Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/X4R.cpp Examining data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/X4R.h Examining data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/rapidxml.hpp Examining data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/soapC.cpp Examining data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/soapH.h Examining data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/soapStub.h Examining data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/soapXmlaWebServiceSoapProxy.cpp Examining data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/soapXmlaWebServiceSoapProxy.h Examining data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp Examining data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.h FINAL RESULTS: data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/X4R.cpp:172:15: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). parseText = strcpy(parseText, xmlRow); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/soapC.cpp:22438:36: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (((ns3__XmlSchemaNotation*)a)->system) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/soapH.h:3442:142: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. inline ns3__XmlSchemaNotation * soap_new_set_ns3__XmlSchemaNotation(struct soap *soap, std::string *name, std::string *public_, std::string *system) { ns3__XmlSchemaNotation *_p = soap_instantiate_ns3__XmlSchemaNotation(soap, -1, NULL, NULL, NULL); if (_p) { _p->soap_default(soap); _p->ns3__XmlSchemaNotation::name = name; _p->ns3__XmlSchemaNotation::public_ = public_; _p->ns3__XmlSchemaNotation::system = system; } return _p; } data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/soapH.h:3442:409: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. inline ns3__XmlSchemaNotation * soap_new_set_ns3__XmlSchemaNotation(struct soap *soap, std::string *name, std::string *public_, std::string *system) { ns3__XmlSchemaNotation *_p = soap_instantiate_ns3__XmlSchemaNotation(soap, -1, NULL, NULL, NULL); if (_p) { _p->soap_default(soap); _p->ns3__XmlSchemaNotation::name = name; _p->ns3__XmlSchemaNotation::public_ = public_; _p->ns3__XmlSchemaNotation::system = system; } return _p; } data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/soapStub.h:1973:15: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. std::string *system; /* optional attribute */ data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:823:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(t, &"\r\n%lX\r\n"[soap->chunksize ? 0 : 2], (unsigned long)n); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:2115:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(t, s); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:2312:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(soap->id, ip->id + 1); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:2545:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. { sprintf(soap->type, "%s[%d", type, size[0]); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:2551:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. { sprintf(soap->type, "%s[%d", type, size[0] + offset[0]); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:2556:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. { sprintf(soap->type, "%s[%d", type, size[0]); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:2738:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(p->out, ns); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:2757:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*)np->id, id); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:2760:14: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). { np->ns = strcpy((char*)np->id + n + 1, ns); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:3151:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(soap->msgbuf, msg); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:3169:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(soap->msgbuf, "Error observed by underlying BIO: %s", strerror(errno)); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:3384:22: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). return (int)strlen(strcpy(buf, (char*)userdata)); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:4554:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). { strcpy(soap->session_host, soap->host); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5381:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(soap->endpoint, soap->path); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5749:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(soap->tmpbuf, "%s %s:%d HTTP/%s", s, soap->host, soap->port, soap->http_version); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5751:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(soap->tmpbuf, "%s %s HTTP/%s", s, endpoint, soap->http_version); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5753:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(soap->tmpbuf, "%s /%s HTTP/%s", s, (*path == '/' ? path + 1 : path), soap->http_version); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5764:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(soap->tmpbuf, "[%s]:%d", host, port); /* RFC 2732 */ data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5767:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(soap->tmpbuf, "%s:%d", host, port); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5773:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(soap->tmpbuf, "[%s]", host); /* RFC 2732 */ data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5776:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(soap->tmpbuf, host); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5796:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. { sprintf(soap->tmpbuf, "NTLM %s", soap->ntlm_challenge); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5810:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(soap->tmpbuf + 262, "%s:%s", soap->userid, soap->passwd); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5817:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(soap->tmpbuf + 262, "%s:%s", soap->proxy_userid, soap->proxy_passwd); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5836:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. { sprintf(soap->tmpbuf, "\"%s\"", action && strlen(action) < sizeof(soap->tmpbuf) - 3 ? action : SOAP_STR_EOS); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5904:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. { sprintf(soap->tmpbuf, "HTTP/%s %s", soap->http_version, s); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5912:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. { sprintf(soap->tmpbuf, "HTTP/%s %d %s", soap->http_version, status, http_error(soap, status)); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5917:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. { sprintf(soap->tmpbuf, "Basic realm=\"%s\"", (soap->authrealm && strlen(soap->authrealm) < sizeof(soap->tmpbuf) - 14) ? soap->authrealm : "gSOAP Web Service"); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5941:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. { sprintf(soap->tmpbuf, "HTTP/%s %s", soap->http_version, s); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6003:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(soap->msgbuf, s); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6004:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(soap->msgbuf, t); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6108:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(q->name, name); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6141:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(q->value, value); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6149:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(q->domain, domain); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6157:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(q->path, path); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6300:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(s, p->domain); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6304:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(s, soap->cookie_domain); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6317:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). { strcpy(s, t); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6438:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. { sprintf(s, ";$Path=\"/%s\"", (*q->path == '/' ? q->path + 1 : q->path)); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6442:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. { sprintf(s, ";$Domain=\"%s\"", q->domain); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6484:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(t, tmp); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6503:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(t, tmp); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6524:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(p->path, tmp); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6535:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(p->domain, tmp); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6600:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(p->name, tmp); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6604:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(p->value, tmp); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6612:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(p->domain, soap->host); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6620:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(p->path, soap->path); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6689:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((*q)->name, p->name); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6693:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((*q)->value, p->value); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6697:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((*q)->domain, p->domain); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6701:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((*q)->path, p->path); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:7324:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. { sprintf(soap->tmpbuf, soap->dime_id_format, id); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:7353:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s + 1, aid + 4); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:7441:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*)ip->id, id); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:7863:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). { strcpy(soap->id, id); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:7948:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(soap->id, href); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:8021:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(soap->id, id); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:8027:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(soap->id, id); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:8434:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(t, logfile); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:8712:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tp->value, tq->value); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:9289:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*)np->id, id); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:9291:14: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). np->ns = strcpy((char*)np->id + n + 1, ns); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:9449:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. { sprintf(soap->tmpbuf, "xmlns:%s", ns->id); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:9716:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(soap->tmpbuf, "xmlns:%s", np->id); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:10212:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*)tp->name, name); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:10231:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tp->value, value); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:10561:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*)tp->name, soap->tmpbuf); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:10616:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tp->value, soap->labbuf); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:10946:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(t, tp->name); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:10953:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(t, tp->value); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:11525:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(t, tp->name); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:11532:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(t, tp->value); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:11836:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. { sprintf(soap->tmpbuf, SOAP_LONG_FORMAT, n); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:11879:9: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (sscanf(s, SOAP_LONG_FORMAT, p) != 1) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:12090:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(s, soap->float_format, n); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:12244:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(s, soap->double_format, n); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:12654:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. { sprintf(soap->tmpbuf, SOAP_ULONG_FORMAT, n); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:12697:9: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (sscanf(s, SOAP_ULONG_FORMAT, p) != 1) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:13307:9: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (sscanf(s, t, &T.tm_year, &T.tm_mon, &T.tm_mday, &T.tm_hour, &T.tm_min, &T.tm_sec, zone) < 6) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:13716:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s + 4, option); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15006:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(soap->tmpbuf, "--%s\r\nContent-Type: %s\r\nContent-Transfer-Encoding: binary\r\nContent-ID: %s\r\n\r\n", soap->mime.boundary, s, soap->mime.start); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15039:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(soap->id, soap->dime_id_format, 0); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15156:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(p[1].out, soap_enc1); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15163:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(p[1].out, soap_enc2); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15383:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(host, soap->host); /* save previous host name: if != then reconnect */ data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15757:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(soap->tmpbuf, "multipart/related; charset=utf-8; boundary=\"%s\"; type=\"", soap->mime.boundary); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15763:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(soap->tmpbuf, s); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15766:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(soap->tmpbuf, soap->mime.start); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15771:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(soap->tmpbuf, r); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15777:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). s = strcpy(soap->tmpbuf, s); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15779:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(soap->tmpbuf + strlen(s), "; action=\"%s\"", soap->action); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15820:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(soap->msgbuf, "Validation constraint violation: %s%s in element '%s'", s, t ? t : SOAP_STR_EOS, soap->tag); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15826:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(soap->msgbuf, "Validation constraint violation: %s%s", s, t ? t : SOAP_STR_EOS); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15876:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(soap->msgbuf, "The data in element '%s' must be understood but cannot be handled", soap->tag); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15901:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(soap->msgbuf, "Method '%s' not implemented: method name or namespace not recognized", soap->tag); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15997:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(soap->msgbuf, "Zlib/gzip error: '%s'", soap->d_stream->msg ? soap->d_stream->msg : SOAP_STR_EOS); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:16048:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(soap->msgbuf, "HTTP Error: %d %s", soap->error, http_error(soap, soap->error)); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:16445:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%d fault: %s [%s]\n\"%s\"\nDetail: %s\n", soap->version ? "SOAP 1." : "Error ", soap->version ? (int)soap->version : soap->error, *c, v ? v : "no subcode", s ? s : "[no reason]", d ? d : "[no detail]"); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:16447:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%d fault: %s\n", soap->version ? "SOAP 1." : "Error ", soap->version ? (int)soap->version : soap->error, *c); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.h:1218:25: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. # define soap_snprintf _snprintf data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.h:1220:25: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. # define soap_snprintf snprintf data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.h:1492:24: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define SOAP_MESSAGE fprintf data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6664:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (!(s = getenv("HTTP_COOKIE"))) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.h:2268:27: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. # define soap_random (int)random() data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/rapidxml.hpp:294:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char lookup_whitespace[256]; // Whitespace table data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/rapidxml.hpp:295:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char lookup_node_name[256]; // Node name table data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/rapidxml.hpp:296:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char lookup_text[256]; // Text table data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/rapidxml.hpp:297:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char lookup_text_pure_no_ws[256]; // Text table data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/rapidxml.hpp:298:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char lookup_text_pure_with_ws[256]; // Text table data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/rapidxml.hpp:299:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char lookup_attribute_name[256]; // Attribute name table data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/rapidxml.hpp:300:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char lookup_attribute_data_1[256]; // Attribute data table with single quote data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/rapidxml.hpp:301:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char lookup_attribute_data_1_pure[256]; // Attribute data table with single quote data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/rapidxml.hpp:302:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char lookup_attribute_data_2[256]; // Attribute data table with double quotes data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/rapidxml.hpp:303:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char lookup_attribute_data_2_pure[256]; // Attribute data table with double quotes data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/rapidxml.hpp:304:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char lookup_digits[256]; // Digits data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/rapidxml.hpp:305:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char lookup_upcase[256]; // To uppercase conversion table for ASCII characters data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/rapidxml.hpp:636:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_static_memory[RAPIDXML_STATIC_POOL_SIZE]; // Static raw memory data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:296:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char soap_env1[42] = "http://schemas.xmlsoap.org/soap/envelope/"; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:297:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char soap_enc1[42] = "http://schemas.xmlsoap.org/soap/encoding/"; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:298:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char soap_env2[40] = "http://www.w3.org/2003/05/soap-envelope"; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:299:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char soap_enc2[40] = "http://www.w3.org/2003/05/soap-encoding"; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:300:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char soap_rpc[35] = "http://www.w3.org/2003/05/soap-rpc"; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:305:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char soap_base64o[65] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:306:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char soap_base64i[81] = "\76XXX\77\64\65\66\67\70\71\72\73\74\75XXXXXXX\00\01\02\03\04\05\06\07\10\11\12\13\14\15\16\17\20\21\22\23\24\25\26\27\30\31XXXXXX\32\33\34\35\36\37\40\41\42\43\44\45\46\47\50\51\52\53\54\55\56\57\60\61\62\63"; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:310:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char soap_indent[11] = "\n\t\t\t\t\t\t\t\t\t"; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:320:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char soap_padding[4] = "\0\0\0"; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:744:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. { memcpy(soap->buf + soap->bufidx, s, i); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:752:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(soap->buf + soap->bufidx, s, n); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:817:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t, s, n); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:822:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { char t[16]; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:1100:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. { memcpy(soap->buf, soap->z_buf, SOAP_BUFLEN); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:1110:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *t, tmp[17]; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:1185:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. { memcpy(soap->z_buf, soap->buf, SOAP_BUFLEN); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:1248:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tmp[12]; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:1450:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { char tmp[8]; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:1610:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { char buf[64]; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:1679:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { char tmp[16]; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:1713:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "&#%lu;", c); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:1759:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { char d[2]; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:1824:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, soap->labbuf, soap->lablen + i - k); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:1877:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char d[4]; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:1962:15: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, soap->labbuf, soap->lablen + i - k); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:2132:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t, s, sizeof(wchar_t)*(n+1)); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:2330:15: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(q, ip->ptr, ip->size); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:2503:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, q, n); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:2547:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(soap->type + strlen(soap->type), " %d", size[i]); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:2553:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(soap->type + strlen(soap->type), ",%d", size[i] + offset[i]); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:2558:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(soap->type + strlen(soap->type), ",%d", size[i]); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:2583:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(soap->arrayOffset, "[%d", offset[0]); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:2585:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(soap->arrayOffset + strlen(soap->arrayOffset), ",%d", offset[i]); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:2974:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { unsigned char buf[4]; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:3019:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char dparams_buf[1024]; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:3020:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fd = fopen(dhfile, "r"); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:3115:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { char buf[1024]; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:3163:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(soap->msgbuf, "EOF was observed that violates the protocol. The client probably provided invalid authentication information."); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:3397:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { char buf[1024]; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:3661:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. { sprintf(soap->msgbuf, "TCP/UDP IP error %d", soap->errnum); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:3694:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. { memcpy(inaddr, &iadd, sizeof(iadd)); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:3733:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(inaddr, host->h_addr, host->h_length); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:3994:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. { memcpy(&soap->peer, res->ai_addr, res->ai_addrlen); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:4706:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&soap->peer, addrinfo->ai_addr, addrinfo->ai_addrlen); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:4942:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char port[16]; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:4949:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(soap->host, "%u.