Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/rserve-1.7-3.1/src/oc.h Examining data/rserve-1.7-3.1/src/base64.c Examining data/rserve-1.7-3.1/src/http.c Examining data/rserve-1.7-3.1/src/rsio.c Examining data/rserve-1.7-3.1/src/winembed.c Examining data/rserve-1.7-3.1/src/Rsrv.h Examining data/rserve-1.7-3.1/src/RSserver.c Examining data/rserve-1.7-3.1/src/sha1.h Examining data/rserve-1.7-3.1/src/oc.c Examining data/rserve-1.7-3.1/src/tls.c Examining data/rserve-1.7-3.1/src/tls.h Examining data/rserve-1.7-3.1/src/session.c Examining data/rserve-1.7-3.1/src/rserr.h Examining data/rserve-1.7-3.1/src/qap_encode.c Examining data/rserve-1.7-3.1/src/RSserver.h Examining data/rserve-1.7-3.1/src/other/RSpool.c Examining data/rserve-1.7-3.1/src/md5.c Examining data/rserve-1.7-3.1/src/qap_encode.h Examining data/rserve-1.7-3.1/src/sha1.c Examining data/rserve-1.7-3.1/src/rsdebug.h Examining data/rserve-1.7-3.1/src/websockets.c Examining data/rserve-1.7-3.1/src/client/cxx/rsdown.cc Examining data/rserve-1.7-3.1/src/client/cxx/rcmd.cc Examining data/rserve-1.7-3.1/src/client/cxx/Rsrv.h Examining data/rserve-1.7-3.1/src/client/cxx/sisocks.h Examining data/rserve-1.7-3.1/src/client/cxx/demo1.cc Examining data/rserve-1.7-3.1/src/client/cxx/rcons.cc Examining data/rserve-1.7-3.1/src/client/cxx/Rconnection.h Examining data/rserve-1.7-3.1/src/client/cxx/Rconnection.cc Examining data/rserve-1.7-3.1/src/rsio.h Examining data/rserve-1.7-3.1/src/session.h Examining data/rserve-1.7-3.1/src/http.h Examining data/rserve-1.7-3.1/src/qap_decode.c Examining data/rserve-1.7-3.1/src/websockets.h Examining data/rserve-1.7-3.1/src/standalone.c Examining data/rserve-1.7-3.1/src/md5.h Examining data/rserve-1.7-3.1/src/qap_decode.h Examining data/rserve-1.7-3.1/src/include/sbthread.h Examining data/rserve-1.7-3.1/src/include/sisocks.h Examining data/rserve-1.7-3.1/src/include/Win32/config.h Examining data/rserve-1.7-3.1/src/include/Win32/Startup.h Examining data/rserve-1.7-3.1/src/include/Win32/psignal.h Examining data/rserve-1.7-3.1/src/include/Parse.h Examining data/rserve-1.7-3.1/src/Rserv.c Examining data/rserve-1.7-3.1/clients/cxx/rsdown.cc Examining data/rserve-1.7-3.1/clients/cxx/rcmd.cc Examining data/rserve-1.7-3.1/clients/cxx/Rsrv.h Examining data/rserve-1.7-3.1/clients/cxx/sisocks.h Examining data/rserve-1.7-3.1/clients/cxx/demo1.cc Examining data/rserve-1.7-3.1/clients/cxx/rcons.cc Examining data/rserve-1.7-3.1/clients/cxx/Rconnection.h Examining data/rserve-1.7-3.1/clients/cxx/Rconnection.cc FINAL RESULTS: data/rserve-1.7-3.1/src/RSserver.c:125:4: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod(localSocketName, localSocketMode); data/rserve-1.7-3.1/src/Rserv.c:372:2: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. chown(tmpdir_buf, uid, gid); data/rserve-1.7-3.1/src/Rserv.c:375:3: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. chown(wdname, uid, gid); data/rserve-1.7-3.1/src/Rserv.c:2206:3: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod(what, st.st_mode | ((st.st_mode & S_IFDIR) ? S_IRWXU : S_IWUSR)); data/rserve-1.7-3.1/clients/cxx/Rconnection.cc:133:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(data+4,txt); data/rserve-1.7-3.1/clients/cxx/Rconnection.cc:621:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sau.sun_path,host); // FIXME: possible overflow! data/rserve-1.7-3.1/clients/cxx/Rconnection.cc:748:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cm->data+4, symbol); data/rserve-1.7-3.1/clients/cxx/Rconnection.cc:911:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(authbuf, user); c=authbuf+strlen(user); data/rserve-1.7-3.1/clients/cxx/Rconnection.cc:913:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(c,pwd); data/rserve-1.7-3.1/clients/cxx/Rconnection.cc:916:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(c,crypt(pwd,salt)); data/rserve-1.7-3.1/clients/cxx/Rconnection.cc:916:14: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. strcpy(c,crypt(pwd,salt)); data/rserve-1.7-3.1/clients/cxx/rcmd.cc:49:57: [4] (misc) getpass: This function is obsolete and not portable. It was in SUSv2 but removed by POSIX.2. What it does exactly varies considerably between systems, particularly in where its prompt is displayed and where it gets its data (e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do exactly what you want. If you continue to use it, or write your own, be sure to zero the password as soon as possible to avoid leaving the cleartext password visible in the process' address space. case 'P': if (++i < ac) pwd = av[i]; else pwd = getpass("password: "); break; data/rserve-1.7-3.1/clients/cxx/rsdown.cc:43:50: [4] (misc) getpass: This function is obsolete and not portable. It was in SUSv2 but removed by POSIX.2. What it does exactly varies considerably between systems, particularly in where its prompt is displayed and where it gets its data (e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do exactly what you want. If you continue to use it, or write your own, be sure to zero the password as soon as possible to avoid leaving the cleartext password visible in the process' address space. case 'P': if (++i < ac) pwd = av[i]; else pwd = getpass("password: "); break; data/rserve-1.7-3.1/clients/cxx/sisocks.h:104:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int snprintf(char *buf, int len, char *fmt, ...) data/rserve-1.7-3.1/clients/cxx/sisocks.h:110:10: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. cnt = vsprintf(buf, fmt, argptr); data/rserve-1.7-3.1/clients/cxx/sisocks.h:116:12: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. extern int snprintf(char *buf, int len, char *fmt, ...); data/rserve-1.7-3.1/src/RSserver.c:97:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(lusa.sun_path, localSocketName); data/rserve-1.7-3.1/src/Rserv.c:1066:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(se->line, p); data/rserve-1.7-3.1/src/Rserv.c:1069:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(se->line, p); data/rserve-1.7-3.1/src/Rserv.c:1932:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sb + tl, Rf_translateCharUTF8(STRING_ELT(exp, i))); data/rserve-1.7-3.1/src/Rserv.c:2063:13: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. c2 = crypt(c1, salt); data/rserve-1.7-3.1/src/Rserv.c:2425:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf,IDstring); data/rserve-1.7-3.1/src/client/cxx/Rconnection.cc:133:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(data+4,txt); data/rserve-1.7-3.1/src/client/cxx/Rconnection.cc:621:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sau.sun_path,host); // FIXME: possible overflow! data/rserve-1.7-3.1/src/client/cxx/Rconnection.cc:748:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cm->data+4, symbol); data/rserve-1.7-3.1/src/client/cxx/Rconnection.cc:911:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(authbuf, user); c=authbuf+strlen(user); data/rserve-1.7-3.1/src/client/cxx/Rconnection.cc:913:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(c,pwd); data/rserve-1.7-3.1/src/client/cxx/Rconnection.cc:916:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(c,crypt(pwd,salt)); data/rserve-1.7-3.1/src/client/cxx/Rconnection.cc:916:14: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. strcpy(c,crypt(pwd,salt)); data/rserve-1.7-3.1/src/client/cxx/rcmd.cc:49:57: [4] (misc) getpass: This function is obsolete and not portable. It was in SUSv2 but removed by POSIX.2. What it does exactly varies considerably between systems, particularly in where its prompt is displayed and where it gets its data (e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do exactly what you want. If you continue to use it, or write your own, be sure to zero the password as soon as possible to avoid leaving the cleartext password visible in the process' address space. case 'P': if (++i < ac) pwd = av[i]; else pwd = getpass("password: "); break; data/rserve-1.7-3.1/src/client/cxx/rsdown.cc:43:50: [4] (misc) getpass: This function is obsolete and not portable. It was in SUSv2 but removed by POSIX.2. What it does exactly varies considerably between systems, particularly in where its prompt is displayed and where it gets its data (e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do exactly what you want. If you continue to use it, or write your own, be sure to zero the password as soon as possible to avoid leaving the cleartext password visible in the process' address space. case 'P': if (++i < ac) pwd = av[i]; else pwd = getpass("password: "); break; data/rserve-1.7-3.1/src/client/cxx/sisocks.h:104:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int snprintf(char *buf, int len, char *fmt, ...) data/rserve-1.7-3.1/src/client/cxx/sisocks.h:110:10: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. cnt = vsprintf(buf, fmt, argptr); data/rserve-1.7-3.1/src/client/cxx/sisocks.h:116:12: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. extern int snprintf(char *buf, int len, char *fmt, ...); data/rserve-1.7-3.1/src/http.c:196:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, s); data/rserve-1.7-3.1/src/http.c:197:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf + 8, text); data/rserve-1.7-3.1/src/http.c:406:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s %d Code %d\r\nContent-type: ", HTTP_SIG(c), code, code); data/rserve-1.7-3.1/src/http.c:485:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s %d Code %d\r\nContent-type: ", HTTP_SIG(c), code, code); data/rserve-1.7-3.1/src/include/sisocks.h:104:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int snprintf(char *buf, int len, char *fmt, ...) data/rserve-1.7-3.1/src/include/sisocks.h:110:10: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. cnt = vsprintf(buf, fmt, argptr); data/rserve-1.7-3.1/src/include/sisocks.h:116:12: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. extern int snprintf(char *buf, int len, char *fmt, ...); data/rserve-1.7-3.1/src/other/RSpool.c:106:4: [4] (shell) execvp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execvp(RSargv[0], RSargv); data/rserve-1.7-3.1/src/qap_encode.c:272:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(st, cv); data/rserve-1.7-3.1/src/qap_encode.c:331:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*)buf, val); data/rserve-1.7-3.1/src/rserr.h:24:5: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, format, ap); data/rserve-1.7-3.1/src/websockets.c:308:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, h.key); data/rserve-1.7-3.1/src/winembed.c:127:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(ss, "%s [y/n/c]: ", s); data/rserve-1.7-3.1/src/winembed.c:168:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(Rversion, "%s.%s", R_MAJOR, R_MINOR); data/rserve-1.7-3.1/src/winembed.c:184:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(RHome, getenv("R_HOME")); data/rserve-1.7-3.1/src/winembed.c:197:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(rhb,"R_HOME=%s",RHome); data/rserve-1.7-3.1/src/winembed.c:208:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmpbuf, RHome); data/rserve-1.7-3.1/src/winembed.c:225:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmpbuf, RHome); data/rserve-1.7-3.1/src/winembed.c:235:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(RUser, getenv("R_USER")); data/rserve-1.7-3.1/src/winembed.c:237:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(RUser, getenv("HOME")); data/rserve-1.7-3.1/src/winembed.c:239:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(RUser, getenv("HOMEDIR")); data/rserve-1.7-3.1/src/winembed.c:240:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(RUser, getenv("HOMEPATH")); data/rserve-1.7-3.1/clients/cxx/rcmd.cc:97:14: [3] (buffer) getwd: This does not protect against buffer overflows by itself, so use with caution (CWE-120, CWE-20). Use getcwd instead. wd = strdup(getwd(buf)); data/rserve-1.7-3.1/src/Rserv.c:804:27: [3] (misc) chroot: chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22). Make