unicodeSimpleTypes.c:2817:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(250 * 1000);
data/open-vm-tools-11.2.0/open-vm-tools/lib/user/util.c:828:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!Util_IsAbsolutePath(name) && strlen(path) > 0 &&
data/open-vm-tools-11.2.0/open-vm-tools/lib/user/util.c:867:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(path) > 0 && strcmp(path, ".") != 0) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/wiper/wiperPosix.c:228:18: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
} else if (sscanf(buf, "%d %61s\n", &major, device + 1) == 2) {
data/open-vm-tools-11.2.0/open-vm-tools/lib/wiper/wiperPosix.c:571:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *tmp = &mntpt[strlen(mntpt) - 1];
data/open-vm-tools-11.2.0/open-vm-tools/lib/wiper/wiperPosix.c:577:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(mntpt);
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:301:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int msg_size = strlen(CABCOMMANDLOG) + 1 + strlen(errMsg) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:301:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int msg_size = strlen(CABCOMMANDLOG) + 1 + strlen(errMsg) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:314:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg = malloc(strlen(CABCOMMANDLOG) + 1);
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:507:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data = malloc(strlen(token) + 1);
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:649:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sz = read(fd, &hdr, sizeof(VMwareDeployPkgHdr));
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:705:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int fileNameSize = strlen(STATE_FILE_PATH_BASENAME) + 1 /* For '.' */ +
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:706:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(state) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:748:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int fileNameSize = strlen(STATE_FILE_PATH_BASENAME) + 1 /* For '.' */ +
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:749:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(state) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:851:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int fileNameSize = strlen(dir) + strlen(nicFile) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:851:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int fileNameSize = strlen(dir) + strlen(nicFile) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:1183:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cfgFullPathSize = strlen(dirPath) + 1 /* For '/' */ + sizeof(cfgName);
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:1232:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cleanupCommandSize = strlen(CLEANUPCMD) + strlen(imcDirPath) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:1232:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cleanupCommandSize = strlen(CLEANUPCMD) + strlen(imcDirPath) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:1306:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
imcDirPathSize = strlen(baseDirPath) + strlen(IMC_DIR_PATH_PATTERN) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:1306:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
imcDirPathSize = strlen(baseDirPath) + strlen(IMC_DIR_PATH_PATTERN) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:1561:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((rdCount = read(pkgFd, copyBuf, sizeof copyBuf)) > 0) {
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:1590:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(stderr) > 0) {
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:1624:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char token[strlen(command) + 1];
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:1631:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(command); ++i) {
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:1634:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (i < (strlen(command) - 1)) {
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:1649:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(token, 0, strlen(command));
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:1674:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* arg = malloc(strlen(l->data) + 1);
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/linuxDeployment.c:1748:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(Process_GetStderr(hp)) > 0) {
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/mspackWrapper.c:180:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char fileName[strlen(file->filename)+1];
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/mspackWrapper.c:184:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz = strlen(destDirectory)+ 1 + strlen(fileName)+ 1;
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/mspackWrapper.c:184:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz = strlen(destDirectory)+ 1 + strlen(fileName)+ 1;
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/mspackWrapper.c:327:14: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
oldMask = umask(0027);
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/mspackWrapper.c:331:4: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(oldMask);
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/processPosix.c:260:10: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(LoopSleepMicrosec);
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/processPosix.c:319:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t count = read(fd, buf, sizeof buf);
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/processPosix.c:323:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
