Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/postal-0.75/address.cpp Examining data/postal-0.75/address.h Examining data/postal-0.75/basictcp.cpp Examining data/postal-0.75/basictcp.h Examining data/postal-0.75/bhm.cpp Examining data/postal-0.75/bhmusers.cpp Examining data/postal-0.75/bhmusers.h Examining data/postal-0.75/client.cpp Examining data/postal-0.75/client.h Examining data/postal-0.75/cmd5.cpp Examining data/postal-0.75/cmd5.h Examining data/postal-0.75/conf.h Examining data/postal-0.75/ex-test.cpp Examining data/postal-0.75/expand.cpp Examining data/postal-0.75/expand.h Examining data/postal-0.75/logit.cpp Examining data/postal-0.75/logit.h Examining data/postal-0.75/md5.c Examining data/postal-0.75/md5.h Examining data/postal-0.75/mutex.cpp Examining data/postal-0.75/mutex.h Examining data/postal-0.75/port.h Examining data/postal-0.75/postal-list.cpp Examining data/postal-0.75/postal.cpp Examining data/postal-0.75/postal.h Examining data/postal-0.75/rabid.cpp Examining data/postal-0.75/results.cpp Examining data/postal-0.75/results.h Examining data/postal-0.75/smtp.cpp Examining data/postal-0.75/smtp.h Examining data/postal-0.75/smtpserver.cpp Examining data/postal-0.75/smtpserver.h Examining data/postal-0.75/tcp.cpp Examining data/postal-0.75/tcp.h Examining data/postal-0.75/thread.cpp Examining data/postal-0.75/thread.h Examining data/postal-0.75/userlist.cpp Examining data/postal-0.75/userlist.h FINAL RESULTS: data/postal-0.75/basictcp.cpp:232:22: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. ERROR_TYPE base_tcp::printf(CPCCHAR fmt, ...) data/postal-0.75/basictcp.cpp:237:13: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int len = vsnprintf(buf, sizeof(buf), fmt, argp); data/postal-0.75/basictcp.h:62:14: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. ERROR_TYPE printf(CPCCHAR fmt, ...); data/postal-0.75/client.cpp:457:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&m_namesBuf[getThreadNum() * m_maxNameLen], user); data/postal-0.75/logit.cpp:44:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, pid); data/postal-0.75/logit.cpp:49:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, count); data/postal-0.75/bhm.cpp:340:20: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while(-1 != (c = getopt(argc, argv, "b:m:p:st:z:Z:")) ) data/postal-0.75/expand.cpp:171:34: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. output[i] = m_convert[i][random()%m_conv_item_len[i]]; data/postal-0.75/postal.cpp:76:20: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while(-1 != (c = getopt(argc, argv, "ab:f:m:M:p:s:t:c:r:Ll:z:Z:")) ) data/postal-0.75/rabid.cpp:77:20: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while(-1 != (c = getopt(argc, argv, "ab:d:c:i:l:p:r:s:uz:Z:")) ) data/postal-0.75/smtp.cpp:69:36: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. m_randBuf[i] = m_randomLetters[random() % m_randomLen]; data/postal-0.75/smtp.cpp:79:18: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. int offset = random() % (MAP_SIZE - (len - 2)); data/postal-0.75/smtp.cpp:91:20: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. int line_len = random() % max_line_len; data/postal-0.75/smtp.cpp:109:13: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. t += 60 - random() % 600; data/postal-0.75/smtp.cpp:164:16: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. msgs = random() % m_msgsPerConnection + 1; data/postal-0.75/smtp.cpp:288:12: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. size = random() % (m_maxMsgSize - m_minMsgSize) + m_minMsgSize; data/postal-0.75/smtp.cpp:321:18: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. int subj_len = random() % (sizeof(subj_buf) - 3) + 2; data/postal-0.75/userlist.cpp:74:13: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. m_index = random() % m_users->size(); data/postal-0.75/address.cpp:60:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). port = atoi(&hostname[j + 1]); data/postal-0.75/basictcp.cpp:236:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/postal-0.75/basictcp.h:78:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_buf[4096]; data/postal-0.75/bhm.cpp:274:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/postal-0.75/bhm.cpp:359:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). maxMsgSize = atoi(optarg); data/postal-0.75/bhm.cpp:362:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). port = atoi(optarg); data/postal-0.75/bhm.cpp:372:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). maxThreads = atoi(optarg); data/postal-0.75/bhm.cpp:427:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&in.sin_addr, &sin_addr, sizeof(sin_addr)); data/postal-0.75/bhm.cpp:490:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&td->addr, &addr, sizeof(addr)); data/postal-0.75/bhmusers.cpp:8:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/postal-0.75/bhmusers.cpp:9:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(userListFile, "r"); data/postal-0.75/client.cpp:158:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char