Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/radsecproxy-1.8.2/tcp.h
Examining data/radsecproxy-1.8.2/radsecproxy.c
Examining data/radsecproxy-1.8.2/rewrite.c
Examining data/radsecproxy-1.8.2/fticks_hashmac.h
Examining data/radsecproxy-1.8.2/list.c
Examining data/radsecproxy-1.8.2/debug.h
Examining data/radsecproxy-1.8.2/tls.h
Examining data/radsecproxy-1.8.2/util.c
Examining data/radsecproxy-1.8.2/hostport.c
Examining data/radsecproxy-1.8.2/tests/t_rewrite.c
Examining data/radsecproxy-1.8.2/tests/t_resizeattr.c
Examining data/radsecproxy-1.8.2/tests/t_fticks.c
Examining data/radsecproxy-1.8.2/tests/t_rewrite_config.c
Examining data/radsecproxy-1.8.2/radmsg.h
Examining data/radsecproxy-1.8.2/fticks.c
Examining data/radsecproxy-1.8.2/udp.c
Examining data/radsecproxy-1.8.2/tlv11.c
Examining data/radsecproxy-1.8.2/hash.c
Examining data/radsecproxy-1.8.2/dtls.h
Examining data/radsecproxy-1.8.2/gconfig.h
Examining data/radsecproxy-1.8.2/tlscommon.c
Examining data/radsecproxy-1.8.2/debug.c
Examining data/radsecproxy-1.8.2/list.h
Examining data/radsecproxy-1.8.2/radsecproxy.h
Examining data/radsecproxy-1.8.2/tcp.c
Examining data/radsecproxy-1.8.2/fticks_hashmac.c
Examining data/radsecproxy-1.8.2/rewrite.h
Examining data/radsecproxy-1.8.2/main.c
Examining data/radsecproxy-1.8.2/hostport.h
Examining data/radsecproxy-1.8.2/util.h
Examining data/radsecproxy-1.8.2/tls.c
Examining data/radsecproxy-1.8.2/catgconf.c
Examining data/radsecproxy-1.8.2/radsecproxy-hash.c
Examining data/radsecproxy-1.8.2/dtls.c
Examining data/radsecproxy-1.8.2/tlscommon.h
Examining data/radsecproxy-1.8.2/gconfig.c
Examining data/radsecproxy-1.8.2/tlv11.h
Examining data/radsecproxy-1.8.2/hash.h
Examining data/radsecproxy-1.8.2/radmsg.c
Examining data/radsecproxy-1.8.2/udp.h
Examining data/radsecproxy-1.8.2/fticks.h
FINAL RESULTS:
data/radsecproxy-1.8.2/catgconf.c:33:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(compact ? "%s=%s;" : "\t%s=%s\n", opt, val);
data/radsecproxy-1.8.2/debug.c:175:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "(%s) %s", tidbuf, format);
data/radsecproxy-1.8.2/debug.c:209:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(debug_file, format, ap);
data/radsecproxy-1.8.2/debug.c:240:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, format);
data/radsecproxy-1.8.2/gconfig.c:140:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, dir);
data/radsecproxy-1.8.2/gconfig.c:142:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path + strlen(dir) + 1, cfgpath);
data/radsecproxy-1.8.2/gconfig.c:528:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(optval, "%s %s", opt, val);
data/radsecproxy-1.8.2/radsecproxy.c:2127:6: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (execlp(conf->dynamiclookupcommand, conf->dynamiclookupcommand, server->dynamiclookuparg, NULL) < 0)
data/radsecproxy-1.8.2/util.c:39:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(prefixfmt ? prefixfmt : "%s: ", prefix);
data/radsecproxy-1.8.2/util.c:41:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(charfmt ? charfmt : "%c", s[i]);
data/radsecproxy-1.8.2/catgconf.c:59:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "c")) != -1) {
data/radsecproxy-1.8.2/radsecproxy-hash.c:49:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "hk:")) != -1) {
data/radsecproxy-1.8.2/radsecproxy.c:2873:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "c:d:i:fpv")) != -1) {
data/radsecproxy-1.8.2/debug.c:88:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
debug_file = fopen(debug_filepath, "a");
data/radsecproxy-1.8.2/debug.c:142:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
debug_file = fopen(debug_filepath, "a");
data/radsecproxy-1.8.2/debug.c:162:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tidbuf, "%u", tid);
data/radsecproxy-1.8.2/debug.c:171:20: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
tmp += sprintf(tmp, "%02x", ptid[i]);
data/radsecproxy-1.8.2/dtls.c:165:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4], *rad;
data/radsecproxy-1.8.2/dtls.c:184:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rad, buf, 4);
data/radsecproxy-1.8.2/dtls.c:202:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[INET6_ADDRSTRLEN];
data/radsecproxy-1.8.2/dtls.c:255:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[INET6_ADDRSTRLEN];
data/radsecproxy-1.8.2/dtls.c:307:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[INET6_ADDRSTRLEN];