currSize = strlen(*saveTo);
data/open-vm-tools-11.2.0/open-vm-tools/libDeployPkg/processPosix.c:346:13: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000);
data/open-vm-tools-11.2.0/open-vm-tools/libappmonitor/vmGuestAppMonitorLib.c:363:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!RpcChannel_Send(gChan, cmd, strlen(cmd), &reply, &replyLen)) {
data/open-vm-tools-11.2.0/open-vm-tools/libappmonitor/vmGuestAppMonitorLib.c:430:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!RpcChannel_Send(gChan, cmd, strlen(cmd), &reply, &replyLen)) {
data/open-vm-tools-11.2.0/open-vm-tools/libguestlib/vmGuestLib.c:1235:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(dataV2->resourcePoolPath.value) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/libguestlib/vmGuestLib.c:1253:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(stat->GuestLibV3Stat_u.resourcePoolPath.value) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/libguestlib/vmGuestLib.c:1857:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!DynXdr_AppendRaw(&xdrs, request, strlen(request)) ||
data/open-vm-tools-11.2.0/open-vm-tools/libguestlib/vmGuestLib.c:1967:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = RpcChannel_SendOneRaw(commandBuf, strlen(commandBuf),
data/open-vm-tools-11.2.0/open-vm-tools/libvmtools/i18n.c:580:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!Unicode_IsBufferValid(name, strlen(name) + 1, STRING_ENCODING_UTF8) ||
data/open-vm-tools-11.2.0/open-vm-tools/libvmtools/i18n.c:581:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!Unicode_IsBufferValid(value, strlen(value) + 1, STRING_ENCODING_UTF8)) {
data/open-vm-tools-11.2.0/open-vm-tools/libvmtools/signalSource.c:80:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t nbytes = read(gHandler.wakeupFd.fd, &info, sizeof info);
data/open-vm-tools-11.2.0/open-vm-tools/libvmtools/vmtoolsLog.c:862:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(path);
data/open-vm-tools-11.2.0/open-vm-tools/libvmtools/vmtoolsLog.c:1084:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(domain) > MAX_DOMAIN_LEN) {
data/open-vm-tools-11.2.0/open-vm-tools/libvmtools/vmtoolsLog.c:1087:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen(domain) == 0) {
data/open-vm-tools-11.2.0/open-vm-tools/libvmtools/vmtoolsLog.c:1460:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
domain[strlen(domain) - 6] = '\0';
data/open-vm-tools-11.2.0/open-vm-tools/modules/freebsd/vmmemctl/kernelStubsBSD.c:117:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t srcLen = strlen(src);
data/open-vm-tools-11.2.0/open-vm-tools/modules/freebsd/vmmemctl/kernelStubsBSD.c:195:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufSize = strlen(format);
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmblock/vfsops.c:586:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(stats->f_basetype, VMBLOCK_FS_NAME, sizeof stats->f_basetype - 1);
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmblock/vfsops.c:587:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(stats->f_fstr, VMBLOCK_FS_NAME, sizeof stats->f_fstr - 1);
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmblock/vnops.c:396:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = VMBlockVnodeGet(vpp, realVp, nm, strlen(nm), dvp, dvp->v_vfsp, FALSE);
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/filesystem.c:635:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(stats->f_basetype, HGFS_FS_NAME, sizeof stats->f_basetype - 1);
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/filesystem.c:636:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(stats->f_fstr, HGFS_FS_NAME, sizeof stats->f_fstr - 1);
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/hgfsState.c:1239:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(fileName);
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/kernelStubsSolaris.c:92:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(src);
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/kernelStubsSolaris.c:173:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufSize = strlen(format);
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/vnode.c:1788:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((sizeof *request + strlen(srcFullPath) + strlen(dstFullPath))
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/vnode.c:1788:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((sizeof *request + strlen(srcFullPath) + strlen(dstFullPath))
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/vnode.c:2270:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = HgfsEscape_Do(nameBuf, strlen(nameBuf), sizeof escName, escName);
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/vnode.c:5392:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path, pathLen, file, (long) strlen(file));
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/vnode.c:5442:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int fileLen = strlen(file);
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmhgfs/vnode.c:5661:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = HgfsEscape_Do(nameBuf, strlen(nameBuf), MAXNAMELEN, escName);
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmmemctl/kernelStubsSolaris.c:92:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(src);
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmmemctl/kernelStubsSolaris.c:173:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufSize = strlen(format);
data/open-vm-tools-11.2.0/open-vm-tools/modules/solaris/vmxnet/vmxnet.c:2087:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dp->drvName, drvName, sizeof dp->drvName - 1);
data/open-vm-tools-11.2.0/open-vm-tools/namespacetool/namespacetool.c:315:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!DynBuf_Append(&buf, nscmd, strlen(nscmd)) ||
