Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/pidgin-librvp-0.9.7cvs/compat.h Examining data/pidgin-librvp-0.9.7cvs/digest_access_auth.c Examining data/pidgin-librvp-0.9.7cvs/digest_access_auth.h Examining data/pidgin-librvp-0.9.7cvs/getntlm.c Examining data/pidgin-librvp-0.9.7cvs/random.c Examining data/pidgin-librvp-0.9.7cvs/random.h Examining data/pidgin-librvp-0.9.7cvs/rvp.c Examining data/pidgin-librvp-0.9.7cvs/rvp.h FINAL RESULTS: data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:91:39: [3] (random) g_random_int: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. cnonce = g_strdup_printf( "%x%u%x", g_random_int(), (int)time( NULL ), data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:92:29: [3] (random) g_random_int: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. g_random_int() ); data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:39:3: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy( buf, buffer, 16 ); /* MD5 length == 16 */ data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:70:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &bits[1][0], &bits[1][1], data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:124:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( &a1[i * 2], "%02x", (guint8)a1_b[i] ); data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:128:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &a1[32], g_hash_table_lookup( params, "nonce" ), data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:130:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &a1[32 + strlen( g_hash_table_lookup( params, "nonce" ) )], cnonce, data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:208:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( &hexresp[i * 2], "%02x", (guint8)response[i] ); data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:256:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( &hexresp[i * 2], "%02x", (guint8)response[i] ); data/pidgin-librvp-0.9.7cvs/getntlm.c:266:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[128]; data/pidgin-librvp-0.9.7cvs/getntlm.c:285:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, in, n); data/pidgin-librvp-0.9.7cvs/getntlm.c:325:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key_bits[64]; data/pidgin-librvp-0.9.7cvs/getntlm.c:326:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data_bits[64]; data/pidgin-librvp-0.9.7cvs/getntlm.c:402:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char out_key[8]; data/pidgin-librvp-0.9.7cvs/getntlm.c:405:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(resp,challenge,8); data/pidgin-librvp-0.9.7cvs/getntlm.c:409:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(resp+8,challenge,8); data/pidgin-librvp-0.9.7cvs/getntlm.c:413:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(resp+16,challenge,8); data/pidgin-librvp-0.9.7cvs/getntlm.c:422:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[1024]; data/pidgin-librvp-0.9.7cvs/getntlm.c:433:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char challenge[8]; data/pidgin-librvp-0.9.7cvs/getntlm.c:434:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char auth[1024]; data/pidgin-librvp-0.9.7cvs/getntlm.c:435:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char nt_pw[128]; data/pidgin-librvp-0.9.7cvs/getntlm.c:436:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char nt_hpw[22]; data/pidgin-librvp-0.9.7cvs/getntlm.c:437:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char lm_hpw[22]; data/pidgin-librvp-0.9.7cvs/getntlm.c:439:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lm_key[8]; data/pidgin-librvp-0.9.7cvs/getntlm.c:440:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char nt_resp[25]; data/pidgin-librvp-0.9.7cvs/getntlm.c:441:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char lm_resp[25]; data/pidgin-librvp-0.9.7cvs/getntlm.c:442:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char lm_pw[17]; data/pidgin-librvp-0.9.7cvs/getntlm.c:443:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dom[64]; data/pidgin-librvp-0.9.7cvs/getntlm.c:444:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char user[64]; data/pidgin-librvp-0.9.7cvs/getntlm.c:445:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host[64]; data/pidgin-librvp-0.9.7cvs/getntlm.c:460:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(challenge,&buffer[24],8); data/pidgin-librvp-0.9.7cvs/getntlm.c:483:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lm_hpw,lm_magic,8); data/pidgin-librvp-0.9.7cvs/getntlm.c:487:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lm_hpw+8,lm_magic,8); data/pidgin-librvp-0.9.7cvs/getntlm.c:533:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( auth,"NTLMSSP\0", 8 ); /* protocol */ data/pidgin-librvp-0.9.7cvs/getntlm.c:628:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&auth[i],dom,dom_len); data/pidgin-librvp-0.9.7cvs/getntlm.c:630:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&auth[i],user,user_len); data/pidgin-librvp-0.9.7cvs/getntlm.c:632:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&auth[i],host,host_len); data/pidgin-librvp-0.9.7cvs/getntlm.c:634:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&auth[i],lm_resp,24); data/pidgin-librvp-0.9.7cvs/getntlm.c:636:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&auth[i],nt_resp,24); data/pidgin-librvp-0.9.7cvs/getntlm.c:639:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer,"NTLM ", 5); data/pidgin-librvp-0.9.7cvs/getntlm.c:667:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( msg.signature, "NTLMSSP\0", 8 ); data/pidgin-librvp-0.9.7cvs/getntlm.c:686:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( blob, (unsigned char *)&msg, sizeof( struct _msg1 )); data/pidgin-librvp-0.9.7cvs/getntlm.c:687:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &blob[sizeof( struct _msg1 )], host, hostlen ); data/pidgin-librvp-0.9.7cvs/getntlm.c:688:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &blob[sizeof( struct _msg1 ) + hostlen], domain, domlen ); data/pidgin-librvp-0.9.7cvs/getntlm.c:690:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( buffer, "NTLM ", 5 ); data/pidgin-librvp-0.9.7cvs/rvp.c:78:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char HEX_ELM[17] = { '0','1','2','3','4','5','6','7', data/pidgin-librvp-0.9.7cvs/rvp.c:168:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char answer[1024]; data/pidgin-librvp-0.9.7cvs/rvp.c:170:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[1024]; data/pidgin-librvp-0.9.7cvs/rvp.c:771:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). subs_id = atoi((gchar *)sid ); data/pidgin-librvp-0.9.7cvs/rvp.c:776:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). timeout = atoi((gchar *)to ); data/pidgin-librvp-0.9.7cvs/rvp.c:1009:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &(rd->defaultacl), &(rbuddy->acl), sizeof( guint16 )); data/pidgin-librvp-0.9.7cvs/rvp.c:1281:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). target->subs_id = atoi( subs_id ); data/pidgin-librvp-0.9.7cvs/rvp.c:1287:24: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). time_t timeout = atol( lifetime ); data/pidgin-librvp-0.9.7cvs/rvp.c:1319:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). guint32 s = atoi( (gchar *)&val[i] ); data/pidgin-librvp-0.9.7cvs/rvp.c:1374:41: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). rd->view_expiry = atol( (gchar *)to ) + data/pidgin-librvp-0.9.7cvs/rvp.c:1378:40: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atol((gchar *)to ), to ); data/pidgin-librvp-0.9.7cvs/rvp.c:1389:33: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). rd->view_id = atol( viewid ); data/pidgin-librvp-0.9.7cvs/rvp.c:1413:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). target->mobile_state = atoi((gchar *)v ); data/pidgin-librvp-0.9.7cvs/rvp.c:1781:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( inv->outbuffer, &hdr, 3 ); data/pidgin-librvp-0.9.7cvs/rvp.c:1948:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). gint authcookie = atoi( auth[2] ); data/pidgin-librvp-0.9.7cvs/rvp.c:1995:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). realsize = atoi( &inv->inbuffer[4] ); data/pidgin-librvp-0.9.7cvs/rvp.c:2018:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). code = atoi( &(inv->inbuffer[4] )); data/pidgin-librvp-0.9.7cvs/rvp.c:2232:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cookie = atoi( cookiestr ); data/pidgin-librvp-0.9.7cvs/rvp.c:2271:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). gaim_xfer_set_size( xfer, atoi( filesize )); data/pidgin-librvp-0.9.7cvs/rvp.c:2380:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). invite->authcookie = atoi( auth ); data/pidgin-librvp-0.9.7cvs/rvp.c:2401:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi( port ), rvp_xfer_connect_callback, xfer ); data/pidgin-librvp-0.9.7cvs/rvp.c:2512:48: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). newopen = g_strdup_printf( "%sFACE='", open ); data/pidgin-librvp-0.9.7cvs/rvp.c:2513:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). g_free( open ); data/pidgin-librvp-0.9.7cvs/rvp.c:2617:57: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). newopen = g_strdup_printf( "%sCOLOR='#000000'", open ); data/pidgin-librvp-0.9.7cvs/rvp.c:2618:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). g_free( open ); data/pidgin-librvp-0.9.7cvs/rvp.c:2620:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). len = strlen( open ); data/pidgin-librvp-0.9.7cvs/rvp.c:2626:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open[ len - 6 ] = bits[b][clen + 2]; data/pidgin-librvp-0.9.7cvs/rvp.c:2629:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open[ len - 7 ] = bits[b][clen + 1]; data/pidgin-librvp-0.9.7cvs/rvp.c:2632:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open[ len - 4 ] = bits[b][clen]; data/pidgin-librvp-0.9.7cvs/rvp.c:2635:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open[ len - 5 ] = bits[b][clen - 1]; data/pidgin-librvp-0.9.7cvs/rvp.c:2638:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open[ len - 2 ] = bits[b][clen - 2]; data/pidgin-librvp-0.9.7cvs/rvp.c:2641:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open[ len - 3 ] = bits[b][clen - 3]; data/pidgin-librvp-0.9.7cvs/rvp.c:2649:57: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). gaim_debug_misc( __FUNCTION__, "applying: %s>%s%s\n", open, mods, close ); data/pidgin-librvp-0.9.7cvs/rvp.c:2651:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). msgbody = g_strconcat( open, ">", mods, msg, close, NULL ); data/pidgin-librvp-0.9.7cvs/rvp.c:2652:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). g_free( open ); data/pidgin-librvp-0.9.7cvs/rvp.c:2977:47: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. rvp_parse_invite( gc, buddy, (char *)parts[1] ); data/pidgin-librvp-0.9.7cvs/rvp.c:3099:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[BUF_LEN]; /* gaim requirement, alas */ data/pidgin-librvp-0.9.7cvs/rvp.c:3205:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. rvpleconst char *emblems[4] = { NULL, NULL, NULL, NULL }; data/pidgin-librvp-0.9.7cvs/rvp.c:3270:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *emblems[4]; data/pidgin-librvp-0.9.7cvs/rvp.c:4293:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( rb, dup->proto_data, sizeof( RVPBuddy )); data/pidgin-librvp-0.9.7cvs/rvp.c:4627:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( args[1], content, content_length ); data/pidgin-librvp-0.9.7cvs/rvp.c:5091:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *content_len = atoi( &p[strlen( "Content-Length: " )]); data/pidgin-librvp-0.9.7cvs/rvp.c:5299:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( cb, callback, strlen( callback )); data/pidgin-librvp-0.9.7cvs/rvp.c:5566:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ( code = atoi( &gfd->response.header[9] )) > 99 && code < 1000 ) { data/pidgin-librvp-0.9.7cvs/rvp.c:5949:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). rd->subs_id = atoi( subs_id ); data/pidgin-librvp-0.9.7cvs/rvp.c:5959:28: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). time_t timeout = atol( lifetime ); data/pidgin-librvp-0.9.7cvs/rvp.c:6819:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (( buds = fopen( filename, "rb" )) != NULL ) { data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:54:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). auth_param = g_strsplit( &header[strlen( "Digest ")], ",", 0 ); data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:71:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen( bits[1] ) - 1 ); data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:72:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bits[1][strlen( bits[1] ) - 1] = '\0'; data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:74:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( bits[1][strlen( bits[1] ) - 1] == '"' ) { data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:75:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bits[1][strlen( bits[1] ) - 1 ] = '\0'; data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:97:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). md5_append( &md5, (md5_byte_t *)user, strlen( user )); data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:100:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen( g_hash_table_lookup( params, "realm" ))); data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:102:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). md5_append( &md5, (md5_byte_t *)pass, strlen( pass )); data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:112:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). md5_append( &md5, (md5_byte_t *)user, strlen( user )); data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:115:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen( g_hash_table_lookup( params, "realm" ))); data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:117:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). md5_append( &md5, (md5_byte_t *)pass, strlen( pass )); data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:121:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). a1 = g_malloc0( 32 + strlen( g_hash_table_lookup( params, "nonce" )) + data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:122:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen( cnonce ) + 1 ); data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:129:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen( g_hash_table_lookup( params, "nonce" ))); data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:130:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy( &a1[32 + strlen( g_hash_table_lookup( params, "nonce" ) )], cnonce, data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:131:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen( cnonce )); data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:132:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). a1[32 + strlen( g_hash_table_lookup( params, "nonce" ) ) + strlen( cnonce )] = '\0'; data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:132:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). a1[32 + strlen( g_hash_table_lookup( params, "nonce" ) ) + strlen( cnonce )] = '\0'; data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:161:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). md5_append( &md5, (md5_byte_t *)a2, strlen( a2 )); data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:172:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for ( i = 0; i < strlen( a1 ); i++ ) { data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:180:77: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). md5_append( &md5, (md5_byte_t *)g_hash_table_lookup( params, "nonce" ), strlen( g_hash_table_lookup( params, "nonce" ) )); data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:184:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). md5_append( &md5, (md5_byte_t *)"00000001", strlen( "00000001" )); data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:189:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). md5_append( &md5, (md5_byte_t *)cnonce, strlen( cnonce )); data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:193:75: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). md5_append( &md5, (md5_byte_t *)g_hash_table_lookup( params, "qop" ), strlen( g_hash_table_lookup( params, "qop" ) )); data/pidgin-librvp-0.9.7cvs/digest_access_auth.c:243:77: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). md5_append( &md5, (md5_byte_t *)g_hash_table_lookup( params, "nonce" ), strlen( g_hash_table_lookup( params, "nonce" ) )); data/pidgin-librvp-0.9.7cvs/getntlm.c:463:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i=0 ; i<strlen(passwd) ; i++ ) data/pidgin-librvp-0.9.7cvs/getntlm.c:469:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mdfour(nt_hpw, nt_pw, strlen(passwd)*2); data/pidgin-librvp-0.9.7cvs/getntlm.c:477:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for ( i=0 ; i<14 && i < strlen(passwd); i++ ) data/pidgin-librvp-0.9.7cvs/getntlm.c:497:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for ( i=0 ; i < strlen(domain) ; i++ ) { data/pidgin-librvp-0.9.7cvs/getntlm.c:507:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for ( i=0 ; i < strlen(authid) ; i++ ) { data/pidgin-librvp-0.9.7cvs/getntlm.c:514:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for ( i=0 ; i < strlen(username) ; i++ ) { data/pidgin-librvp-0.9.7cvs/getntlm.c:526:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for ( i=0 ; i < strlen(hostname) ; i++ ) { data/pidgin-librvp-0.9.7cvs/getntlm.c:664:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gint hostlen = strlen( host ); data/pidgin-librvp-0.9.7cvs/getntlm.c:665:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gint domlen = strlen( domain ); data/pidgin-librvp-0.9.7cvs/rvp.c:1095:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( headers[ i ] ) == 0 ) { data/pidgin-librvp-0.9.7cvs/rvp.c:1110:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). key = g_ascii_strdown( bits[ 0 ], strlen( bits[ 0 ] )); data/pidgin-librvp-0.9.7cvs/rvp.c:1318:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( (gchar *)&val[i] )) { data/pidgin-librvp-0.9.7cvs/rvp.c:1664:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read( xfer->fd, &(inv->hdr[inv->hdrread]), sizeof( msnftphdr ) data/pidgin-librvp-0.9.7cvs/rvp.c:1695:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read( xfer->fd, *buffer, s ); data/pidgin-librvp-0.9.7cvs/rvp.c:1896:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ( read( source, &(inv->inbuffer[ inv->inbuflen - 1 ]) , 1 ) > 0 || data/pidgin-librvp-0.9.7cvs/rvp.c:2035:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). inv->outbuflen = strlen( inv->outbuffer ); data/pidgin-librvp-0.9.7cvs/rvp.c:2126:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). inv->outbuflen = strlen( inv->outbuffer ); data/pidgin-librvp-0.9.7cvs/rvp.c:2452:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( msg ) == 0 ) { data/pidgin-librvp-0.9.7cvs/rvp.c:2460:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). gsize read, written; data/pidgin-librvp-0.9.7cvs/rvp.c:2461:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gchar *converted = g_convert( msg, strlen( msg ), "UCS-2LE", "UTF-8", &read, data/pidgin-librvp-0.9.7cvs/rvp.c:2461:76: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). gchar *converted = g_convert( msg, strlen( msg ), "UCS-2LE", "UTF-8", &read, data/pidgin-librvp-0.9.7cvs/rvp.c:2515:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen( newopen ); data/pidgin-librvp-0.9.7cvs/rvp.c:2516:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newopen = g_realloc( newopen, len + strlen( bits[b] ) - 2 ); data/pidgin-librvp-0.9.7cvs/rvp.c:2517:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for ( c = 3; c < strlen( bits[b] ); c++ ) { data/pidgin-librvp-0.9.7cvs/rvp.c:2533:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for ( c = 3; c < strlen( bits[b] ); c++ ) { data/pidgin-librvp-0.9.7cvs/rvp.c:2620:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen( open ); data/pidgin-librvp-0.9.7cvs/rvp.c:2621:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). clen = strlen( bits[ b ] ) - 3; data/pidgin-librvp-0.9.7cvs/rvp.c:2771:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen( "text/plain" ))) { data/pidgin-librvp-0.9.7cvs/rvp.c:2773:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen( contenttype ), data/pidgin-librvp-0.9.7cvs/rvp.c:2789:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen( "text/x-msmsgscontrol" ))) { data/pidgin-librvp-0.9.7cvs/rvp.c:2792:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen( "text/x-msmsgsinvite" ))) { data/pidgin-librvp-0.9.7cvs/rvp.c:2795:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen( "text/x-imleave" ))) { data/pidgin-librvp-0.9.7cvs/rvp.c:2811:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sessid = memmove( sessid, &sessid[1], strlen( sessid ) - 1 ); data/pidgin-librvp-0.9.7cvs/rvp.c:2813:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( sessid[strlen( sessid ) - 2] == '}' ) { data/pidgin-librvp-0.9.7cvs/rvp.c:2814:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sessid[strlen( sessid ) - 2] = '\0'; data/pidgin-librvp-0.9.7cvs/rvp.c:4605:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). node = xmlNewCDataBlock( doc, BAD_CAST msg, strlen( msg )); data/pidgin-librvp-0.9.7cvs/rvp.c:5091:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *content_len = atoi( &p[strlen( "Content-Length: " )]); data/pidgin-librvp-0.9.7cvs/rvp.c:5142:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). gsize read, i; data/pidgin-librvp-0.9.7cvs/rvp.c:5150:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). read = strlen( gfud->request.webdata ); data/pidgin-librvp-0.9.7cvs/rvp.c:5151:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). gfud->request.length = read; data/pidgin-librvp-0.9.7cvs/rvp.c:5156:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bigbuf = g_malloc0( read * 2 ); data/pidgin-librvp-0.9.7cvs/rvp.c:5157:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for ( i = 0; i < read; i++ ) { data/pidgin-librvp-0.9.7cvs/rvp.c:5162:51: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "UTF-8", "UCS-2LE", &read, data/pidgin-librvp-0.9.7cvs/rvp.c:5233:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen( h ) > 0 ) { data/pidgin-librvp-0.9.7cvs/rvp.c:5240:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen( h ) > 0 ) { data/pidgin-librvp-0.9.7cvs/rvp.c:5248:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen( h ) > 0 ) { data/pidgin-librvp-0.9.7cvs/rvp.c:5292:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen( gfud->request.header ) - 2 + data/pidgin-librvp-0.9.7cvs/rvp.c:5293:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen( callback ) + 1 ); data/pidgin-librvp-0.9.7cvs/rvp.c:5299:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy( cb, callback, strlen( callback )); data/pidgin-librvp-0.9.7cvs/rvp.c:5300:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cb[strlen( callback )] = '\0'; data/pidgin-librvp-0.9.7cvs/rvp.c:5325:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rc = write( sock, buf, strlen( buf )); data/pidgin-librvp-0.9.7cvs/rvp.c:5326:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( rc != strlen( buf )) { data/pidgin-librvp-0.9.7cvs/rvp.c:5328:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen( buf )); data/pidgin-librvp-0.9.7cvs/rvp.c:5363:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ( read( sock, &data, 1 ) > 0 || errno == EWOULDBLOCK ) { data/pidgin-librvp-0.9.7cvs/rvp.c:5565:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen( gfd->response.header ) >= 12 && data/pidgin-librvp-0.9.7cvs/rvp.c:5730:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( rd->domain != NULL && ( strlen( rd->domain ) > 0 )) { data/pidgin-librvp-0.9.7cvs/rvp.c:5782:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( hdr && strlen( hdr )) { data/pidgin-librvp-0.9.7cvs/rvp.c:5817:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( hdr && strlen( hdr )) { data/pidgin-librvp-0.9.7cvs/rvp.c:5887:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( p && !strncmp( p, "text/xml", strlen( "text/xml" ))) { data/pidgin-librvp-0.9.7cvs/rvp.c:5909:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write( gfd->sock, reply, strlen( reply )); /* xxx blocking */ data/pidgin-librvp-0.9.7cvs/rvp.c:6684:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( !strlen( authhost )) { data/pidgin-librvp-0.9.7cvs/rvp.c:6702:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (( host == NULL || ( strlen( host ) == 0 ))) { data/pidgin-librvp-0.9.7cvs/rvp.c:6870:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if ( line[0] == 'm' && strlen( filename ) > 6 && data/pidgin-librvp-0.9.7cvs/rvp.c:6874:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( line[ strlen( line ) - 1] == '\n' ) { data/pidgin-librvp-0.9.7cvs/rvp.c:6875:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). line[ strlen( line ) - 1 ] = '\0'; ANALYSIS SUMMARY: Hits = 182 Lines analyzed = 8789 in approximately 0.23 seconds (37472 lines/second) Physical Source Lines of Code (SLOC) = 6281 Hits@level = [0] 2 [1] 90 [2] 90 [3] 2 [4] 0 [5] 0 Hits@level+ = [0+] 184 [1+] 182 [2+] 92 [3+] 2 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 29.2947 [1+] 28.9763 [2+] 14.6473 [3+] 0.318421 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.