Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/roger-router-2.1.6/plugins/evolution/ebook-sources.h
Examining data/roger-router-2.1.6/plugins/evolution/evolution.c
Examining data/roger-router-2.1.6/plugins/google/google.c
Examining data/roger-router-2.1.6/plugins/gtknotify/gtknotify.c
Examining data/roger-router-2.1.6/plugins/indicator/indicator.c
Examining data/roger-router-2.1.6/plugins/keychain/keychain.c
Examining data/roger-router-2.1.6/plugins/osxab/osxab.c
Examining data/roger-router-2.1.6/plugins/statusicon/statusicon.c
Examining data/roger-router-2.1.6/plugins/thunderbird/thunderbird.c
Examining data/roger-router-2.1.6/plugins/vcard/vcard.c
Examining data/roger-router-2.1.6/plugins/vcard/vcard.h
Examining data/roger-router-2.1.6/plugins/webjournal/webjournal.c
Examining data/roger-router-2.1.6/plugins/webjournal/webjournal.h
Examining data/roger-router-2.1.6/roger/about.c
Examining data/roger-router-2.1.6/roger/about.h
Examining data/roger-router-2.1.6/roger/answeringmachine.c
Examining data/roger-router-2.1.6/roger/answeringmachine.h
Examining data/roger-router-2.1.6/roger/application.c
Examining data/roger-router-2.1.6/roger/application.h
Examining data/roger-router-2.1.6/roger/assistant.c
Examining data/roger-router-2.1.6/roger/assistant.h
Examining data/roger-router-2.1.6/roger/contacts.c
Examining data/roger-router-2.1.6/roger/contacts.h
Examining data/roger-router-2.1.6/roger/contactsearch.c
Examining data/roger-router-2.1.6/roger/contactsearch.h
Examining data/roger-router-2.1.6/roger/debug.c
Examining data/roger-router-2.1.6/roger/debug.h
Examining data/roger-router-2.1.6/roger/fax.c
Examining data/roger-router-2.1.6/roger/fax.h
Examining data/roger-router-2.1.6/roger/gd-two-lines-renderer.c
Examining data/roger-router-2.1.6/roger/gd-two-lines-renderer.h
Examining data/roger-router-2.1.6/roger/journal.c
Examining data/roger-router-2.1.6/roger/journal.h
Examining data/roger-router-2.1.6/roger/main.h
Examining data/roger-router-2.1.6/roger/main_ui.c
Examining data/roger-router-2.1.6/roger/pdf.c
Examining data/roger-router-2.1.6/roger/pdf.h
Examining data/roger-router-2.1.6/roger/phone.c
Examining data/roger-router-2.1.6/roger/phone.h
Examining data/roger-router-2.1.6/roger/plugins.c
Examining data/roger-router-2.1.6/roger/plugins.h
Examining data/roger-router-2.1.6/roger/print.c
Examining data/roger-router-2.1.6/roger/print.h
Examining data/roger-router-2.1.6/roger/settings.c
Examining data/roger-router-2.1.6/roger/settings.h
Examining data/roger-router-2.1.6/roger/shortcuts.c
Examining data/roger-router-2.1.6/roger/shortcuts.h
Examining data/roger-router-2.1.6/roger/uitools.h
FINAL RESULTS:
data/roger-router-2.1.6/plugins/vcard/vcard.c:805:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf(ptr, size, format, args);
data/roger-router-2.1.6/plugins/thunderbird/thunderbird.c:144:71: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
snprintf(file, sizeof(file), "%s/.mozilla-thunderbird/profiles.ini", g_get_home_dir());
data/roger-router-2.1.6/plugins/thunderbird/thunderbird.c:148:64: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
snprintf(file, sizeof(file), "%s/.thunderbird/profiles.ini", g_get_home_dir());
data/roger-router-2.1.6/plugins/thunderbird/thunderbird.c:164:38: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
result = g_string_append(result, g_get_home_dir());
data/roger-router-2.1.6/plugins/vcard/vcard.c:443:16: [3] (random) g_random_int:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int random = g_random_int() % 62;
data/roger-router-2.1.6/plugins/vcard/vcard.c:445:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random > 57) {
data/roger-router-2.1.6/plugins/vcard/vcard.c:449:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random > 90) {
data/roger-router-2.1.6/plugins/vcard/vcard.c:453:36: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
id = g_string_append_c(id, (char)random);
data/roger-router-2.1.6/roger/settings.c:1737:97: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
gtk_file_chooser_set_current_folder(GTK_FILE_CHOOSER(settings->fax_report_directory_chooser), g_get_home_dir());