data/radsecproxy-1.8.2/dtls.c:317:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmpsrvaddr, srcres, sizeof(struct addrinfo));
data/radsecproxy-1.8.2/dtls.c:385:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[48];
data/radsecproxy-1.8.2/dtls.c:434:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/radsecproxy-1.8.2/dtls.c:443:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[INET6_ADDRSTRLEN];
data/radsecproxy-1.8.2/dtls.c:500:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(¶ms->addr, &from, sizeof(from));
data/radsecproxy-1.8.2/dtls.c:501:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(¶ms->bind, &to, sizeof(to));
data/radsecproxy-1.8.2/fticks.c:133:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(macout, macin, 9);
data/radsecproxy-1.8.2/fticks.c:137:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(macout, macin, 9);
data/radsecproxy-1.8.2/fticks_hashmac.c:27:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf((char *) out + iw, "%02x", hash[ir % SHA256_DIGEST_SIZE]);
data/radsecproxy-1.8.2/gconfig.c:114:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(path, "r");
data/radsecproxy-1.8.2/gconfig.c:255:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(line, cf->data + pos, i - pos);
data/radsecproxy-1.8.2/gconfig.c:264:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/radsecproxy-1.8.2/gconfig.c:265:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tokens[3], *s;
data/radsecproxy-1.8.2/hash.c:52:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e->key, key, keylen);
data/radsecproxy-1.8.2/hostport.c:111:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
plen = atoi(slash + 1);
data/radsecproxy-1.8.2/hostport.c:128:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[INET6_ADDRSTRLEN];
data/radsecproxy-1.8.2/radmsg.c:43:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->auth, auth, 16);
data/radsecproxy-1.8.2/radmsg.c:132:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(auth, authattr, 16);
data/radsecproxy-1.8.2/radmsg.c:139:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(authattr, auth, 16);
data/radsecproxy-1.8.2/radmsg.c:155:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[MD5_DIGEST_SIZE];
data/radsecproxy-1.8.2/radmsg.c:213:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p+2, tlv->v, tlv->l);
data/radsecproxy-1.8.2/radmsg.c:242:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, msg->auth, 16);
data/radsecproxy-1.8.2/radmsg.c:262:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->auth, buf + 4, 16);
data/radsecproxy-1.8.2/radmsg.c:317:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 4, rqauth, 16);
data/radsecproxy-1.8.2/radmsg.c:321:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 4, msg->auth, 16);
data/radsecproxy-1.8.2/radmsg.c:326:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 4, msg->auth, 16);
data/radsecproxy-1.8.2/radmsg.c:344:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(attrname);
data/radsecproxy-1.8.2/radmsg.c:357:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*vendor = atoi(attrname);
data/radsecproxy-1.8.2/radmsg.c:363:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*type = atoi(s + 1);
data/radsecproxy-1.8.2/radmsg.c:398:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v, &vendor, 4);
data/radsecproxy-1.8.2/radsecproxy-hash.c:46:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mac[80+1];
data/radsecproxy-1.8.2/radsecproxy.c:558:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[MD5_DIGEST_SIZE], *input;
data/radsecproxy-1.8.2/radsecproxy.c:583:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(in, out, len);
data/radsecproxy-1.8.2/radsecproxy.c:592:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[MD5_DIGEST_SIZE];
data/radsecproxy-1.8.2/radsecproxy.c:643:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[MD5_DIGEST_SIZE];
data/radsecproxy-1.8.2/radsecproxy.c:645:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char plain[255];
data/radsecproxy-1.8.2/radsecproxy.c:684:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(text, plain, len);
data/radsecproxy-1.8.2/radsecproxy.c:913:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&vendor, attr->v, 4);
data/radsecproxy-1.8.2/radsecproxy.c:983:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[INET6_ADDRSTRLEN];
data/radsecproxy-1.8.2/radsecproxy.c:993:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf((char *)logstationid, " stationid ");