%u.%u.%u", (int)(soap->ip>>24)&0xFF, (int)(soap->ip>>16)&0xFF, (int)(soap->ip>>8)&0xFF, (int)soap->ip&0xFF); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5273:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { char header[SOAP_HDRLEN], *s; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5441:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(soap->endpoint, "https://"); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5444:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(soap->endpoint, "http://"); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5809:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. { strcpy(soap->tmpbuf, "Basic "); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5816:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. { strcpy(soap->tmpbuf, "Basic "); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6282:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s, tmp[4096]; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6299:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. { strcpy(s, ";Domain="); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6303:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. { strcpy(s, ";Domain="); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6306:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(s, ";Path=/"); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6325:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. { sprintf(s, ";Version=%u", p->version); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6329:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. { sprintf(s, ";Max-Age=%ld", p->maxage); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6338:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(s, ";Secure"); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6355:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s, tmp[4096]; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6427:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. { sprintf(s, "$Version=%u;", q->version); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6462:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *t, tmp[4096]; /* cookie size is up to 4096 bytes [RFC2109] */ data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6550:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char a[3]; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6663:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[4096], val[4096]; /* cookie size is up to 4096 bytes [RFC2109] */ data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:7100:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. { memcpy(soap->z_buf, "\37\213\10\0\0\0\0\0\0\377", 10); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:8049:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, q, n); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:8248:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(soap->buf, soap->z_buf, SOAP_BUFLEN); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:8394:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). soap->fdebug[i] = fopen(soap->logfile[i], i < 2 ? "ab" : "a"); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:8495:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copy, soap, sizeof(struct soap)); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:8626:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copy->host, soap->host, sizeof(soap->host)); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:8627:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copy->endpoint, soap->endpoint, sizeof(soap->endpoint)); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:8644:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copy->d_stream, soap->d_stream, sizeof(z_stream)); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:8654:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copy->z_buf, soap->z_buf, SOAP_BUFLEN); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:8659:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copy->buf, soap->buf, sizeof(soap->buf)); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:8673:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(np, nq, n); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:8708:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tp, tq, n); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:9193:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. { memcpy(ns2, soap->namespaces, n); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:9463:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. { sprintf(soap->tmpbuf, "_%d", id); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:9491:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(soap->tmpbuf, "[%d", soap->positions[0]); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:9493:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(soap->tmpbuf + strlen(soap->tmpbuf), ",%d", soap->positions[i]); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:9718:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(soap->tmpbuf, "xmlns"); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:9850:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(soap->href, "#_%d", href); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:10368:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. { memcpy(soap->labbuf, t, soap->labidx); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:10373:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. { memcpy(soap->labbuf + soap->labidx, s, n); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:10639:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. { memcpy(s, tp->value, tp->size); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:10926:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MB_LEN_MAX > 8 ? MB_LEN_MAX : 8]; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:10928:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8]; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:11753:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. { sprintf(soap->tmpbuf, "%ld", n); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:12571:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. { sprintf(soap->tmpbuf, "%lu", n); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:12920:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(soap->tmpbuf, "xmlns:_%d", soap->idnum++); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:13227:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(soap->tmpbuf + strlen(soap->tmpbuf), "%+03d:%02d", -tz.tz_minuteswest/60+(pT->tm_isdst!=0), abs(tz.tz_minuteswest)%60); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:13234:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(soap->tmpbuf + strlen(soap->tmpbuf), "%+03d:%02d", -tz.tz_minuteswest/60+(pT->tm_isdst!=0), abs(tz.tz_minuteswest)%60); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:13249:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(soap->tmpbuf + strlen(soap->tmpbuf), "%+03d:%02d", -t.timezone/60+(pT->tm_isdst!=0), abs(t.timezone)%60); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:13260:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(soap->tmpbuf + strlen(soap->tmpbuf), "%+03d:%02d", -t.timezone/60+(pT->tm_isdst!