data/roger-router-2.1.6/plugins/thunderbird/thunderbird.c:898:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = open(book, O_RDONLY);
data/roger-router-2.1.6/plugins/google/google.c:169:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(authorization_code, 0, strlen(authorization_code));
data/roger-router-2.1.6/plugins/google/google.c:502:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (contact->pnTitle != NULL && strlen(contact->pnTitle) > 0) {
data/roger-router-2.1.6/plugins/google/google.c:518:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (contact->pnPrivatePhone != NULL && strlen(contact->pnPrivatePhone) > 0) {
data/roger-router-2.1.6/plugins/google/google.c:525:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (contact->pnBusinessPhone != NULL && strlen(contact->pnBusinessPhone) > 0) {
data/roger-router-2.1.6/plugins/google/google.c:532:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (contact->pnPrivateMobile != NULL && strlen(contact->pnPrivateMobile) > 0) {
data/roger-router-2.1.6/plugins/google/google.c:539:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (contact->pnPrivateFax != NULL && strlen(contact->pnPrivateFax) > 0) {
data/roger-router-2.1.6/plugins/google/google.c:546:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (contact->pnBusinessFax != NULL && strlen(contact->pnBusinessFax) > 0) {
data/roger-router-2.1.6/plugins/google/google.c:555:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (contact->pnBusinessStreet != NULL && strlen(contact->pnBusinessStreet) > 0) {
data/roger-router-2.1.6/plugins/google/google.c:558:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (contact->pnBusinessCity != NULL && strlen(contact->pnBusinessCity) > 0) {
data/roger-router-2.1.6/plugins/google/google.c:561:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (contact->pnBusinessCountry != NULL && strlen(contact->pnBusinessCountry) > 0) {
data/roger-router-2.1.6/plugins/google/google.c:564:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (contact->pnBusinessZipCode != NULL && strlen(contact->pnBusinessZipCode) > 0) {
data/roger-router-2.1.6/plugins/google/google.c:576:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (contact->pnPrivateStreet != NULL && strlen(contact->pnPrivateStreet) > 0) {
data/roger-router-2.1.6/plugins/google/google.c:579:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (contact->pnPrivateCity != NULL && strlen(contact->pnPrivateCity) > 0) {
data/roger-router-2.1.6/plugins/google/google.c:582:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (contact->pnPrivateCountry != NULL && strlen(contact->pnPrivateCountry) > 0) {
data/roger-router-2.1.6/plugins/google/google.c:585:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (contact->pnPrivateZipCode != NULL && strlen(contact->pnPrivateZipCode) > 0) {
data/roger-router-2.1.6/plugins/google/google.c:652:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (contact->pnFirstName != NULL && strlen(contact->pnFirstName) > 0) {
data/roger-router-2.1.6/plugins/google/google.c:657:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (contact->pnLastName != NULL && strlen(contact->pnLastName) > 0) {
data/roger-router-2.1.6/plugins/google/google.c:660:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pnDisplayName != NULL && strlen(contact->pnDisplayName) > 0) {
data/roger-router-2.1.6/plugins/google/google.c:663:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (contact->pnTitle != NULL && strlen(contact->pnTitle) > 0) {
data/roger-router-2.1.6/plugins/google/google.c:671:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (contact->pnCompany != NULL && strlen(contact->pnCompany) > 0) {
data/roger-router-2.1.6/plugins/google/google.c:692:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(contact->pnBusinessPhone) <= 0) {
data/roger-router-2.1.6/plugins/google/google.c:700:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(contact->pnPrivatePhone) <= 0) {
data/roger-router-2.1.6/plugins/google/google.c:708:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(contact->pnPrivateMobile) <= 0) {