data/radsecproxy-1.8.2/radsecproxy.c:997:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(logstationid + 11, stationid, 9);
data/radsecproxy-1.8.2/radsecproxy.c:1007:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(logstationid+11, "undisclosed");
data/radsecproxy-1.8.2/radsecproxy.c:1051:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[INET6_ADDRSTRLEN];
data/radsecproxy-1.8.2/radsecproxy.c:1193:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[INET6_ADDRSTRLEN];
data/radsecproxy-1.8.2/radsecproxy.c:1235:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[INET6_ADDRSTRLEN];
data/radsecproxy-1.8.2/radsecproxy.c:1249:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rq->rqauth, msg->auth, 16);
data/radsecproxy-1.8.2/radsecproxy.c:1395:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[INET6_ADDRSTRLEN];
data/radsecproxy-1.8.2/radsecproxy.c:1485:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr->v+1, newsalt, 2);
data/radsecproxy-1.8.2/radsecproxy.c:1495:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->auth, rqout->rq->rqauth, 16);
data/radsecproxy-1.8.2/radsecproxy.c:1502:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr->v, rqout->rq->origusername, strlen(rqout->rq->origusername));
data/radsecproxy-1.8.2/radsecproxy.c:2747:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **listenargs[RAD_PROTOCOUNT];
data/radsecproxy-1.8.2/radsecproxy.c:2748:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *sourcearg[RAD_PROTOCOUNT];
data/radsecproxy-1.8.2/radsecproxy.c:2930:2: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open("/dev/null", O_RDWR);
data/radsecproxy-1.8.2/radsecproxy.c:2967:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(pidfile, "w");
data/radsecproxy-1.8.2/rewrite.c:36:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
name = atoi(nameval);
data/radsecproxy-1.8.2/rewrite.c:43:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
name = atoi(s + 1);
data/radsecproxy-1.8.2/rewrite.c:49:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ival = atoi(s);
data/radsecproxy-1.8.2/rewrite.c:93:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
name = atoi(nameval);
data/radsecproxy-1.8.2/rewrite.c:149:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vendor = atoi(nameval);
data/radsecproxy-1.8.2/rewrite.c:332:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&vendor, attr->v, 4);
data/radsecproxy-1.8.2/rewrite.c:425:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr->v + reslen, out + start, i - start);
data/radsecproxy-1.8.2/rewrite.c:427:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr->v + reslen, in + pfield->rm_so, pfield->rm_eo - pfield->rm_so);
data/radsecproxy-1.8.2/rewrite.c:436:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr->v + reslen, out + start, i - start);
data/radsecproxy-1.8.2/rewrite.c:506:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&vendor, attr->v, 4);
data/radsecproxy-1.8.2/tcp.c:160:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4], *rad;
data/radsecproxy-1.8.2/tcp.c:179:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rad, buf, 4);
data/radsecproxy-1.8.2/tcp.c:242:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[INET6_ADDRSTRLEN];
data/radsecproxy-1.8.2/tcp.c:277:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[INET6_ADDRSTRLEN];
data/radsecproxy-1.8.2/tcp.c:321:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[INET6_ADDRSTRLEN];
data/radsecproxy-1.8.2/tests/t_rewrite.c:429:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value2[254];
data/radsecproxy-1.8.2/tests/t_rewrite.c:435:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value2+i, value, 20);
data/radsecproxy-1.8.2/tests/t_rewrite.c:437:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value2+i, "and another13\0", 14);
data/radsecproxy-1.8.2/tls.c:254:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4], *rad;
data/radsecproxy-1.8.2/tls.c:273:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rad, buf, 4);
data/radsecproxy-1.8.2/tls.c:391:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[INET6_ADDRSTRLEN];
data/radsecproxy-1.8.2/tls.c:432:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[INET6_ADDRSTRLEN];
data/radsecproxy-1.8.2/tls.c:485:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[INET6_ADDRSTRLEN];
data/radsecproxy-1.8.2/tlscommon.c:39:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