data/open-vm-tools-11.2.0/open-vm-tools/namespacetool/namespacetool.c:321:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(nsOptions->oldValueToSet) == 0) {
data/open-vm-tools-11.2.0/open-vm-tools/namespacetool/namespacetool.c:342:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(nsOptions->valueToSet) == 0) {
data/open-vm-tools-11.2.0/open-vm-tools/namespacetool/namespacetool.c:405:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/appInfo/appInfo.c:145:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return Escape_DoString("\\u00", bytesToEscape, str, strlen(str),
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/appInfo/appInfo.c:185:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(msg) + 1,
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/deployPkg/deployPkg.c:239:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!RpcChannel_Send(ctx->rpc, msg, strlen(msg), &result, &resultLen)) {
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/deployPkg/deployPkg.c:257:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!RpcChannel_Send(ctx->rpc, msg, strlen(msg), NULL, NULL)) {
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/deployPkg/deployPkg.c:316:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!RpcChannel_Send(ctx->rpc, msg, strlen(msg), NULL, NULL)) {
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/deployPkg/deployPkg.c:329:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pkgEnd = pkgStart + strlen(pkgStart);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/deployPkg/deployPkg.c:340:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!RpcChannel_Send(ctx->rpc, msg, strlen(msg), NULL, NULL)) {
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/deployPkg/deployPkg.c:360:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!RpcChannel_Send(ctx->rpc, msg, strlen(msg), NULL, NULL)) {
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/deployPkg/deployPkgLog.c:168:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t fmtstrLen = strlen(fmtstr);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/desktopEvents/sessionMgr.c:331:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
values[PROP_ID_USER_ID].length = strlen(pw->pw_name);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/copyPasteCompatX11.c:457:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(selection_data->data);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/copyPasteCompatX11.c:471:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(gtk_selection_data_get_data(selection_data));
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/copyPasteCompatX11.c:595:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(gHostClipboardBuf);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/copyPasteCompatX11.c:603:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(gHostClipboardBuf),
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/copyPasteCompatX11.c:686:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
primaryLen = strlen(gGuestSelPrimaryBuf);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/copyPasteCompatX11.c:687:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
clipboardLen = strlen(gGuestSelClipboardBuf);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/copyPasteCompatX11.c:715:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen((char *)p);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/copyPasteUIX11.cpp:1668:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size = read(fd, buf, sizeof(VMBLOCK_FUSE_READ_RESPONSE));
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dnd/dndCommon.c:470:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nameSize = strlen(nameIn);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dnd/dndCommon.c:644:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t end = strlen(str);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dnd/dndLinux.c:271:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(schemes[i])) == 0) {
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dnd/dndLinux.c:481:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size = read(blockFd, buf, sizeof(VMBLOCK_FUSE_READ_RESPONSE));
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dnd/dndXdg.c:259:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
VERIFY(strlen(completePath) < PATH_MAX);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/dndGuest/dndCPTransportGuestRpc.cpp:376:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rpcSize = strlen(cmd) + 1 + length;
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/fakeMouseWayland/fakeMouseWayland.cpp:156:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100 * 1000);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/fakeMouseWayland/fakeMouseWayland.cpp:331:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100 * 1000);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/vmCopyPasteDnDWrapper.cpp:156:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!RpcChannel_Send(ctx->rpc, toolsDnDVersion, strlen(toolsDnDVersion),
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/vmCopyPasteDnDWrapper.cpp:166:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(vmxDnDVersion), &reply, &replyLen)) {
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/vmCopyPasteDnDWrapper.cpp:184:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(toolsDnDVersion), NULL, NULL)) {
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/vmCopyPasteDnDWrapper.cpp:203:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(toolsCopyPasteVersion),
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/vmCopyPasteDnDWrapper.cpp:213:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(vmxCopyPasteVersion), &reply, &replyLen)) {
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/vmCopyPasteDnDWrapper.cpp:233:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(toolsCopyPasteVersion), NULL, NULL)) {
