Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/oauth.c
Examining data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/provider.c
Examining data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/provider.h
Examining data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/php_oauth.h
Examining data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/oauth.c
Examining data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/provider.c
Examining data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/provider.h
Examining data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/php_oauth.h
FINAL RESULTS:
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/oauth.c:330:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
result = php_base64_encode((unsigned char *)Z_STRVAL_P(args[1]), Z_STRLEN_P(args[1]), &retlen);
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/oauth.c:1123:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(z_data, data, data_len);
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/oauth.c:3009:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&so_object_handlers, zend_get_std_object_handlers(), sizeof(zend_object_handlers));
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/php_oauth.h:252:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_location_header[OAUTH_MAX_HEADER_LEN];
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/provider.c:306:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cb->fcall_info, &fci, sizeof(zend_fcall_info));
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/provider.c:681:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char additional_info[512] = "", *http_verb = NULL, *uri = NULL, *sbs = NULL, *signature = NULL, *current_uri = NULL;
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/provider.c:952:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(strong?"/dev/random":"/dev/urandom", O_RDONLY);
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/provider.c:1259:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&oauth_provider_obj_hndlrs, zend_get_std_object_handlers(), sizeof(zend_object_handlers));
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/provider.h:99:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *endpoint_paths[3];
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/oauth.c:255:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
result = php_base64_encode((unsigned char *) Z_STRVAL_P(Z_REFVAL(args[1])), Z_STRLEN_P(Z_REFVAL(args[1])));
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/oauth.c:971:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(z_data, data, data_len);
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/oauth.c:2733:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&so_object_handlers, zend_get_std_object_handlers(), sizeof(zend_object_handlers));
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/php_oauth.h:218:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_location_header[OAUTH_MAX_HEADER_LEN];
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/provider.c:301:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cb->fcall_info, &fci, sizeof(zend_fcall_info));
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/provider.c:666:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char additional_info[512] = "", *http_verb = NULL, *uri = NULL, *current_uri = NULL;
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/provider.c:940:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(strong?"/dev/random":"/dev/urandom", O_RDONLY);
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/provider.c:1189:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&oauth_provider_obj_hndlrs, zend_get_std_object_handlers(), sizeof(zend_object_handlers));
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/provider.h:93:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *endpoint_paths[3];
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/oauth.c:56:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
php_url_decode(var, strlen(var));
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/oauth.c:57:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
val_len = php_url_decode(val, strlen(val));
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/oauth.c:62:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
php_url_decode(var, strlen(var));
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/oauth.c:390:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prop_len = strlen(prop_name);
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/oauth.c:406:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prop_len = strlen(prop_name);
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/oauth.c:420:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url_len = strlen(url);
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/oauth.c:674:120: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(PG(http_globals)[TRACK_VARS_GET] && SUCCESS==zend_hash_find(HASH_OF(PG(http_globals)[TRACK_VARS_GET]), arg_name, strlen(arg_name)+1, (void*)&ptr) && IS_STRING==Z_TYPE_PP(ptr)) ||
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/oauth.c:675:122: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(PG(http_globals)[TRACK_VARS_POST] && SUCCESS==zend_hash_find(HASH_OF(PG(http_globals)[TRACK_VARS_POST]), arg_name, strlen(arg_name)+1, (void*)&ptr) && IS_STRING==Z_TYPE_PP(ptr))
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/oauth.c:698:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urlparts = php_url_parse_ex(uri, strlen(uri));
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/oauth.c:834:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
h = zend_hash_func((char *)arg, strlen(arg)+1);
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/oauth.c:835:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zend_hash_quick_update(ht, (char *)arg, strlen(arg)+1, h, &varg, sizeof(zval *), NULL);
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/oauth.c:1179:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(soo->last_location_header, header + vpos, eol - vpos);
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/oauth.c:1279:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((type = php_memnstr(postval, ";type=", sizeof(";type=") - 1, postval + strlen(soo->multipart_files[i]) - 1))) {
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/oauth.c:1282:91: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((filename = php_memnstr(postval, ";filename=", sizeof(";filename=") - 1, postval + strlen(soo->multipart_files[i]) - 1))) {
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/oauth.c:1297:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CURLFORM_NAMELENGTH, (long)strlen(soo->multipart_params[i]),
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/oauth.c:1305:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CURLFORM_NAMELENGTH, (long)strlen(soo->multipart_params[i]),
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/oauth.c:1307:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CURLFORM_CONTENTSLENGTH, (long)strlen(postval),
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/oauth.c:2747:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hlen = strlen(hkey)+1;
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/provider.c:28:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zend_update_property(Z_OBJCE_P(provider_obj), provider_obj, prop_name, strlen(prop_name), prop TSRMLS_CC);
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/provider.c:49:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(zend_hash_add(ht, required_params[idx], strlen(required_params[idx]) + 1, &tmp, sizeof(zval *), NULL)==FAILURE) {
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/provider.c:67:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(zend_hash_find(ht, required_param, strlen(required_param) + 1, (void **)&dest_entry)==FAILURE) {
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/provider.c:88:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(zend_hash_find(ht, required_param, strlen(required_param) + 1, (void **)&dest_entry)==FAILURE) {
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/provider.c:91:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(zend_hash_add(ht, required_param, strlen(required_param) + 1, &zparam, sizeof(zval *), NULL)==FAILURE) {
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/provider.c:137:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
php_url *urlparts = php_url_parse_ex(uri, strlen(uri));
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/provider.c:138:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uri_matched = urlparts && 0==strncmp(urlparts->path, reqtoken_path, strlen(reqtoken_path));