data/radsecproxy-1.8.2/tlscommon.c:95:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, userdata, pwdlen);
data/radsecproxy-1.8.2/tlscommon.c:164:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &time, sizeof(time_t));
data/radsecproxy-1.8.2/tlscommon.c:165:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+sizeof(time_t), peer, SOCKADDRP_SIZE(peer));
data/radsecproxy-1.8.2/tlscommon.c:191:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cookie, &now.tv_sec, sizeof(time_t));
data/radsecproxy-1.8.2/tlscommon.c:192:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cookie + sizeof(time_t), result, resultlength);
data/radsecproxy-1.8.2/tlscommon.c:712:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrbuf[INET6_ADDRSTRLEN];
data/radsecproxy-1.8.2/tlv11.c:30:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tlv->v, v, l);
data/radsecproxy-1.8.2/tlv11.c:102:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, tlv->v, tlv->l);
data/radsecproxy-1.8.2/udp.c:136:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4], *rad = NULL;
data/radsecproxy-1.8.2/udp.c:144:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[INET6_ADDRSTRLEN];
data/radsecproxy-1.8.2/udp.c:246:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[INET6_ADDRSTRLEN];
data/radsecproxy-1.8.2/udp.c:304:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&to, reply->from->addr, SOCKADDRP_SIZE(reply->from->addr));
data/radsecproxy-1.8.2/util.c:30:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r, s, len);
data/radsecproxy-1.8.2/util.c:90:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sa4.sin_addr, &sa6->sin6_addr.s6_addr[12], 4);
data/radsecproxy-1.8.2/debug.c:174:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = malloc(strlen(tidbuf) + strlen(format) + 4);
data/radsecproxy-1.8.2/debug.c:174:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = malloc(strlen(tidbuf) + strlen(format) + 4);
data/radsecproxy-1.8.2/debug.c:205:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
timebuf[strlen(timebuf) - 1] = '\0';
data/radsecproxy-1.8.2/debug.c:237:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(format);
data/radsecproxy-1.8.2/fticks.c:121:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy((char *) macout, "undisclosed", sizeof(macout) - 1);
data/radsecproxy-1.8.2/fticks_hashmac.c:41:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha256_update(&ctx, strlen((char *) in), in);
data/radsecproxy-1.8.2/fticks_hashmac.c:49:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hmac_sha256_set_key(&ctx, strlen((char *) key), key);
data/radsecproxy-1.8.2/fticks_hashmac.c:50:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hmac_sha256_update(&ctx, strlen((char *) in), in);
data/radsecproxy-1.8.2/fticks_hashmac.c:89:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
in_copy = calloc(1, strlen((const char *) in) + 1);
data/radsecproxy-1.8.2/gconfig.c:135:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path = malloc(strlen(dir) + strlen(cfgpath) + 2);
data/radsecproxy-1.8.2/gconfig.c:135:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path = malloc(strlen(dir) + strlen(cfgpath) + 2);
data/radsecproxy-1.8.2/gconfig.c:141:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path[strlen(dir)] = '/';
data/radsecproxy-1.8.2/gconfig.c:142:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(path + strlen(dir) + 1, cfgpath);
data/radsecproxy-1.8.2/gconfig.c:523:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
optval = malloc(strlen(opt) + strlen(val) + 2);
data/radsecproxy-1.8.2/gconfig.c:523:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
optval = malloc(strlen(opt) + strlen(val) + 2);
data/radsecproxy-1.8.2/radsecproxy.c:848:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(orig) != attr->l || memcmp(orig, attr->v, attr->l))
data/radsecproxy-1.8.2/radsecproxy.c:1011:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(logstationid+11, (char *)stationid, 128-12);
data/radsecproxy-1.8.2/radsecproxy.c:1069:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
attr = maketlv(RAD_Attr_Reply_Message, strlen(message), message);
data/radsecproxy-1.8.2/radsecproxy.c:1498:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!resizeattr(attr, strlen(rqout->rq->origusername))) {
data/radsecproxy-1.8.2/radsecproxy.c:1502:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(attr->v, rqout->rq->origusername, strlen(rqout->rq->origusername));