recvBuf[1024]; data/postal-0.75/client.cpp:231:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/postal-0.75/client.cpp:305:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[14]; data/postal-0.75/client.cpp:306:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(command, "retr %d\r\n", num); data/postal-0.75/client.cpp:312:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/postal-0.75/client.cpp:416:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(command, "dele %d\r\n", num); data/postal-0.75/client.cpp:433:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/postal-0.75/client.cpp:487:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(m_imapIDtxt, "%d ", m_imapID); data/postal-0.75/client.h:59:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_imapIDtxt[9]; data/postal-0.75/cmd5.cpp:30:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char output[16]; data/postal-0.75/cmd5.cpp:32:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_output[33]; data/postal-0.75/cmd5.cpp:35:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(&str_output[2 * i], "%02x", (int)output[i]); data/postal-0.75/ex-test.cpp:16:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(argv[1], "r"); data/postal-0.75/ex-test.cpp:19:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/postal-0.75/expand.cpp:29:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/postal-0.75/expand.cpp:205:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(filename, "r"); data/postal-0.75/expand.cpp:211:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char match[1024]; data/postal-0.75/logit.cpp:29:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PATH_MAX]; data/postal-0.75/logit.cpp:36:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pid[12], count[12]; data/postal-0.75/logit.cpp:37:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pid, "%d", m_pid); data/postal-0.75/logit.cpp:38:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(count, "%d", m_count); data/postal-0.75/logit.cpp:52:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_fp = fopen(buf, "w"); data/postal-0.75/md5.c:55:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char PADDING[64] = { data/postal-0.75/md5.c:169:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char digest[16]; /* message digest */ data/postal-0.75/md5.c:172:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bits[8]; data/postal-0.75/md5.c:199:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char block[64]; data/postal-0.75/md5.c:344:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((char *)output)[i] = (char)value; data/postal-0.75/md5.h:70:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[64]; /* input buffer */ data/postal-0.75/port.h:32:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define file_open open data/postal-0.75/postal-list.cpp:18:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(argv[1], "r"); data/postal-0.75/postal-list.cpp:21:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/postal-0.75/postal.cpp:103:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). maxMsgSize = atoi(optarg); data/postal-0.75/postal.cpp:106:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minMsgSize = atoi(optarg); data/postal-0.75/postal.cpp:109:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). port = atoi(optarg); data/postal-0.75/postal.cpp:113:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ssl = atoi(optarg); data/postal-0.75/postal.cpp:119:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). processes = atoi(optarg); data/postal-0.75/postal.cpp:122:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). msgsPerConnection = atoi(optarg); data/postal-0.75/postal.cpp:125:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). msgsPerMinute = atoi(optarg); data/postal-0.75/rabid.cpp:93:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). msgsPerConnection = atoi(optarg); data/postal-0.75/rabid.cpp:100:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). imap = atoi(optarg); data/postal-0.75/rabid.cpp:106:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). processes = atoi(optarg); data/postal-0.75/rabid.cpp:109:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). connectionsPerMinute = atoi(optarg); data/postal-0.75/rabid.cpp:113:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ssl = atoi(optarg); data/postal-0.75/smtp.cpp:37:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen("/etc/mailname", "r"); data/postal-0.75/smtp.cpp:38:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/postal-0.75/smtp.cpp:80:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, &m_randBuf[offset], len - 2); data/postal-0.75/smtp.cpp:82:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf + len - 