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/vmCopyPasteDnDWrapper.cpp:266:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(QUERY_VMX_COPYPASTE_VERSION), &reply, &replyLen)) {
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/vmCopyPasteDnDWrapper.cpp:298:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(QUERY_VMX_DND_VERSION), &reply, &replyLen)) {
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/dndcp/vmCopyPasteDnDWrapper.cpp:333:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("dnd.is.active"), &reply, &replyLen) &&
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/diskInfo.c:164:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
devName, strlen(devName));
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/diskInfo.c:265:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cPtr = &buffer[strlen(buffer) -1];
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/diskInfo.c:1050:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(error)) {
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/diskInfo.c:1056:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(part->mountPoint) + 1 > partNameSize) {
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/diskInfo.c:1071:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
part->fsType, strlen(part->fsType));
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/guestInfoServer.c:317:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!RpcChannel_Send(ctx->rpc, rpcMsg, strlen(rpcMsg) + 1,
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/guestInfoServer.c:609:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
detailedGosDataLen = strlen(detailedGosData);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/guestInfoServer.c:900:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
headerLen = strlen(header);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/guestInfoServer.c:986:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!DynXdr_AppendRaw(&xdrs, request, strlen(request)) ||
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/guestInfoServer.c:1046:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msgLength += strlen(request);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/guestInfoServer.c:1049:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(message, request, strlen(request));
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/guestInfoServer.c:1050:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(message + strlen(request), info, infoLength);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/guestInfoServer.c:1295:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(pdi->partitionList[i].name));
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/guestInfoServer.c:1369:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
status = RpcChannel_Send(ctx->rpc, infoReq, strlen(infoReq) + 1, &reply,
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/guestInfoServer.c:1469:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset = strlen(request);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/guestInfoServer.c:1732:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
status = RpcChannel_Send(ctx->rpc, msg, strlen(msg) + 1, &reply, &replyLen);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/guestInfoServer.c:2328:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = RpcChannel_Send(ctx->rpc, msg, strlen(msg) + 1, NULL, NULL);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/guestInfo/perfMonLinux.c:1032:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t nameSpaceLen = strlen(NameSpace) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/hgfsServer/hgfsPlugin.c:166:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ctx->rpc && !RpcChannel_Send(ctx->rpc, msg, strlen(msg) + 1, NULL, NULL)) {
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/hgfsServer/hgfsPlugin.c:480:31: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DWORD remoteNameCharSize = wcslen(netRes->lpRemoteName) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/powerOps/powerOps.c:204:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!RpcChannel_Send(state->ctx->rpc, msg, strlen(msg) + 1,
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/powerOps/powerOps.c:467:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen(script) == 0) {
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/powerOps/powerOps.c:491:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
script[strlen(script) - 1] = '\0';
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/resolutionKMS/resolutionKMS.c:275:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!RpcChannel_Send(chan, msg, strlen(msg), NULL, NULL)) {
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/resolutionKMS/resolutionKMS.c:300:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!RpcChannel_Send(chan, msgClear, strlen(msgClear), NULL, NULL)) {
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/resolutionSet/resolutionCommon.c:425:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
curFileChar = fgetc(driver);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/resolutionSet/resolutionRandR12.c:732:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
modeInfo = XRRAllocModeInfo(name, strlen(name));
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/resolutionSet/resolutionSet.c:398:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!RpcChannel_Send(chan, msg, strlen(msg), NULL, NULL)) {
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/serviceDiscovery/serviceDiscovery.c:261:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(NSDB_PRIV_SET_KEYS_CMD)) ||
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/serviceDiscovery/serviceDiscovery.c:272:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!DynBuf_Append(&buf, timeStamp, strlen(timeStamp)) ||