data/radsecproxy-1.8.2/radsecproxy.c:1909:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (value[strlen(value) - 1] == '/')
data/radsecproxy-1.8.2/radsecproxy.c:1910:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value[strlen(value) - 1] = '\0';
data/radsecproxy-1.8.2/radsecproxy.c:1919:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
regex = malloc(strlen(value) + n + 3);
data/radsecproxy-1.8.2/radsecproxy.c:1960:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (message && strlen(message) > 253) {
data/radsecproxy-1.8.2/radsecproxy.c:2879:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(optarg) != 1 || *optarg < '1' || *optarg > '5')
data/radsecproxy-1.8.2/rewrite.c:99:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s[strlen(s) - 1] == '/')
data/radsecproxy-1.8.2/rewrite.c:100:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s[strlen(s) - 1] = '\0';
data/radsecproxy-1.8.2/rewrite.c:296:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!hash_insert(rewriteconfs, value, strlen(value), rewrite))
data/radsecproxy-1.8.2/rewrite.c:305:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((r = hash_read(rewriteconfs, alt1, strlen(alt1))))
data/radsecproxy-1.8.2/rewrite.c:308:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((r = hash_read(rewriteconfs, alt2, strlen(alt2))))
data/radsecproxy-1.8.2/tcp.c:150:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cnt = read(s, buf + len, num - len);
data/radsecproxy-1.8.2/tests/t_rewrite.c:110:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(origattrs, maketlv(RAD_Attr_User_Name, strlen(username), username));
data/radsecproxy-1.8.2/tests/t_rewrite.c:111:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(expectedattrs, maketlv(RAD_Attr_User_Name, strlen(username), username));
data/radsecproxy-1.8.2/tests/t_rewrite.c:125:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(origattrs, maketlv(1, strlen(username), username));
data/radsecproxy-1.8.2/tests/t_rewrite.c:126:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(origattrs, maketlv(3, strlen(username), username));
data/radsecproxy-1.8.2/tests/t_rewrite.c:128:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(expectedattrs, maketlv(3, strlen(username), username));
data/radsecproxy-1.8.2/tests/t_rewrite.c:144:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(origattrs, maketlv(1, strlen(username), username));
data/radsecproxy-1.8.2/tests/t_rewrite.c:148:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(expectedattrs, maketlv(1, strlen(username), username));
data/radsecproxy-1.8.2/tests/t_rewrite.c:229:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(rewrite.addattrs, maketlv(1, strlen(value), value));
data/radsecproxy-1.8.2/tests/t_rewrite.c:230:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(expectedattrs, maketlv(1,strlen(value), value));
data/radsecproxy-1.8.2/tests/t_rewrite.c:246:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(rewrite.addattrs, maketlv(1, strlen(value), value));
data/radsecproxy-1.8.2/tests/t_rewrite.c:247:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(origattrs, maketlv(2, strlen(value), value));
data/radsecproxy-1.8.2/tests/t_rewrite.c:250:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(expectedattrs, maketlv(2,strlen(value), value));
data/radsecproxy-1.8.2/tests/t_rewrite.c:252:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(expectedattrs, maketlv(1,strlen(value), value));
data/radsecproxy-1.8.2/tests/t_rewrite.c:298:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(rewrite.supattrs, maketlv(1, strlen(value), value));
data/radsecproxy-1.8.2/tests/t_rewrite.c:299:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(expectedattrs, maketlv(1,strlen(value), value));
data/radsecproxy-1.8.2/tests/t_rewrite.c:315:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(rewrite.supattrs, maketlv(1, strlen(value2), value2));
data/radsecproxy-1.8.2/tests/t_rewrite.c:316:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(origattrs, maketlv(1,strlen(value), value));
data/radsecproxy-1.8.2/tests/t_rewrite.c:317:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(expectedattrs, maketlv(1,strlen(value), value));
data/radsecproxy-1.8.2/tests/t_rewrite.c:361:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(origattrs, maketlv(1,strlen(value), value));
data/radsecproxy-1.8.2/tests/t_rewrite.c:362:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(expectedattrs, maketlv(1,strlen(value), value));