data/roger-router-2.1.6/plugins/google/google.c:716:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(contact->pnPrivateFax) <= 0) {
data/roger-router-2.1.6/plugins/google/google.c:724:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(contact->pnBusinessFax) <= 0) {
data/roger-router-2.1.6/plugins/google/google.c:737:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bBusinessPhone == FALSE && strlen(contact->pnBusinessPhone) > 0) {
data/roger-router-2.1.6/plugins/google/google.c:743:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bBusinessFax == FALSE && strlen(contact->pnBusinessFax) > 0) {
data/roger-router-2.1.6/plugins/google/google.c:749:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bPrivatePhone == FALSE && strlen(contact->pnPrivatePhone) > 0) {
data/roger-router-2.1.6/plugins/google/google.c:755:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bPrivateFax == FALSE && strlen(contact->pnPrivateFax) > 0) {
data/roger-router-2.1.6/plugins/google/google.c:761:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bPrivateMobile == FALSE && strlen(contact->pnPrivateMobile) > 0) {
data/roger-router-2.1.6/plugins/google/google.c:770:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (contact->pnBusinessStreet != NULL && strlen(contact->pnBusinessStreet) > 0) {
data/roger-router-2.1.6/plugins/google/google.c:773:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (contact->pnBusinessCity != NULL && strlen(contact->pnBusinessCity) > 0) {
data/roger-router-2.1.6/plugins/google/google.c:776:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (contact->pnBusinessCountry != NULL && strlen(contact->pnBusinessCountry) > 0) {
data/roger-router-2.1.6/plugins/google/google.c:779:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (contact->pnBusinessZipCode != NULL && strlen(contact->pnBusinessZipCode) > 0) {
data/roger-router-2.1.6/plugins/google/google.c:784:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (contact->pnPrivateStreet != NULL && strlen(contact->pnPrivateStreet) > 0) {
data/roger-router-2.1.6/plugins/google/google.c:787:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (contact->pnPrivateCity != NULL && strlen(contact->pnPrivateCity) > 0) {
data/roger-router-2.1.6/plugins/google/google.c:790:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (contact->pnPrivateCountry != NULL && strlen(contact->pnPrivateCountry) > 0) {
data/roger-router-2.1.6/plugins/google/google.c:793:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (contact->pnPrivateZipCode != NULL && strlen(contact->pnPrivateZipCode) > 0) {
data/roger-router-2.1.6/plugins/keychain/keychain.c:50:3: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(SERVICE_NAME),
data/roger-router-2.1.6/plugins/keychain/keychain.c:52:3: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(pwd_name),
data/roger-router-2.1.6/plugins/keychain/keychain.c:122:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
status = SecKeychainAddGenericPassword(NULL, strlen(SERVICE_NAME), SERVICE_NAME, strlen(pwd_name), pwd_name, strlen(password), password, NULL);
data/roger-router-2.1.6/plugins/keychain/keychain.c:122:84: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
status = SecKeychainAddGenericPassword(NULL, strlen(SERVICE_NAME), SERVICE_NAME, strlen(pwd_name), pwd_name, strlen(password), password, NULL);
data/roger-router-2.1.6/plugins/keychain/keychain.c:122:112: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
status = SecKeychainAddGenericPassword(NULL, strlen(SERVICE_NAME), SERVICE_NAME, strlen(pwd_name), pwd_name, strlen(password), password, NULL);
data/roger-router-2.1.6/plugins/keychain/keychain.c:137:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
status = SecKeychainItemModifyAttributesAndData(item_ref, NULL, (UInt32)strlen(password), password);
data/roger-router-2.1.6/plugins/keychain/keychain.c:169:3: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(SERVICE_NAME),
data/roger-router-2.1.6/plugins/keychain/keychain.c:171:3: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(profile->name),