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/serviceDiscovery/serviceDiscovery.c:354:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(NSDB_PRIV_GET_VALUES_CMD)) ||
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/serviceDiscovery/serviceDiscovery.c:409:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(NSDB_PRIV_SET_KEYS_CMD)) ||
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/serviceDiscovery/serviceDiscoveryPosix.c:173:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
status = WriteData(ctx, key, chunkCount, strlen(chunkCount));
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/foundryToolsDaemon.c:965:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sentResult = RpcChannel_Send(ctx->rpc, msg, strlen(msg) + 1, NULL, NULL);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/foundryToolsDaemon.c:1087:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
destPtr = tcloBuffer + strlen(tcloBuffer);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/foundryToolsDaemon.c:1111:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data->resultLen = strlen(tcloBuffer) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixTools.c:1324:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp += strlen(envVars[i]) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixTools.c:1507:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stopProgramFileName = startProgramFileName + strlen(startProgramFileName);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixTools.c:1724:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stopProgramFileName = startProgramFileName + strlen(startProgramFileName);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixTools.c:4442:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
names += strlen(names) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixTools.c:6448:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
resultBufferSize += strlen(VIX_XML_ESCAPED_TAG);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixTools.c:6452:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
formatStringLength = strlen(fileInfoFormatString);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixTools.c:6707:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
resultBufferSize += strlen(listFilesRemainingFormatString) + 10;
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixTools.c:6860:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fileExtendedInfoBufferSize = strlen(fileExtendedInfoWindowsFormatString);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixTools.c:6862:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fileExtendedInfoBufferSize = strlen(fileExtendedInfoLinuxFormatString);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixTools.c:6957:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
resultBufferSize = strlen(fileInfoFormatString)
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixTools.c:7717:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
writeResult = _write(fd, script, (unsigned int)strlen(script));
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixTools.c:7719:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
writeResult = write(fd, script, strlen(script));
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixTools.c:7902:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ticketLength != strlen(credentialField)) {
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixTools.c:9437:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(propertyPtr->value.strValue) < sizeof ipAddr) {
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixTools.c:9449:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(propertyPtr->value.strValue) < sizeof subnetMask) {
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixTools.c:11296:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
resultValueLength = strlen(resultValue);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixTools.c:11653:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return Escape_Do(VIX_XML_ESCAPE_CHARACTER, bytesToEscape, str, strlen(str),
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixTools.c:11702:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(str);
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixToolsEnvVars.c:415:28: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(wcslen(envVar) + 1) * sizeof(*envVar));
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vix/vixToolsEnvVars.c:550:15: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
currPos += wcslen(L"foo=bar") + 1;
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vmbackup/stateMachine.c:193:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(msg) + 1,
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vmbackup/stateMachine.c:246:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg, strlen(msg) + 1,
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vmbackup/stateMachine.c:250:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (resultLen > strlen(privErr) &&
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vmbackup/stateMachine.c:251:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncmp(result, privErr, strlen(privErr)) == 0) {
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vmbackup/stateMachine.c:274:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg, strlen(msg) + 1,
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vmbackup/stateMachine.c:1266:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(paramsV1->scriptArg));
data/open-vm-tools-11.2.0/open-vm-tools/services/plugins/vmbackup/stateMachine.c:1269:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(paramsV1->diskUuids));
data/open-vm-tools-11.2.0/open-vm-tools/services/vmtoolsd/cmdLine.c:115:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
g_printerr(SU_(cmdline.cmdfile.read,