sure the program immediately chdir("/"), closes file descriptors, and drops root privileges, and that all necessary files (and no more!) are in the new root. if (requested_chroot && chroot(requested_chroot)) { data/rserve-1.7-3.1/src/Rserv.c:1430:25: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. while ((port = (((int) random()) & 0x7fff)+32768)>65000) {}; data/rserve-1.7-3.1/src/Rserv.c:1794:15: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. long rseed = random(); data/rserve-1.7-3.1/src/Rserv.c:1838:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(rseed); data/rserve-1.7-3.1/src/Rserv.c:1840:2: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom(rseed); data/rserve-1.7-3.1/src/Rserv.c:2267:15: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. long rseed = random(); data/rserve-1.7-3.1/src/Rserv.c:2311:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(rseed); data/rserve-1.7-3.1/src/Rserv.c:2313:3: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom(rseed); data/rserve-1.7-3.1/src/client/cxx/rcmd.cc:97:14: [3] (buffer) getwd: This does not protect against buffer overflows by itself, so use with caution (CWE-120, CWE-20). Use getcwd instead. wd = strdup(getwd(buf)); data/rserve-1.7-3.1/src/oc.c:58:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(NULL) ^ (getpid() << 12)); data/rserve-1.7-3.1/src/oc.c:61:6: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom(time(NULL) ^ (getpid() << 12)); data/rserve-1.7-3.1/src/oc.c:69:47: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. for (i = 0; i < sizeof(rbuf); i++) rbuf[i] = random(); data/rserve-1.7-3.1/src/winembed.c:183:8: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if(getenv("R_HOME")) { data/rserve-1.7-3.1/src/winembed.c:184:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. strcpy(RHome, getenv("R_HOME")); data/rserve-1.7-3.1/src/winembed.c:207:10: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (!getenv("R_ARCH")) { data/rserve-1.7-3.1/src/winembed.c:234:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("R_USER")) { data/rserve-1.7-3.1/src/winembed.c:235:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. strcpy(RUser, getenv("R_USER")); data/rserve-1.7-3.1/src/winembed.c:236:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. } else if (getenv("HOME")) { data/rserve-1.7-3.1/src/winembed.c:237:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. strcpy(RUser, getenv("HOME")); data/rserve-1.7-3.1/src/winembed.c:238:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. } else if (getenv("HOMEDIR")) { data/rserve-1.7-3.1/src/winembed.c:239:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. strcpy(RUser, getenv("HOMEDIR")); data/rserve-1.7-3.1/src/winembed.c:240:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. strcat(RUser, getenv("HOMEPATH")); data/rserve-1.7-3.1/clients/cxx/Rconnection.cc:143:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, (raw_data)?buf:((char*)buf+4), dlen); data/rserve-1.7-3.1/clients/cxx/Rconnection.cc:177:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sb[256]; data/rserve-1.7-3.1/clients/cxx/Rconnection.cc:284:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this->data, data, len); data/rserve-1.7-3.1/clients/cxx/Rconnection.cc:354:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf+hl, data, len); data/rserve-1.7-3.1/clients/cxx/Rconnection.cc:597:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(session_key, session->key(), 32); data/rserve-1.7-3.1/clients/cxx/Rconnection.cc:612:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char IDstring[33]; data/rserve-1.7-3.1/clients/cxx/Rconnection.cc:860:23: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (msg->len > 0) memcpy(buf, msg->data, msg->len); data/rserve-1.7-3.1/clients/cxx/Rconnection.h:375:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key_[32]; data/rserve-1.7-3.1/clients/cxx/Rconnection.h:378:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Rsession(const char *host, int port, const char key[32]) { data/rserve-1.7-3.1/clients/cxx/Rconnection.h:378:48: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Rsession(const char *host, int port, const char key[32]) { data/rserve-1.7-3.1/clients/cxx/Rconnection.h:381:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(key_, key, 32); data/rserve-1.7-3.1/clients/cxx/Rconnection.h:400:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char salt[2]; data/rserve-1.7-3.1/clients/cxx/Rsrv.h:391:37: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned int itop(unsigned int i) { char b[4]; b[0]=((char*)&i)[3]; b[3]=((char*)&i)[0]; b[1]=((char*)&i)[2]; b[2]=((char*)&i)[1]; return *((unsigned int*)b); } data/rserve-1.7-3.1/clients/cxx/Rsrv.h:392:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. double dtop(double i) { char b[8]; b[0]=((char*)&i)[7]; b[1]=((char*)&i)[6]; b[2]=((char*)&i)[5]; b[3]=((char*)&i)[4]; b[7]=((char*)&i)[0]; b[6]=((char*)&i)[1]; b[5]=((char*)&i)[2]; b[4]=((char*)&i)[3]; return *((double*)b); } data/rserve-1.7-3.1/clients/cxx/demo1.cc:39:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; data/rserve-1.7-3.1/clients/cxx/rcmd.cc:27:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/rserve-1.7-3.1/clients/cxx/rcmd.cc:48:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case 'p': if (++i < ac) port = atoi(av[i]); break; data/rserve-1.7-3.1/clients/cxx/rcmd.cc:100:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(d, "setwd(\""); d += 7; data/rserve-1.7-3.1/clients/cxx/rcmd.cc:105:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(d, "\")"); data/rserve-1.7-3.1/clients/cxx/rcons.cc:36:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c[1024]; data/rserve-1.7-3.1/clients/cxx/rcons.cc:46:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; data/rserve-1.7-3.1/clients/cxx/rsdown.cc:42:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case 'p': if (++i < ac) port = atoi(av[i]); break; data/rserve-1.7-3.1/clients/cxx/rsdown.cc:65:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/rserve-1.7-3.1/clients/cxx/sisocks.h:176:14: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. default: sprintf(buf,"unknown socket error %d",sockerrno); data/rserve-1.7-3.1/clients/cxx/sisocks.h:189:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sock_err_buf[72]; data/rserve-1.7-3.1/src/Rserv.c:221:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void sha1hash(const char *buf, int len, unsigned char hash[20]); data/rserve-1.7-3.1/src/Rserv.c:221:50: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void sha1hash(const char *buf, int len, unsigned char hash[20]); data/rserve-1.7-3.1/src/Rserv.c:286:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char res[128]; /* reserved space for server-specific fields */ data/rserve-1.7-3.1/src/Rserv.c:326:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char authkey[1024]; /* server-side authentication key */ data/rserve-1.7-3.1/src/Rserv.c:355:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tmpdir_buf[1024]; data/rserve-1.7-3.1/src/Rserv.c:360:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wdname[512]; data/rserve-1.7-3.1/src/Rserv.c:440:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char rserve_rev[16]; /* this is generated from rserve_ver_id by main */ data/rserve-1.7-3.1/src/Rserv.c:483:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char NaStringRepresentation[2] = { 255, 0 }; data/rserve-1.7-3.1/src/Rserv.c:512:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi(str); data/rserve-1.7-3.1/src/Rserv.c:697:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(io_log_fn, "a"); data/rserve-1.7-3.1/src/Rserv.c:744:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(pwdfile, "r"); data/rserve-1.7-3.1/src/Rserv.c:764:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[8]; data/rserve-1.7-3.1/src/Rserv.c:831:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(pidfile, "w"); data/rserve-1.7-3.1/src/Rserv.c:898:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int lo = atoi(c); data/rserve-1.7-3.1/src/Rserv.c:905:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int hi = atoi(c); data/rserve-1.7-3.1/src/Rserv.c:993:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(p, "r"); data/rserve-1.7-3.1/src/Rserv.c:1050:14: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). long ns = atol(p); data/rserve-1.7-3.1/src/Rserv.c:1065:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(se->line, "try(source(\""); data/rserve-1.7-3.1/src/Rserv.c:1067:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(se->line, "\"))"); data/rserve-1.7-3.1/src/Rserv.c:1082:14: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). long ns = atol(p); data/rserve-1.7-3.1/src/Rserv.c:1222:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/rserve-1.7-3.1/src/Rserv.c:1228:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(fn,"r"); data/rserve-1.7-3.1/src/Rserv.c:1402:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char session_key[32]; data/rserve-1.7-3.1/src/Rserv.c:1417:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char key[32]; data/rserve-1.7-3.1/src/Rserv.c:1474:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dsr.key, session_key, 32); data/rserve-1.7-3.1/src/Rserv.c:1492:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char clk[32]; data/rserve-1.7-3.1/src/Rserv.c:1554:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f->f = fopen(pwdfile, "r"); data/rserve-1.7-3.1/src/Rserv.c:1589:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char dump_buf[32768]; /* scratch buffer that is static so mem alloc doesn't fail */ data/rserve-1.7-3.1/src/Rserv.c:1677:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(io_log_fn, "a"); data/rserve-1.7-3.1/src/Rserv.c:1716:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(io_log_fn, "a"); data/rserve-1.7-3.1/src/Rserv.c:1830:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(main_argv[0] + strlen(main_argv[0]) - 8, "/RsrvCHx"); data/rserve-1.7-3.1/src/Rserv.c:1958:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char auth_buf[4096]; data/rserve-1.7-3.1/src/Rserv.c:1965:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char md5h[16]; data/rserve-1.7-3.1/src/Rserv.c:1966:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sh1h[20]; data/rserve-1.7-3.1/src/Rserv.c:1967:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char md5_pwd[34]; /* MD5 hex representation of the password */ data/rserve-1.7-3.1/src/Rserv.c:1968:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sha1_pwd[42]; /* SHA1 hex representation of the password */ data/rserve-1.7-3.1/src/Rserv.c:2111:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char rsa_buf[32768]; data/rserve-1.7-3.1/src/Rserv.c:2162:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(kb + 4, authkey, SRV_KEY_LEN); data/rserve-1.7-3.1/src/Rserv.c:2251:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char salt[5]; data/rserve-1.7-3.1/src/Rserv.c:2301:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(main_argv[0] + strlen(main_argv[0]) - 8, "/RsrvCHq"); data/rserve-1.7-3.1/src/Rserv.c:2429:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf+16,"ARuc",4); data/rserve-1.7-3.1/src/Rserv.c:2434:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf+20,salt,4); data/rserve-1.7-3.1/src/Rserv.c:2436:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (usePlain) memcpy(buf + 24,"ARpt",4); data/rserve-1.7-3.1/src/Rserv.c:2439:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (usePlain) memcpy(buf + 16, "ARpt", 4); data/rserve-1.7-3.1/src/Rserv.c:2446:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ep, "TLS\n", 4); data/rserve-1.7-3.1/src/Rserv.c:2488:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(io_log_fn, "a"); data/rserve-1.7-3.1/src/Rserv.c:2555:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(io_log_fn, "a"); data/rserve-1.7-3.1/src/Rserv.c:2923:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). cf=fopen(c,(ph.cmd==CMD_openFile)?"rb":"wb"); data/rserve-1.7-3.1/src/Rserv.c:3479:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(main_argv[0] + strlen(main_argv[0]) - 