2, "\r\n"); data/postal-0.75/smtp.cpp:112:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "Error making date"); data/postal-0.75/smtp.cpp:117:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgId_buf[256]; data/postal-0.75/smtp.cpp:319:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char subj_buf[61]; data/postal-0.75/smtp.cpp:325:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date[34]; data/postal-0.75/smtp.cpp:372:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char recvBuf[1024]; data/postal-0.75/smtp.h:67:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_randBuf[MAP_SIZE]; data/postal-0.75/smtpserver.cpp:93:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char recvBuf[1024]; data/postal-0.75/tcp.cpp:486:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[2048]; data/postal-0.75/tcp.h:90:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_buf[4096]; data/postal-0.75/userlist.cpp:14:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/postal-0.75/userlist.cpp:15:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(userListFile, "r"); data/postal-0.75/address.cpp:14:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(addr); data/postal-0.75/basictcp.cpp:353:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rc = read(m_sock, m_buf, sizeof(m_buf)); data/postal-0.75/basictcp.h:60:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ERROR_TYPE sendCstr(CPCCHAR buf) { return sendData(buf, strlen(buf)); } data/postal-0.75/bhm.cpp:97:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(!strncasecmp(buf, msg, strlen(msg))) data/postal-0.75/bhm.cpp:105:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = buf + strlen(msg); data/postal-0.75/client.cpp:170:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strncmp(recvBuf, m_imapIDtxt, strlen(m_imapIDtxt)) data/postal-0.75/client.cpp:171:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). || strncmp(&recvBuf[strlen(m_imapIDtxt)], "OK", 2) ) data/postal-0.75/client.cpp:308:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rc = sendCommandData(command, strlen(command)); data/postal-0.75/client.cpp:351:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_md5.addData(from, strlen(from)); data/postal-0.75/client.cpp:353:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_md5.addData(to, strlen(to)); data/postal-0.75/client.cpp:355:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_md5.addData(subject, strlen(subject)); data/postal-0.75/client.cpp:357:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_md5.addData(date, strlen(date)); data/postal-0.75/client.cpp:359:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_md5.addData(msgid, strlen(msgid)); data/postal-0.75/client.cpp:366:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_md5.addData(buf, strlen(buf)); data/postal-0.75/client.cpp:417:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rc = sendCommandData(command, strlen(command)); data/postal-0.75/expand.cpp:13:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). , m_conv_len(strlen(m_replace)) data/postal-0.75/expand.cpp:83:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_conv_item_len[pos] = strlen(m_convert[pos]); data/postal-0.75/logit.cpp:39:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, m_filename.c_str(), PATH_MAX - 25); data/postal-0.75/logit.cpp:43:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(buf, ":"); data/postal-0.75/logit.cpp:48:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(buf, ":"); data/postal-0.75/smtp.cpp:16:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). , m_randomLen(strlen(m_randomLetters)) data/postal-0.75/smtp.cpp:120:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(sender) > max_sender_len) data/postal-0.75/smtp.cpp:121:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sender += strlen(sender) - max_sender_len; data/postal-0.75/smtpserver.cpp:105:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const len = strlen(str); data/postal-0.75/tcp.cpp:430:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rc = read(m_fd, m_buf, sizeof(m_buf)); data/postal-0.75/thread.cpp:138:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(size != read(m_read, buf, size) ) data/postal-0.75/userlist.cpp:38:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_passwords->push_back(buf + strlen(buf) + 1); data/postal-0.75/userlist.cpp:42:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(buf) > m_maxNameLen) data/postal-0.75/userlist.cpp:43:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_maxNameLen = strlen(buf); ANALYSIS SUMMARY: Hits = 116 Lines analyzed = 5361 in approximately 0.13 seconds (39761 lines/second) Physical Source Lines of Code (SLOC) = 4545 Hits@level = [0] 108 [1] 29 [2] 69 [3] 12 [4] 6 [5] 0 Hits@level+ = [0+] 224 [1+] 116 [2+] 87 [3+] 18 [4+] 6 [5+] 0 Hits/KSLOC@level+ = [0+] 49.2849 [1+] 25.5226 [2+] 19.1419 [3+] 3.9604 [4+] 1.32013 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.