data/open-vm-tools-11.2.0/open-vm-tools/services/vmtoolsd/mainLoop.c:289:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(value) + 1, NULL, NULL)) {
data/open-vm-tools-11.2.0/open-vm-tools/services/vmtoolsd/mainLoop.c:301:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(value) + 1, NULL, NULL)) {
data/open-vm-tools-11.2.0/open-vm-tools/services/vmtoolsd/mainLoop.c:313:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(value) + 1, NULL, NULL)) {
data/open-vm-tools-11.2.0/open-vm-tools/services/vmtoolsd/mainLoop.c:325:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(value) + 1, NULL, NULL)) {
data/open-vm-tools-11.2.0/open-vm-tools/services/vmtoolsd/mainLoop.c:811:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(pluginPath),
data/open-vm-tools-11.2.0/open-vm-tools/services/vmtoolsd/toolsHangDetector.c:179:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!RpcChannel_Send(chan, msg, strlen(msg), NULL, NULL)) {
data/open-vm-tools-11.2.0/open-vm-tools/services/vmtoolsd/toolsRpc.c:77:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!RpcChannel_Send(state->ctx.rpc, msg, strlen(msg) + 1, NULL, NULL)) {
data/open-vm-tools-11.2.0/open-vm-tools/services/vmtoolsd/toolsRpc.c:90:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
RpcChannel_Send(state->ctx.rpc, msg, strlen(msg) + 1, NULL, NULL);
data/open-vm-tools-11.2.0/open-vm-tools/services/vmtoolsd/toolsRpc.c:212:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!RpcChannel_Send(state->ctx.rpc, msg, strlen(msg) + 1, NULL, NULL)) {
data/open-vm-tools-11.2.0/open-vm-tools/services/vmtoolsd/toolsRpc.c:255:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!RpcChannel_Send(state->ctx.rpc, toolsVersion, strlen(toolsVersion) + 1,
data/open-vm-tools-11.2.0/open-vm-tools/services/vmtoolsd/toolsRpc.c:281:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!RpcChannel_Send(state->ctx.rpc, toolsVersion, strlen(toolsVersion) + 1,
data/open-vm-tools-11.2.0/open-vm-tools/services/vmtoolsd/toolsRpc.c:322:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (option != NULL && value != NULL && strlen(value) != 0) {
data/open-vm-tools-11.2.0/open-vm-tools/services/vmtoolsd/toolsRpc.c:459:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!RpcChannel_Send(chan, tmp, strlen(tmp) + 1, &result, &resultLen)) {
data/open-vm-tools-11.2.0/open-vm-tools/services/vmtoolsd/toolsRpc.c:478:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!RpcChannel_Send(chan, tmp, strlen(tmp), &result, &resultLen)) {
data/open-vm-tools-11.2.0/open-vm-tools/services/vmtoolsd/toolsRpc.c:506:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!RpcChannel_Send(chan, newcaps, strlen(newcaps) + 1, &result, &resultLen)) {
data/open-vm-tools-11.2.0/open-vm-tools/tests/testVmblock/manual-blocker.c:76:17: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char op = getchar();
data/open-vm-tools-11.2.0/open-vm-tools/tests/testVmblock/vmblocktest.c:236:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, files[i].blockerName, sizeof buf - 1);
data/open-vm-tools-11.2.0/open-vm-tools/tests/testVmblock/vmblocktest.c:238:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buf, FILENAME, sizeof buf - strlen(files[i].blockerName));
data/open-vm-tools-11.2.0/open-vm-tools/tests/testVmblock/vmblocktest.c:238:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(buf, FILENAME, sizeof buf - strlen(files[i].blockerName));
data/open-vm-tools-11.2.0/open-vm-tools/tests/vmrpcdbg/vmrpcdbg.c:264:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*len = strlen(str);
data/open-vm-tools-11.2.0/open-vm-tools/toolbox/toolboxcmd-devices.c:167:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (GetDeviceInfo(i, &info) && strlen(info.name) > 0) {
data/open-vm-tools-11.2.0/open-vm-tools/toolbox/toolboxcmd-info.c:73:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!DynXdr_AppendRaw(&xdrs, request, strlen(request)) ||
data/open-vm-tools-11.2.0/open-vm-tools/toolbox/toolboxcmd-scripts.c:169:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(entry);
data/open-vm-tools-11.2.0/open-vm-tools/toolbox/toolboxcmd-shrink.c:439:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(err) > 0) {
data/open-vm-tools-11.2.0/open-vm-tools/toolbox/toolboxcmd-time.c:86:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return ToolsCmd_SendRPC(msg, strlen(msg) + 1, reply, replyLen);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/cli/main.c:822:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(longName);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/certverify.c:217:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
b = g_strstr_len(result, strlen(result), "--\n");
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/certverify.c:220:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(b) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/certverify.c:280:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(cleanCertStr);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/certverify.c:282:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(sslCertHeader) +
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/certverify.c:283:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(sslCertFooter) +
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/certverify.c:293:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(result, sslCertHeader, strlen(sslCertHeader));
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/certverify.c:294:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmpCertStr = result + strlen(sslCertHeader);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/certverify.c:308:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(tmpCertStr, sslCertFooter, strlen(sslCertFooter));
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/certverify.c:343:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(pemCert);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/certverify.c:344:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len < strlen(sslCertHeader)) {