=0), abs(t.timezone)%60); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:13271:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(soap->tmpbuf, "1969-12-31T23:59:59Z"); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:13296:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { char zone[32]; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:13731:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { unsigned char tmp[12]; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:13898:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tmp[12]; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:14211:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(t, "\n--"); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:14585:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(s, "=="); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:14592:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(s, "=="); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:14802:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(soap->z_buf, soap->buf, SOAP_BUFLEN); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:14913:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(soap->z_buf, soap->buf, SOAP_BUFLEN); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15379:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { char host[sizeof(soap->host)]; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15395:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (soap->fopen && *soap->host) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15409:30: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). { soap->socket = soap->fopen(soap, endpoint, soap->host, soap->port); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15765:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. { strcat(soap->tmpbuf, "\"; start=\""); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15770:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. { strcat(soap->tmpbuf, "; start-info=\""); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15801:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. { sprintf(soap->tmpbuf, "%lu", (unsigned long)count); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:16032:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(soap->msgbuf, "End of file or no input: ", 25); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:16055:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. { sprintf(soap->msgbuf, "Error %d", soap->error); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:16250:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(s, "Operation interrupted or timed out"); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:16261:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s + strlen(s), " (%d%cs receive delay)", rt, ru); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:16263:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s + strlen(s), " (%d%cs send delay)", st, su); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.h:1566:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[1]; /* the actual string value flows into the allocated region below this struct */ data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.h:1627:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[1]; /* the actual name string flows into the allocated region below this struct */ data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.h:1939:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). SOAP_SOCKET (*fopen)(struct soap*, const char*, const char*, int); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.h:2006:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SOAP_BUFLEN];/* send and receive buffer */ data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.h:2007:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgbuf[1024]; /* in/out buffer for HTTP/MIME headers >=1024 bytes */ data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.h:2008:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpbuf[1024]; /* in/out buffer for HTTP/MIME headers, simpleType values, element and attribute tag names, and DIME must be >=1024 bytes */ data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.h:2009:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[SOAP_TAGLEN]; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.h:2010:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[SOAP_TAGLEN]; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.h:2011:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char href[SOAP_TAGLEN]; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.h:2012:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type[SOAP_TAGLEN]; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.h:2013:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char arrayType[SOAP_TAGLEN]; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.h:2014:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char arraySize[SOAP_TAGLEN]; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.h:2015:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char arrayOffset[SOAP_TAGLEN]; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.h:2032:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char endpoint[SOAP_TAGLEN]; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.h:2033:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[SOAP_TAGLEN]; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.h:2034:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host[SOAP_TAGLEN]; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.h:2062:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *logfile[SOAP_MAXLOGS]; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.h:2120:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char session_host[SOAP_TAGLEN]; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.h:2187:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[1]; /* the actual id string value flows into the allocated region below this struct */ data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/X4R.cpp:170:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). textLength = strlen(xmlRow); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:824:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). DBGMSG(SENT, t, strlen(t)); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:825:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((soap->error = soap->fsend(soap, t, strlen(t)))) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:842:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return soap_send_raw(soap, s, strlen(s)); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:888:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return soap->is->read(s, (std::streamsize)n).gcount(); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:1009:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read(soap->recvfd, s, (unsigned int)n); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:1403:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { register size_t n = strlen(p->string); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:2114:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (s && (t = (char*)soap_malloc(soap, strlen(s) + 1))) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:2547:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(soap->type + strlen(soap->type), " %d", size[i]); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:2553:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(soap->type + strlen(soap->type), ",%d", size[i] + offset[i]); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:2558:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(soap->type + strlen(soap->type), ",%d", size[i]); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:2560:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(soap->type, "]"); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:2585:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(soap->arrayOffset + strlen(soap->arrayOffset), ",%d", offset[i]); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:2586:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(soap->arrayOffset, "]"); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:2677:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = (int)strlen(attr); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:2724:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(id); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:2725:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). k = strlen(ns) + 1; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:3048:84: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SSL_CTX_set_session_id_context(soap->ctx, (unsigned char*)sid, (unsigned int)strlen(sid)); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:3156:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(soap->msgbuf, "\n"); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:3158:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ERR_error_string_n(r, soap->msgbuf + strlen(soap->msgbuf), sizeof(soap->msgbuf) - strlen(soap->msgbuf)); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:3158:89: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ERR_error_string_n(r, soap->msgbuf + strlen(soap->msgbuf), sizeof(soap->msgbuf) - strlen(soap->msgbuf)); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:3382:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { if (num < (int)strlen((char*)userdata) + 1) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:3384:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return (int)strlen(strcpy(buf, (char*)userdata)); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:4145:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(soap->endpoint, endpoint, sizeof(soap->endpoint)-1); /* restore */ data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5328:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = s + strlen(s) - 1; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5371:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { size_t m = strlen(soap->endpoint); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5377:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(soap->path, soap->msgbuf + l, n - m); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5445:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(soap->endpoint, val, sizeof(soap->endpoint) - 8); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5464:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). soap->action[strlen(soap->action) - 1] = '\0'; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5555:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). soap->action[strlen(soap->action) - 1] = '\0'; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5561:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). { strncpy(soap->endpoint, val, sizeof(soap->endpoint)); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5746:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(endpoint) + strlen(soap->http_version) > sizeof(soap->tmpbuf) - 80) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5746:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(endpoint) + strlen(soap->http_version) > sizeof(soap->tmpbuf) - 80) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5794:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (soap->ntlm_challenge && strlen(soap->ntlm_challenge) + 6 < sizeof(soap->tmpbuf)) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5808:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (soap->userid && soap->passwd && strlen(soap->userid) + strlen(soap->passwd) < 761) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5808:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (soap->userid && soap->passwd && strlen(soap->userid) + strlen(soap->passwd) < 761) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5811:92: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). soap_s2base64(soap, (const unsigned char*)(soap->tmpbuf + 262), soap->tmpbuf + 6, (int)strlen(soap->tmpbuf + 262)); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5815:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (soap->proxy_userid && soap->proxy_passwd && strlen(soap->proxy_userid) + strlen(soap->proxy_passwd) < 761) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5815:80: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (soap->proxy_userid && soap->proxy_passwd && strlen(soap->proxy_userid) + strlen(soap->proxy_passwd) < 761) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5818:92: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). soap_s2base64(soap, (const unsigned char*)(soap->tmpbuf + 262), soap->tmpbuf + 6, (int)strlen(soap->tmpbuf + 262)); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5836:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { sprintf(soap->tmpbuf, "\"%s\"", action && strlen(action) < sizeof(soap->tmpbuf) - 3 ? action : SOAP_STR_EOS); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5854:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = s + strlen(s); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5890:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(soap->http_version) > 4) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:5917:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { sprintf(soap->tmpbuf, "Basic realm=\"%s\"", (soap->authrealm && strlen(soap->authrealm) < sizeof(soap->tmpbuf) - 14) ? soap->authrealm : "gSOAP Web Service"); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6001:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { if (!t || (*t != '/' && *t != '?') || strlen(s) + strlen(t) >= sizeof(soap->msgbuf)) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6001:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { if (!t || (*t != '/' && *t != '?') || strlen(s) + strlen(t) >= sizeof(soap->msgbuf)) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6043:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { size_t n = 3*strlen(s)+1; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6082:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && (!*p->path || !strncmp(p->path, path, strlen(p->path)))) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6107:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { if ((q->name = (char*)SOAP_MALLOC(soap, strlen(name)+1))) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6140:78: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (value && *value && !q->value && (q->value = (char*)SOAP_MALLOC(soap, strlen(value)+1))) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6148:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (domain && !q->domain && (q->domain = (char*)SOAP_MALLOC(soap, strlen(domain)+1))) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6151:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { if (!path || strncmp(path, q->path, strlen(q->path))) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6156:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (path && !q->path && (q->path = (char*)SOAP_MALLOC(soap, strlen(path)+1))) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6185:89: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { if (!strcmp(q->name, name) && !strcmp(q->domain, domain) && !strncmp(q->path, path, strlen(q->path))) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6298:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (p->domain && (int)strlen(p->domain) < tmp-s+4064) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6302:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (soap->cookie_domain && (int)strlen(soap->cookie_domain) < tmp-s+4064) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6307:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6315:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((int)strlen(t) < tmp-s+4064) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6318:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6326:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6330:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6387:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(t); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6403:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && (!q->path || !strncmp(q->path, path, strlen(q->path))) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6407:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n += 3*strlen(q->name); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6409:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n += 3*strlen(q->value) + 1; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6411:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n += strlen(q->path) + 9; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6413:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n += strlen(q->domain) + 11; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6423:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. { strcat(s, " "); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6429:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6439:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6443:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6483:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { if ((t = (char*)SOAP_MALLOC(soap, strlen(tmp)+1))) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6502:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { if ((t = (char*)SOAP_MALLOC(soap, strlen(tmp)+1))) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6523:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { if ((p->path = (char*)SOAP_MALLOC(soap, strlen(tmp)+1))) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6534:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { if ((p->domain = (char*)SOAP_MALLOC(soap, strlen(tmp)+1))) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6553:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tmp) > 20) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6599:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { p->name = (char*)SOAP_MALLOC(soap, strlen(tmp)+1); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6603:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { p->value = (char*)SOAP_MALLOC(soap, strlen(tmp)+1); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6611:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { p->domain = (char*)SOAP_MALLOC(soap, strlen(soap->host)+1); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6619:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { p->path = (char*)SOAP_MALLOC(soap, strlen(soap->path)+1); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6624:11: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(p->path, "/"); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6688:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { if (((*q)->name = (char*)SOAP_MALLOC(copy, strlen(p->name)+1))) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6692:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { if (((*q)->value = (char*)SOAP_MALLOC(copy, strlen(p->value)+1))) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6696:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { if (((*q)->domain = (char*)SOAP_MALLOC(copy, strlen(p->domain)+1))) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:6700:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { if (((*q)->path = (char*)SOAP_MALLOC(copy, strlen(p->path)+1))) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:7350:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { char *s = (char*)soap_malloc(soap, strlen(aid) - 1); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:7354:13: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(s, ">"); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:7438:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ip = (struct soap_ilist*)SOAP_MALLOC(soap, sizeof(struct soap_ilist) + strlen(id)); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:8433:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((t = (char*)SOAP_MALLOC(soap, strlen(logfile) + 1))) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:8669:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t n = sizeof(struct soap_nlist) + strlen(nq->id); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:8706:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t n = sizeof(struct soap_attribute) + strlen(tq->name); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:9216:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { register size_t n = strlen(little); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:9277:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(id); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:9279:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). k = strlen(ns); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:9316:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). { strncpy(soap->tmpbuf, tag, n); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:9493:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(soap->tmpbuf + strlen(soap->tmpbuf), ",%d", soap->positions[i]); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:9494:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(soap->tmpbuf, "]"); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:9677:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). { strncpy(soap->tmpbuf, type, s - type); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:10167:90: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!(tp = (struct soap_attribute*)SOAP_MALLOC(soap, sizeof(struct soap_attribute) + strlen(name)))) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:10218:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (value && tp->value && tp->size <= strlen(value)) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:10226:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { tp->size = strlen(value) + 1; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:10239:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(soap->id, value, sizeof(soap->id)); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:10558:86: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { tp = (struct soap_attribute*)SOAP_MALLOC(soap, sizeof(struct soap_attribute) + strlen(soap->tmpbuf)); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:10610:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { tp->size = strlen(soap->labbuf) + 1; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:10692:11: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(soap->id + 1, tp->value, sizeof(soap->id) - 2); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:10701:11: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). { strncpy(soap->href, tp->value, sizeof(soap->href) - 1); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:10709:11: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(soap->href + (*tp->value != '#'), tp->value, sizeof(soap->href) - 2); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:10716:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). { strncpy(soap->type, tp->value, sizeof(soap->type) - 1); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:10729:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). { strncpy(soap->arrayType, tp->value, s - tp->value); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:10731:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(soap->arraySize, s, sizeof(soap->arraySize) - 1); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:10734:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(soap->arrayType, tp->value, sizeof(soap->arrayType) - 1); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:10739:11: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(soap->arrayOffset, tp->value, sizeof(soap->arrayOffset)); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:10758:11: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(soap->id + 1, tp->value, sizeof(soap->id) - 2); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:10763:11: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(soap->href + (*tp->value != '#'), tp->value, sizeof(soap->href) - 2); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:10769:11: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(soap->arrayType, tp->value, sizeof(soap->arrayType) - 1); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:10771:11: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(soap->arraySize, tp->value, sizeof(soap->arraySize) - 1); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:10939:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(t + 1, soap->tag, sizeof(soap->tmpbuf) - 2); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:10940:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t += strlen(t); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:10947:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t += strlen(t); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:10954:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t += strlen(t); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:10964:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m = (int)strlen(soap->tmpbuf); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:11518:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(t + 1, soap->tag, sizeof(soap->tmpbuf) - 2); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:11519:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t += strlen(t); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:11526:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t += strlen(t); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:11533:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t += strlen(t); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:12746:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { long l = (long)strlen(s); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:12771:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { long l = (long)strlen(s); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:12814:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { size_t k = strlen(q); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:12819:75: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). soap_append_lab(soap, soap->local_namespaces[np->index].ns, strlen(soap->local_namespaces[np->index].ns)); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:12825:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). soap_append_lab(soap, np->ns, strlen(np->ns)); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:12915:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). soap_append_lab(soap, r, strlen(r)); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:12922:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). soap_append_lab(soap, soap->tmpbuf + 6, strlen(soap->tmpbuf + 6)); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:12948:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *t = r = (wchar_t*)soap_malloc(soap, sizeof(wchar_t) * (strlen(s) + 1)); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:13227:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(soap->tmpbuf + strlen(soap->tmpbuf), "%+03d:%02d", -tz.tz_minuteswest/60+(pT->tm_isdst!=0), abs(tz.tz_minuteswest)%60); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:13234:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(soap->tmpbuf + strlen(soap->tmpbuf), "%+03d:%02d", -tz.tz_minuteswest/60+(pT->tm_isdst!