data/radsecproxy-1.8.2/tests/t_rewrite.c:387:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(origattrs, maketlv(1,strlen(value), value));
data/radsecproxy-1.8.2/tests/t_rewrite.c:388:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(expectedattrs, maketlv(1,strlen(value2), value2));
data/radsecproxy-1.8.2/tests/t_rewrite.c:413:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(origattrs, maketlv(1,strlen(value), value));
data/radsecproxy-1.8.2/tests/t_rewrite.c:414:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(expectedattrs, maketlv(1,strlen(value2), value2));
data/radsecproxy-1.8.2/tests/t_rewrite.c:445:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(origattrs, maketlv(1,strlen(value), value));
data/radsecproxy-1.8.2/tests/t_rewrite.c:446:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(expectedattrs, maketlv(1,strlen(value2), value2));
data/radsecproxy-1.8.2/tests/t_rewrite.c:469:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(origattrs, maketlv(1,strlen(value), value));
data/radsecproxy-1.8.2/tests/t_rewrite.c:470:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(expectedattrs, maketlv(1,strlen(value), value));
data/radsecproxy-1.8.2/tests/t_rewrite.c:494:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(origattrs, maketlv(1,strlen(value), value));
data/radsecproxy-1.8.2/tests/t_rewrite.c:495:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(expectedattrs, maketlv(1,strlen(value2), value2));
data/radsecproxy-1.8.2/tests/t_rewrite.c:573:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(origattrs, maketlv(1, strlen(username), username));
data/radsecproxy-1.8.2/tests/t_rewrite.c:574:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(origattrs, maketlv(3, strlen(username), username));
data/radsecproxy-1.8.2/tests/t_rewrite.c:575:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(origattrs, makevendortlv(42, maketlv(1, strlen(username), username)));
data/radsecproxy-1.8.2/tests/t_rewrite.c:577:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(expectedattrs, maketlv(1, strlen(username), username));
data/radsecproxy-1.8.2/tests/t_rewrite.c:596:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(origattrs, maketlv(1, strlen(username), username));
data/radsecproxy-1.8.2/tests/t_rewrite.c:648:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(origattrs, maketlv(1, strlen(username), username));
data/radsecproxy-1.8.2/tests/t_rewrite.c:649:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(origattrs, maketlv(3, strlen(username), username));
data/radsecproxy-1.8.2/tests/t_rewrite.c:654:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(expectedattrs, maketlv(1, strlen(username), username));
data/radsecproxy-1.8.2/tests/t_rewrite.c:681:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(origattrs, makevendortlv(9,maketlv(102,strlen(value), value)));
data/radsecproxy-1.8.2/tests/t_rewrite.c:682:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list_push(expectedattrs, makevendortlv(9,maketlv(102,strlen(expect), expect)));
data/radsecproxy-1.8.2/tlscommon.c:92:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pwdlen = strlen(userdata);
data/radsecproxy-1.8.2/tlscommon.c:437:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = hash_read(tlsconfs, alt1, strlen(alt1));
data/radsecproxy-1.8.2/tlscommon.c:439:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = hash_read(tlsconfs, alt2, strlen(alt2));
data/radsecproxy-1.8.2/tlscommon.c:649:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (l == strlen(exact) && !strncasecmp(exact, v, l))
data/radsecproxy-1.8.2/tlscommon.c:808:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!hash_insert(tlsconfs, val, strlen(val), conf)) {
data/radsecproxy-1.8.2/tlscommon.c:859:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (v[strlen(v) - 1] == '/')
data/radsecproxy-1.8.2/tlscommon.c:860:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
v[strlen(v) - 1] = '\0';
data/radsecproxy-1.8.2/util.c:26:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
ANALYSIS SUMMARY:
Hits = 193
Lines analyzed = 11114 in approximately 0.31 seconds (35509 lines/second)
Physical Source Lines of Code (SLOC) = 9259
Hits@level = [0] 120 [1] 79 [2] 101 [3] 3 [4] 10 [5] 0
Hits@level+ = [0+] 313 [1+] 193 [2+] 114 [3+] 13 [4+] 10 [5+] 0
Hits/KSLOC@level+ = [0+] 33.8049 [1+] 20.8446 [2+] 12.3123 [3+] 1.40404 [4+] 1.08003 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.