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/certverify.c:352:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (memcmp(sslCertHeader, pemCert, strlen(sslCertHeader)) != 0) {
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/usercheck.c:364:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(userName);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/common/vmxlog.c:256:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int) strlen(cmd);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/lib/comm.c:340:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return VGAuth_NetworkWriteBytes(ctx, strlen(packet), packet);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/lib/comm.c:461:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufLen = strlen(buffer);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/lib/comm.c:468:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ctx->comm.testBuffer, buffer, sizeof ctx->comm.testBuffer - 1);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/lib/proto.c:1149:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(VGAUTH_XML_PREAMBLE)) == 0);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/service/fileLogger.c:252:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_atomic_int_add(&data->logSize, (int) strlen(message));
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/service/log.c:208:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(msg);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/service/log.c:276:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void) WriteFile(h, msg, (DWORD) strlen(msg), &written, NULL);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/service/servicePosix.c:379:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int res = read(pipeFds[0], &err, sizeof err);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/service/servicePosix.c:442:11: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
(void) umask(0);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/service/signalSource.c:91:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t nbytes = read(sigHandler.wakeupFd.fd, &info, sizeof info);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/alias.c:827:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(fd, bp, toRead);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/alias.c:3133:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
userName += strlen(ALIASSTORE_FILE_PREFIX);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/netPosix.c:132:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT(strlen(conn->pipeName) < UNIX_PATH_MAX);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/proto.c:1068:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(VGAUTH_XML_PREAMBLE)) == 0);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/proto.c:1470:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void) ServiceNetworkWriteData(conn, strlen(packet), packet);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/proto.c:1534:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err = ServiceNetworkWriteData(conn, strlen(packet), packet);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/proto.c:1585:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err2 = ServiceNetworkWriteData(conn, strlen(packet), packet);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/proto.c:1637:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err = ServiceNetworkWriteData(conn, strlen(packet), packet);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/proto.c:1685:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err = ServiceNetworkWriteData(conn, strlen(packet), packet);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/proto.c:1804:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err = ServiceNetworkWriteData(conn, strlen(packet), packet);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/proto.c:1884:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err = ServiceNetworkWriteData(conn, strlen(packet), packet);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/proto.c:1944:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err = ServiceNetworkWriteData(conn, strlen(packet), packet);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/proto.c:2028:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err = ServiceNetworkWriteData(conn, strlen(packet), packet);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/proto.c:2076:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err = ServiceNetworkWriteData(conn, strlen(packet), packet);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/proto.c:2195:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err = ServiceNetworkWriteData(conn, strlen(packet), packet);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/proto.c:2259:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void) ServiceNetworkWriteData(conn, strlen(packet), packet);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/random.c:93:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gsize bytesRead = read(fd, buffer, size);
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/saml-xml-security-c.cpp:694:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(xmlText), "VGAuthSamlAssertion");
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c:1123:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(xmlSecSize) strlen(pemCert),
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c:1381:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(token),
data/open-vm-tools-11.2.0/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c:1384:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
doc = xmlParseMemory(token, (int)strlen(token));