=0), abs(tz.tz_minuteswest)%60); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:13249:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(soap->tmpbuf + strlen(soap->tmpbuf), "%+03d:%02d", -t.timezone/60+(pT->tm_isdst!=0), abs(t.timezone)%60); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:13260:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(soap->tmpbuf + strlen(soap->tmpbuf), "%+03d:%02d", -t.timezone/60+(pT->tm_isdst!=0), abs(t.timezone)%60); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:13404:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). { strncpy(soap->tmpbuf, tag, t-tag); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:13476:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). { strncpy(soap->tmpbuf, tag, t-tag); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:13641:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). count += ((strlen(content->id)+3)&(~3)); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:13643:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). count += ((strlen(content->type)+3)&(~3)); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:13650:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { register size_t n = strlen(soap->mime.boundary); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:13658:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). count += 16 + strlen(content->type); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:13662:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). count += 29 + strlen(s); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:13665:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). count += 14 + strlen(content->id); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:13668:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). count += 20 + strlen(content->location); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:13671:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). count += 23 + strlen(content->description); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:13709:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { n = strlen(option); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:13737:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { idlen = strlen(soap->dime.id); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:13742:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { typelen = strlen(soap->dime.type); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:14066:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { char *s = soap->msgbuf + strlen(soap->msgbuf) - 1; data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:14213:13: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(t, soap->mime.boundary, sizeof(soap->msgbuf)-4); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:14291:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(t); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:14578:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(s); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:14609:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). k = strlen(soap->mime.boundary); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:14992:82: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((soap->mode & SOAP_ENC_MIME) && soap->mime.boundary && soap->mime.start && strlen(soap->mime.boundary) + strlen(soap->mime.start) < sizeof(soap->tmpbuf) - 80 ) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:14992:112: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((soap->mode & SOAP_ENC_MIME) && soap->mime.boundary && soap->mime.start && strlen(soap->mime.boundary) + strlen(soap->mime.start) < sizeof(soap->tmpbuf) - 80 ) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15007:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(soap->tmpbuf); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15051:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). soap->count += 12 + ((strlen(soap->dime.id)+3)&(~3)) + (soap->dime.type ? ((strlen(soap->dime.type)+3)&(~3)) : 0); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15051:81: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). soap->count += 12 + ((strlen(soap->dime.id)+3)&(~3)) + (soap->dime.type ? ((strlen(soap->dime.type)+3)&(~3)) : 0); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15282:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(soap->endpoint, endpoint, sizeof(soap->endpoint) - 1); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15289:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(s); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15326:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). { strncpy(soap->path, s + i, sizeof(soap->path)); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15351:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { endpoint = (char*)SOAP_MALLOC(soap, strlen(endpoints) + 1); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15353:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). { strncpy(endpoint, endpoints, s - endpoints); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15365:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = endpoints + strlen(endpoints); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15592:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { l = (strlen(s) + 3) / 4 * 3 + 1; /* make sure enough space for \0 */ data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15697:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { l = strlen(s) / 2 + 1; /* make sure enough space for \0 */ data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15755:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((soap->mode & SOAP_ENC_MIME) && soap->mime.boundary && strlen(soap->mime.boundary) + strlen(soap->mime.start ? soap->mime.start : SOAP_STR_EOS) < sizeof(soap->tmpbuf) - 80) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15755:94: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((soap->mode & SOAP_ENC_MIME) && soap->mime.boundary && strlen(soap->mime.boundary) + strlen(soap->mime.start ? soap->mime.start : SOAP_STR_EOS) < sizeof(soap->tmpbuf) - 80) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15759:9: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. { strncat(soap->tmpbuf, s, t - s); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15768:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(soap->tmpbuf, "\""); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15772:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(soap->tmpbuf, "\""); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15778:68: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (status == SOAP_OK && soap->version == 2 && soap->action && strlen(soap->action) + strlen(s) < sizeof(soap->tmpbuf) - 80) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15778:91: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (status == SOAP_OK && soap->version == 2 && soap->action && strlen(soap->action) + strlen(s) < sizeof(soap->tmpbuf) - 80) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:15779:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(soap->tmpbuf + strlen(s), "; action=\"%s\"", soap->action); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:16030:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(soap->msgbuf) + 25 < sizeof(soap->msgbuf)) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:16031:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { memmove(soap->msgbuf + 25, soap->msgbuf, strlen(soap->msgbuf) + 1); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:16261:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(s + strlen(s), " (%d%cs receive delay)", rt, ru); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:16263:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(s + strlen(s), " (%d%cs send delay)", st, su); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:16431:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buf, "Error: soap struct not initialized", len); data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:16444:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (len > 40 + (v ? strlen(v) : 0) + (s ? strlen(s) : 0) + (d ? strlen(d) : 0)) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:16444:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (len > 40 + (v ? strlen(v) : 0) + (s ? strlen(s) : 0) + (d ? strlen(d) : 0)) data/r-other-x4r-1.0.1+git20150806.c6bd9bd/src/stdsoap2.cpp:16444:69: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (len > 40 + (v ? strlen(v) : 0) + (s ? strlen(s) : 0) + (d ? strlen(d) : 0)) ANALYSIS SUMMARY: Hits = 439 Lines analyzed = 80552 in approximately 2.52 seconds (32004 lines/second) Physical Source Lines of Code (SLOC) = 70831 Hits@level = [0] 27 [1] 184 [2] 145 [3] 2 [4] 108 [5] 0 Hits@level+ = [0+] 466 [1+] 439 [2+] 255 [3+] 110 [4+] 108 [5+] 0 Hits/KSLOC@level+ = [0+] 6.57904 [1+] 6.19785 [2+] 3.60012 [3+] 1.55299 [4+] 1.52476 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.