8, "/RsrvSRV"); data/rserve-1.7-3.1/src/Rserv.c:3617:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cib[256]; data/rserve-1.7-3.1/src/Rsrv.h:391:37: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned int itop(unsigned int i) { char b[4]; b[0]=((char*)&i)[3]; b[3]=((char*)&i)[0]; b[1]=((char*)&i)[2]; b[2]=((char*)&i)[1]; return *((unsigned int*)b); } data/rserve-1.7-3.1/src/Rsrv.h:392:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. double dtop(double i) { char b[8]; b[0]=((char*)&i)[7]; b[1]=((char*)&i)[6]; b[2]=((char*)&i)[5]; b[3]=((char*)&i)[4]; b[7]=((char*)&i)[0]; b[6]=((char*)&i)[1]; b[5]=((char*)&i)[2]; b[4]=((char*)&i)[3]; return *((double*)b); } data/rserve-1.7-3.1/src/client/cxx/Rconnection.cc:143:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, (raw_data)?buf:((char*)buf+4), dlen); data/rserve-1.7-3.1/src/client/cxx/Rconnection.cc:177:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sb[256]; data/rserve-1.7-3.1/src/client/cxx/Rconnection.cc:284:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this->data, data, len); data/rserve-1.7-3.1/src/client/cxx/Rconnection.cc:354:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf+hl, data, len); data/rserve-1.7-3.1/src/client/cxx/Rconnection.cc:597:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(session_key, session->key(), 32); data/rserve-1.7-3.1/src/client/cxx/Rconnection.cc:612:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char IDstring[33]; data/rserve-1.7-3.1/src/client/cxx/Rconnection.cc:860:23: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (msg->len > 0) memcpy(buf, msg->data, msg->len); data/rserve-1.7-3.1/src/client/cxx/Rconnection.h:375:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key_[32]; data/rserve-1.7-3.1/src/client/cxx/Rconnection.h:378:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Rsession(const char *host, int port, const char key[32]) { data/rserve-1.7-3.1/src/client/cxx/Rconnection.h:378:48: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Rsession(const char *host, int port, const char key[32]) { data/rserve-1.7-3.1/src/client/cxx/Rconnection.h:381:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(key_, key, 32); data/rserve-1.7-3.1/src/client/cxx/Rconnection.h:400:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char salt[2]; data/rserve-1.7-3.1/src/client/cxx/Rsrv.h:391:37: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned int itop(unsigned int i) { char b[4]; b[0]=((char*)&i)[3]; b[3]=((char*)&i)[0]; b[1]=((char*)&i)[2]; b[2]=((char*)&i)[1]; return *((unsigned int*)b); } data/rserve-1.7-3.1/src/client/cxx/Rsrv.h:392:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. double dtop(double i) { char b[8]; b[0]=((char*)&i)[7]; b[1]=((char*)&i)[6]; b[2]=((char*)&i)[5]; b[3]=((char*)&i)[4]; b[7]=((char*)&i)[0]; b[6]=((char*)&i)[1]; b[5]=((char*)&i)[2]; b[4]=((char*)&i)[3]; return *((double*)b); } data/rserve-1.7-3.1/src/client/cxx/demo1.cc:39:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; data/rserve-1.7-3.1/src/client/cxx/rcmd.cc:27:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/rserve-1.7-3.1/src/client/cxx/rcmd.cc:48:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case 'p': if (++i < ac) port = atoi(av[i]); break; data/rserve-1.7-3.1/src/client/cxx/rcmd.cc:100:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(d, "setwd(\""); d += 7; data/rserve-1.7-3.1/src/client/cxx/rcmd.cc:105:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(d, "\")"); data/rserve-1.7-3.1/src/client/cxx/rcons.cc:36:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c[1024]; data/rserve-1.7-3.1/src/client/cxx/rcons.cc:46:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; data/rserve-1.7-3.1/src/client/cxx/rsdown.cc:42:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case 'p': if (++i < ac) port = atoi(av[i]); break; data/rserve-1.7-3.1/src/client/cxx/rsdown.cc:65:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/rserve-1.7-3.1/src/client/cxx/sisocks.h:176:14: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. default: sprintf(buf,"unknown socket error %d",sockerrno); data/rserve-1.7-3.1/src/client/cxx/sisocks.h:189:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sock_err_buf[72]; data/rserve-1.7-3.1/src/http.c:48:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[1]; data/rserve-1.7-3.1/src/http.c:123:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, buf->data, buf->length); data/rserve-1.7-3.1/src/http.c:190:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[96]; data/rserve-1.7-3.1/src/http.c:297:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(res), c->body, c->content_length); data/rserve-1.7-3.1/src/http.c:400:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/rserve-1.7-3.1/src/http.c:427:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(fn, "rb"); data/rserve-1.7-3.1/src/http.c:438:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "\r\nContent-length: %ld\r\n\r\n", fsz); data/rserve-1.7-3.1/src/http.c:471:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "\r\nContent-length: %u\r\n\r\n", (unsigned int) strlen(cs)); data/rserve-1.7-3.1/src/http.c:480:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/rserve-1.7-3.1/src/http.c:497:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "\r\nContent-length: %u\r\n\r\n", LENGTH(y)); data/rserve-1.7-3.1/src/http.c:611:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c->body, c->line_buf, c->body_pos); data/rserve-1.7-3.1/src/http.c:660:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c->headers->data + c->headers->length, "Request-Method: ", 16); data/rserve-1.7-3.1/src/http.c:662:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c->headers->data + c->headers->length, bol, mend - bol); data/rserve-1.7-3.1/src/http.c:688:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c->headers->data + c->headers->length, bol, fits); data/rserve-1.7-3.1/src/http.c:694:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c->headers->data, bol + fits, l - fits); data/rserve-1.7-3.1/src/http.c:699:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c->headers->data + c->headers->length, bol, l); data/rserve-1.7-3.1/src/http.c:718:29: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). c->content_length = atol(k); data/rserve-1.7-3.1/src/include/sbthread.h:22:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m,&lm,sizeof(pthread_mutex_t)); data/rserve-1.7-3.1/src/include/sbthread.h:56:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mtxn[64],*c; data/rserve-1.7-3.1/src/include/sbthread.h:59:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mtxn,"sbthread_mutex"); data/rserve-1.7-3.1/src/include/sbthread.h:73:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mtxn[i],&m,sizeof(m)); data/rserve-1.7-3.1/src/include/sbthread.h:75:23: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. c=(char*)malloc(i); memcpy(c,mtxn,i); data/rserve-1.7-3.1/src/include/sbthread.h:88:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&m[i],&h,sizeof(h)); data/rserve-1.7-3.1/src/include/sisocks.h:176:14: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. default: sprintf(buf,"unknown socket error %d",sockerrno); data/rserve-1.7-3.1/src/include/sisocks.h:189:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sock_err_buf[72]; data/rserve-1.7-3.1/src/md5.c:104:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, buf, len); data/rserve-1.7-3.1/src/md5.c:107:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, buf, t); data/rserve-1.7-3.1/src/md5.c:116:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->in, buf, 64); data/rserve-1.7-3.1/src/md5.c:125:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->in, buf, len); data/rserve-1.7-3.1/src/md5.c:133:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char digest[16]; struct MD5Context *ctx; data/rserve-1.7-3.1/src/md5.c:170:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(digest, ctx->buf, 16); data/rserve-1.7-3.1/src/md5.c:276:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char m5hash[16]; data/rserve-1.7-3.1/src/md5.c:279:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *md5hash(const void *buf, int len, unsigned char hash[16]) { data/rserve-1.7-3.1/src/md5.c:279:59: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *md5hash(const void *buf, int len, unsigned char hash[16]) { data/rserve-1.7-3.1/src/md5.h:9:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char in[64]; data/rserve-1.7-3.1/src/md5.h:19:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *md5hash(const void *buf, int len, unsigned char hash[16]); data/rserve-1.7-3.1/src/md5.h:19:59: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *md5hash(const void *buf, int len, unsigned char hash[16]); data/rserve-1.7-3.1/src/oc.c:44:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hash[21]; data/rserve-1.7-3.1/src/oc.c:52:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char rbuf[64]; data/rserve-1.7-3.1/src/oc.c:105:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char token[MAX_OC_TOKEN_LEN + 1]; data/rserve-1.7-3.1/src/other/RSpool.c:97:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[48]; data/rserve-1.7-3.1/src/other/RSpool.c:157:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char server_io_buffer[65536]; data/rserve-1.7-3.1/src/other/RSpool.c:286:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ids[32]; data/rserve-1.7-3.1/src/other/RSpool.c:336:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case 'p': if (++i < argc) port = atoi(argv[i]); else { fprintf(stderr, "ERROR: missing port specification in -p <port>\n"); return 1; }; break; data/rserve-1.7-3.1/src/other/RSpool.c:337:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case 'w': if (++i < argc) workers = atoi(argv[i]); else { fprintf(stderr, "ERROR: missing workers specification in -w <workers>\n"); return 1; }; break; data/rserve-1.7-3.1/src/qap_decode.c:18:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char NaStringRepresentation[2] = { 255, 0 }; data/rserve-1.7-3.1/src/qap_decode.c:73:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(INTEGER(val), b, l * sizeof(int)); data/rserve-1.7-3.1/src/qap_decode.c:105:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(REAL(val), b, sizeof(double) * l); data/rserve-1.7-3.1/src/qap_decode.c:122:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(COMPLEX(val), b, sizeof(*COMPLEX(val)) * l); data/rserve-1.7-3.1/src/qap_decode.c:171:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(val), (b + 1), i); data/rserve-1.7-3.1/src/qap_encode.c:28:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char NaStringRepresentation[2] = { 255, 0 }; data/rserve-1.7-3.1/src/qap_encode.c:190:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, REAL(x), sizeof(double) * LENGTH(x)); data/rserve-1.7-3.1/src/qap_encode.c:208:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, COMPLEX(x), LENGTH(x) * sizeof(*COMPLEX(x))); data/rserve-1.7-3.1/src/qap_encode.c:228:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (ll) memcpy(buf, RAW(x), ll); data/rserve-1.7-3.1/src/qap_encode.c:300:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, iptr, n * sizeof(int)); data/rserve-1.7-3.1/src/rsdebug.h:34:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char io_log_fn[128]; data/rserve-1.7-3.1/src/rsio.h:43:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[1]; data/rserve-1.7-3.1/src/session.c:25:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. struct sSession *find_session(char key[16]) { data/rserve-1.7-3.1/src/session.c:38:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. struct sSession *new_session(char key[16]) { data/rserve-1.7-3.1/src/session.c:47:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&session[sessions].key, key, 16); data/rserve-1.7-3.1/src/session.c:52:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void