data/open-vm-tools-11.2.0/open-vm-tools/vmblock-fuse/fsops.c:112:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(path) > redirectPrefixLength);
data/open-vm-tools-11.2.0/open-vm-tools/vmblock-fuse/fsops.c:131:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (spaceForRelativeTarget <= strlen(relativeTarget)) {
data/open-vm-tools-11.2.0/open-vm-tools/vmblock-fuse/fsops.c:180:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(path, REDIRECT_DIR, strlen(REDIRECT_DIR)) != 0) {
data/open-vm-tools-11.2.0/open-vm-tools/vmblock-fuse/fsops.c:260:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(path) > PATH_MAX) {
data/open-vm-tools-11.2.0/open-vm-tools/vmblock-fuse/fsops.c:274:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(path, REDIRECT_DIR, strlen(REDIRECT_DIR)) == 0) {
data/open-vm-tools-11.2.0/open-vm-tools/vmblock-fuse/fsops.c:284:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
statBuf->st_size = strlen(target);
data/open-vm-tools-11.2.0/open-vm-tools/vmblock-fuse/fsops.c:288:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(path, NOTIFY_DIR, strlen(NOTIFY_DIR)) == 0) {
data/open-vm-tools-11.2.0/open-vm-tools/vmblock-fuse/fsops.c:355:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(blockPath, NOTIFY_DIR, strlen(NOTIFY_DIR)) == 0) {
data/open-vm-tools-11.2.0/open-vm-tools/vmblock-fuse/fsops.c:495:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& (strncmp(path, NOTIFY_DIR, strlen(NOTIFY_DIR)) != 0)) {
data/open-vm-tools-11.2.0/open-vm-tools/vmblock-fuse/fsops.c:541:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(path);
data/open-vm-tools-11.2.0/open-vm-tools/vmblock-fuse/fsops.c:696:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(path, NOTIFY_DIR, strlen(NOTIFY_DIR)) == 0) {
data/open-vm-tools-11.2.0/open-vm-tools/vmblock-fuse/util.c:48:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = strlen(src);
data/open-vm-tools-11.2.0/open-vm-tools/vmblockmounter/vmblockmounter.c:232:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ .iov_base = mountPoint, .iov_len = strlen(mountPoint) + 1 },
data/open-vm-tools-11.2.0/open-vm-tools/vmblockmounter/vmblockmounter.c:234:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ .iov_base = sourceDir, .iov_len = strlen(sourceDir) + 1 }
data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/cache.c:179:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = malloc(sizeof(HgfsAttrCache) + strlen(path) + 1);
data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/cache.c:185:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Str_Strcpy(tmp->path, path, strlen(path) + 1);
data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/cache.c:379:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = malloc(sizeof(HgfsAttrCache) + strlen(path) + 1);
data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/cache.c:385:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Str_Strcpy(tmp->path, path, strlen(path) + 1);
data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/config.c:233:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
modulesDepDataSize = read(modulesDepFd,
data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/config.c:288:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
procFilesystemsDataSize = read(procFilesystemsFd,
data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/config.c:414:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncmp(arg, HOSTNAME_PREFIX, strlen(HOSTNAME_PREFIX)) == 0) {
data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/config.c:415:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *p = arg + strlen(HOSTNAME_PREFIX);
data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/config.c:424:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
q = gState->basePath + strlen(gState->basePath) - 1;
data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/config.c:428:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gState->basePathLen = strlen(gState->basePath);
data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/link.c:57:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
targetNameBytes = strlen(symname) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/main.c:63:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = gState->basePathLen + strlen(path) + 1;
data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/main.c:336:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (size > strlen(attr->fileName)) {
data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/main.c:338:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(attr->fileName) + 1);
data/open-vm-tools-11.2.0/open-vm-tools/vmhgfs-fuse/main.c:1384:4: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(0);
data/open-vm-tools-11.2.0/open-vm-tools/vmware-user-suid-wrapper/wrapper-freebsd.c:104:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strncmp(execPath, tmpPath, strlen(tmpPath)) != 0) ||
data/open-vm-tools-11.2.0/open-vm-tools/vmware-user-suid-wrapper/wrapper-linux.c:82:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tmpPath) + strlen("/vmtoolsd") + 1 > sizeof tmpPath) {
data/open-vm-tools-11.2.0/open-vm-tools/vmware-user-suid-wrapper/wrapper-linux.c:82:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tmpPath) + strlen("/vmtoolsd") + 1 > sizeof tmpPath) {
data/open-vm-tools-11.2.0/open-vm-tools/vmware-user-suid-wrapper/wrapper-linux.c:111:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strncmp(execPath, tmpPath, strlen(tmpPath)) != 0) ||
ANALYSIS SUMMARY:
Hits = 1609
Lines analyzed = 357289 in approximately 8.01 seconds (44588 lines/second)
Physical Source Lines of Code (SLOC) = 179607
Hits@level = [0] 345 [1] 653 [2] 732 [3] 23 [4] 182 [5] 19
Hits@level+ = [0+] 1954 [1+] 1609 [2+] 956 [3+] 224 [4+] 201 [5+] 19
Hits/KSLOC@level+ = [0+] 10.8793 [1+] 8.95845 [2+] 5.32273 [3+] 1.24717 [4+] 1.11911 [5+] 0.105787
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.