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/provider.c:142:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uri_matched = 0==strncmp(uri, reqtoken_path, strlen(reqtoken_path));
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/provider.c:206:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_len = strlen(key);
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/provider.c:237:3: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(auth_header),
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/provider.c:958:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(fd, iv + reaped, size - reaped);
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/provider.c:1043:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pr_len = Z_STRLEN_P(sbs) + strlen(out) + sizeof("&debug_sbs=");
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/provider.c:1062:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pr_len = Z_STRLEN_P(missing_params) + strlen(out) + sizeof("&oauth_parameters_absent=");
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/provider.c:1077:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ZVAL_STRINGL(return_value, out, strlen(out), 1);
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/provider.c:1087:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ctr.line_len = strlen(http_header_line);
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/provider.h:62:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strncasecmp(param, exp, strlen(exp))) { \
data/php-oauth-2.0.5+1.2.3/oauth-1.2.3/provider.h:73:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zend_hash_update(ht, k, strlen(k) + 1, (void**)v, Z_STRLEN_PP(v) + 1, NULL)
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/oauth.c:66:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
php_url_decode(var, strlen(var));
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/oauth.c:67:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
val_len = php_url_decode(val, strlen(val));
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/oauth.c:72:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
php_url_decode(var, strlen(var));
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/oauth.c:311:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return zend_hash_str_find(soo->properties, prop_name, strlen(prop_name));
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/oauth.c:318:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (zend_hash_str_update(soo->properties, prop_name, strlen(prop_name), prop) == NULL) ? FAILURE : SUCCESS;
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/oauth.c:329:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url_len = strlen(url);
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/oauth.c:551:145: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(Z_TYPE(PG(http_globals)[TRACK_VARS_GET]) != IS_UNDEF && (ptr = zend_hash_str_find(HASH_OF(&(PG(http_globals)[TRACK_VARS_GET])), arg_name, strlen(arg_name))) != NULL && IS_STRING == Z_TYPE_P(ptr)) ||
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/oauth.c:552:146: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(Z_TYPE(PG(http_globals)[TRACK_VARS_POST])!= IS_UNDEF && (ptr = zend_hash_str_find(HASH_OF(&(PG(http_globals)[TRACK_VARS_POST])), arg_name, strlen(arg_name))) != NULL && IS_STRING == Z_TYPE_P(ptr))
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/oauth.c:577:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urlparts = php_url_parse_ex(uri, strlen(uri));
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/oauth.c:706:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zend_hash_str_update(ht, (char *)arg, strlen(arg), &varg);
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/oauth.c:1027:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(soo->last_location_header, header + vpos, eol - vpos);
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/oauth.c:1103:88: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((type = (char *) php_memnstr(postval, ";type=", sizeof(";type=") - 1, postval + strlen(soo->multipart_files[i]) - 1))) {
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/oauth.c:1106:100: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((filename = (char *) php_memnstr(postval, ";filename=", sizeof(";filename=") - 1, postval + strlen(soo->multipart_files[i]) - 1))) {
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/oauth.c:1121:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CURLFORM_NAMELENGTH, (long)strlen(soo->multipart_params[i]),
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/oauth.c:1129:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CURLFORM_NAMELENGTH, (long)strlen(soo->multipart_params[i]),
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/oauth.c:1131:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CURLFORM_CONTENTSLENGTH, (long)strlen(postval),
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/php_oauth.h:337:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define OAUTH_URL_LEN(a) strlen(a)
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/provider.c:27:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zend_update_property(Z_OBJCE_P(provider_obj), provider_obj, prop_name, strlen(prop_name), prop);
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/provider.c:47:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(zend_hash_str_add(ht, required_params[idx], strlen(required_params[idx]), &tmp) == NULL) {
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/provider.c:64:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((dest_entry = zend_hash_str_find(ht, required_param, strlen(required_param))) == NULL) {
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/provider.c:85:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((dest_entry = zend_hash_str_find(ht, required_param, strlen(required_param))) == NULL) {
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/provider.c:87:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(zend_hash_str_add(ht, required_param, strlen(required_param), &zparam) == NULL) {
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/provider.c:133:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
php_url *urlparts = php_url_parse_ex(uri, strlen(uri));
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/provider.c:134:88: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uri_matched = urlparts && 0==strncmp(OAUTH_URL_STR(urlparts->path), reqtoken_path, strlen(reqtoken_path));
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/provider.c:138:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uri_matched = 0==strncmp(uri, reqtoken_path, strlen(reqtoken_path));
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/provider.c:198:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return zend_hash_str_update(ht, key, strlen(key), val) != NULL;
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/provider.c:209:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zend_string *s_auth_header = zend_string_init(auth_header, strlen(auth_header), 0);
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/provider.c:234:3: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(auth_header),
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/provider.c:946:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(fd, iv + reaped, size - reaped);
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/provider.c:1027:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pr_len = Z_STRLEN_P(sbs) + strlen(out) + sizeof("&debug_sbs=");
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/provider.c:1046:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pr_len = Z_STRLEN_P(missing_params) + strlen(out) + sizeof("&oauth_parameters_absent=");
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/provider.c:1061:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ZVAL_STRINGL(return_value, out, strlen(out));
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/provider.c:1071:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ctr.line_len = strlen(http_header_line);
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/provider.h:57:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strncasecmp(param, exp, strlen(exp))) { \
data/php-oauth-2.0.5+1.2.3/oauth-2.0.5/provider.h:68:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zend_hash_update(ht, k, strlen(k) + 1, (void**)v, Z_STRLEN_PP(v) + 1, NULL)
ANALYSIS SUMMARY:
Hits = 88
Lines analyzed = 9512 in approximately 0.26 seconds (36396 lines/second)
Physical Source Lines of Code (SLOC) = 7216
Hits@level = [0] 8 [1] 70 [2] 18 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 96 [1+] 88 [2+] 18 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 13.3038 [1+] 12.1951 [2+] 2.49446 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.