free_session(char key[16]) { data/rserve-1.7-3.1/src/session.h:5:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char key[16]; data/rserve-1.7-3.1/src/session.h:9:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. struct sSession *new_session(char key[16]); data/rserve-1.7-3.1/src/session.h:10:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. struct sSession *find_session(char key[16]); data/rserve-1.7-3.1/src/session.h:11:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void free_session(char key[16]); data/rserve-1.7-3.1/src/sha1.c:414:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void sha1hash(const char *buf, int len, unsigned char hash[20]) data/rserve-1.7-3.1/src/sha1.c:414:50: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void sha1hash(const char *buf, int len, unsigned char hash[20]) data/rserve-1.7-3.1/src/sha1.h:4:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void sha1hash(const char *buf, int len, unsigned char hash[20]); data/rserve-1.7-3.1/src/sha1.h:4:50: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void sha1hash(const char *buf, int len, unsigned char hash[20]); data/rserve-1.7-3.1/src/websockets.c:140:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lbuf[64]; data/rserve-1.7-3.1/src/websockets.c:141:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(lbuf, "HTTP/1.1 500 Out of memory\r\n\r\n"); data/rserve-1.7-3.1/src/websockets.c:209:60: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (!strcmp(kc, "sec-websocket-version")) h.version = atoi(dc); data/rserve-1.7-3.1/src/websockets.c:222:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "HTTP/1.1 400 Bad Request (line overflow)\r\n\r\n"); data/rserve-1.7-3.1/src/websockets.c:243:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "HTTP/1.1 400 Bad Request (connection failed before EOH)\r\n\r\n"); data/rserve-1.7-3.1/src/websockets.c:260:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char keyb[16]; data/rserve-1.7-3.1/src/websockets.c:261:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hash[16]; data/rserve-1.7-3.1/src/websockets.c:266:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "HTTP/1.1 400 Bad Request (Key3 incomplete)\r\n\r\n"); data/rserve-1.7-3.1/src/websockets.c:276:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "HTTP/1.1 400 Bad Request (at least one key header is missing)\r\n\r\n"); data/rserve-1.7-3.1/src/websockets.c:294:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(keyb + 8, buf, 8); data/rserve-1.7-3.1/src/websockets.c:300:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + bp, hash, 16); data/rserve-1.7-3.1/src/websockets.c:306:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hash[21]; data/rserve-1.7-3.1/src/websockets.c:307:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b64[40]; data/rserve-1.7-3.1/src/websockets.c:309:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, "258EAFA5-E914-47DA-95CA-C5AB0DC85B11"); data/rserve-1.7-3.1/src/websockets.c:349:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/rserve-1.7-3.1/src/websockets.c:350:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hash[21]; data/rserve-1.7-3.1/src/websockets.c:351:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b64[44]; data/rserve-1.7-3.1/src/websockets.c:380:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, "258EAFA5-E914-47DA-95CA-C5AB0DC85B11"); data/rserve-1.7-3.1/src/websockets.c:388:81: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). printf("Responded with WebSockets.04+ handshake (version = %02d)\n", version ? atoi(version) : 0); data/rserve-1.7-3.1/src/websockets.c:397:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). arg->ver = version ? atoi(version) : 13; /* let's assume 13 if not present */ data/rserve-1.7-3.1/src/websockets.c:428:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(io_log_fn, "a"); data/rserve-1.7-3.1/src/websockets.c:455:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sbuf + pl, &ph, sizeof(ph)); data/rserve-1.7-3.1/src/websockets.c:460:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sbuf + pl, buf, send_here - pl); data/rserve-1.7-3.1/src/websockets.c:489:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sbuf + 1, buf, len); data/rserve-1.7-3.1/src/websockets.c:516:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sbuf + pl, buf, len); data/rserve-1.7-3.1/src/websockets.c:573:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, arg->buf, i); data/rserve-1.7-3.1/src/websockets.c:578:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (i) memcpy(buf, arg->buf, i); data/rserve-1.7-3.1/src/websockets.c:586:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, arg->buf, i); data/rserve-1.7-3.1/src/websockets.c:599:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, arg->buf, read_len); data/rserve-1.7-3.1/src/websockets.c:624:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, arg->buf, read_len); data/rserve-1.7-3.1/src/websockets.c:691:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&arg->l2, arg->buf + need - 4, 4); data/rserve-1.7-3.1/src/websockets.c:702:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, arg->buf + need, len); data/rserve-1.7-3.1/src/websockets.c:716:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, arg->buf + need, read_len); data/rserve-1.7-3.1/src/winembed.c:124:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ss[128]; data/rserve-1.7-3.1/src/winembed.c:125:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char a[3]; data/rserve-1.7-3.1/src/winembed.c:146:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char