data/roger-router-2.1.6/plugins/thunderbird/thunderbird.c:176:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (result->str[strlen(result->str) - 1] == '\n') {
data/roger-router-2.1.6/plugins/thunderbird/thunderbird.c:177:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result->str[strlen(result->str) - 1] = '\0';
data/roger-router-2.1.6/plugins/thunderbird/thunderbird.c:179:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result->str[strlen(result->str)] = '\0';
data/roger-router-2.1.6/plugins/thunderbird/thunderbird.c:312:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (text && strlen(text->str)) {
data/roger-router-2.1.6/plugins/thunderbird/thunderbird.c:321:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (text && strlen(text->str)) {
data/roger-router-2.1.6/plugins/thunderbird/thunderbird.c:358:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(mork_data + mork_pos - 1, MORK_COLUMN_META, strlen(MORK_COLUMN_META))) {
data/roger-router-2.1.6/plugins/thunderbird/thunderbird.c:360:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mork_pos += strlen(MORK_COLUMN_META) - 1;
data/roger-router-2.1.6/plugins/thunderbird/thunderbird.c:398:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(id_str, text->str, pos);
data/roger-router-2.1.6/plugins/thunderbird/thunderbird.c:401:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(text->str) - pos;
data/roger-router-2.1.6/plugins/thunderbird/thunderbird.c:403:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sc_str, text->str + pos + 1, size);
data/roger-router-2.1.6/plugins/thunderbird/thunderbird.c:914:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(file, mork_data, size) == size) {
data/roger-router-2.1.6/plugins/thunderbird/thunderbird.c:960:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(file, book, sizeof(file) - 1);
data/roger-router-2.1.6/plugins/thunderbird/thunderbird.c:1066:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (book != NULL && strlen(book) > 0) {
data/roger-router-2.1.6/plugins/vcard/vcard.c:97:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(card_data->entry);
data/roger-router-2.1.6/plugins/vcard/vcard.c:144:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(card_data->entry);
data/roger-router-2.1.6/plugins/vcard/vcard.c:176:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(card_data->entry);
data/roger-router-2.1.6/plugins/vcard/vcard.c:206:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(card_data->entry);
data/roger-router-2.1.6/plugins/vcard/vcard.c:238:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(card_data->entry);
data/roger-router-2.1.6/roger/contacts.c:451:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_widget_set_sensitive(contacts->save_button, strlen(text) > 0);
data/roger-router-2.1.6/roger/contacts.c:867:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gchar *sub_name = (gchar*)name + strlen(rm_addressbook_get_name(book)) + 3;
data/roger-router-2.1.6/roger/journal.c:264:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (call->duration != NULL && strlen(call->duration) > 0) {
data/roger-router-2.1.6/roger/journal.c:528:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(text) > 0) {
data/roger-router-2.1.6/roger/phone.c:393:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new[strlen(text) - 1] = '\0';
data/roger-router-2.1.6/roger/print.c:459:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (local_name != NULL && strlen(local_name) > 0) {
data/roger-router-2.1.6/roger/print.c:464:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (local_number != NULL && strlen(local_number) > 0) {
data/roger-router-2.1.6/roger/print.c:469:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (duration != NULL && strlen(duration) > 0) {
ANALYSIS SUMMARY:
Hits = 82
Lines analyzed = 16450 in approximately 0.38 seconds (43527 lines/second)
Physical Source Lines of Code (SLOC) = 10574
Hits@level = [0] 7 [1] 72 [2] 1 [3] 8 [4] 1 [5] 0
Hits@level+ = [0+] 89 [1+] 82 [2+] 10 [3+] 9 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 8.41687 [1+] 7.75487 [2+] 0.945716 [3+] 0.851144 [4+] 0.0945716 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.