Rversion[25], RUser[MAX_PATH], RHome[MAX_PATH]; data/rserve-1.7-3.1/src/winembed.c:155:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tmpbuf[8192]; data/rserve-1.7-3.1/src/winembed.c:162:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rhb[MAX_PATH+10]; data/rserve-1.7-3.1/src/winembed.c:210:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tmpbuf, "\\bin\\x64\\R.dll"); data/rserve-1.7-3.1/src/winembed.c:213:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tmpbuf, "\\bin\\i386\\R.dll"); data/rserve-1.7-3.1/src/winembed.c:226:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tmpbuf, "\\bin\\R.dll"); data/rserve-1.7-3.1/clients/cxx/Rconnection.cc:124:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int tl=strlen(txt)+1; data/rserve-1.7-3.1/clients/cxx/Rconnection.cc:165:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int Rmessage::read(int s) { data/rserve-1.7-3.1/clients/cxx/Rconnection.cc:654:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int q = msg->read(s); data/rserve-1.7-3.1/clients/cxx/Rconnection.cc:712:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return msg->read(s); data/rserve-1.7-3.1/clients/cxx/Rconnection.cc:721:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return targetMsg->read(s); data/rserve-1.7-3.1/clients/cxx/Rconnection.cc:739:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int tl=strlen(symbol)+1; data/rserve-1.7-3.1/clients/cxx/Rconnection.cc:910:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). authbuf=(char*) malloc(strlen(user)+strlen(pwd)+22); data/rserve-1.7-3.1/clients/cxx/Rconnection.cc:910:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). authbuf=(char*) malloc(strlen(user)+strlen(pwd)+22); data/rserve-1.7-3.1/clients/cxx/Rconnection.cc:911:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(authbuf, user); c=authbuf+strlen(user); data/rserve-1.7-3.1/clients/cxx/Rconnection.h:93:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int read(int s); data/rserve-1.7-3.1/clients/cxx/Rconnection.h:267:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Rstring(const char *str) : Rexp(XT_STR, str, strlen(str)+1) {} data/rserve-1.7-3.1/clients/cxx/rcmd.cc:98:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). d = es = (char*) malloc(strlen(wd) * 2 + 14); data/rserve-1.7-3.1/clients/cxx/sisocks.h:159:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case EBADF: strncpy(buf,"bad descriptor",blen); break; data/rserve-1.7-3.1/clients/cxx/sisocks.h:160:18: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case EINVAL: strncpy(buf,"already in use",blen); break; data/rserve-1.7-3.1/clients/cxx/sisocks.h:161:18: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case EACCES: strncpy(buf,"access denied",blen); break; data/rserve-1.7-3.1/clients/cxx/sisocks.h:162:20: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case ENOTSOCK: strncpy(buf,"descriptor is not a socket",blen); break; data/rserve-1.7-3.1/clients/cxx/sisocks.h:163:22: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case EOPNOTSUPP: strncpy(buf,"operation not supported",blen); break; data/rserve-1.7-3.1/clients/cxx/sisocks.h:164:18: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case EFAULT: strncpy(buf,"fault",blen); break; data/rserve-1.7-3.1/clients/cxx/sisocks.h:165:23: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case EWOULDBLOCK: strncpy(buf,"operation would block",blen); break; data/rserve-1.7-3.1/clients/cxx/sisocks.h:166:19: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case EISCONN: strncpy(buf,"is already connected",blen); break; data/rserve-1.7-3.1/clients/cxx/sisocks.h:167:24: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case ECONNREFUSED: strncpy(buf,"connection refused",blen); break; data/rserve-1.7-3.1/clients/cxx/sisocks.h:168:21: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case ETIMEDOUT: strncpy(buf,"operation timed out",blen); break; data/rserve-1.7-3.1/clients/cxx/sisocks.h:169:23: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case ENETUNREACH: strncpy(buf,"network is unreachable",blen); break; data/rserve-1.7-3.1/clients/cxx/sisocks.h:170:22: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case EADDRINUSE: strncpy(buf,"address already in use",blen); break; data/rserve-1.7-3.1/clients/cxx/sisocks.h:171:23: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case EINPROGRESS: strncpy(buf,"in progress",blen); break; data/rserve-1.7-3.1/clients/cxx/sisocks.h:172:20: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case EALREADY: strncpy(buf,"previous connect request not completed yet",blen); break; data/rserve-1.7-3.1/src/RSserver.c:93:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(localSocketName) > sizeof(lusa.sun_path) - 2) { data/rserve-1.7-3.1/src/Rserv.c:462:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd[1] = strlen(str) + 1; data/rserve-1.7-3.1/src/Rserv.c:1063:87: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). struct source_entry* se= (struct source_entry*) malloc(sizeof(struct source_entry)+strlen(p)+16); data/rserve-1.7-3.1/src/Rserv.c:1829:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (main_argv && tag_argv && strlen(main_argv[0]) >= 8) data/rserve-1.7-3.1/src/Rserv.c:1830:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(main_argv[0] + strlen(main_argv[0]) - 8, "/RsrvCHx"); data/rserve-1.7-3.1/src/Rserv.c:1878:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). srv->send(arg, buf, strlen(buf)); data/rserve-1.7-3.1/src/Rserv.c:1889:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). srv->send(arg, buf, strlen(buf)); data/rserve-1.7-3.1/src/Rserv.c:1918:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tl += strlen(Rf_translateCharUTF8(STRING_ELT(exp, i))) + 1; data/rserve-1.7-3.1/src/Rserv.c:1926:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). srv->send(arg, buf, strlen(buf)); data/rserve-1.7-3.1/src/Rserv.c:1933:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tl += strlen(sb + tl); data/rserve-1.7-3.1/src/Rserv.c:1944:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). srv->send(arg, buf, strlen(buf)); data/rserve-1.7-3.1/src/Rserv.c:1969:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). md5hash(pwd, strlen(pwd), md5h); data/rserve-1.7-3.1/src/Rserv.c:1970:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sha1hash(pwd, strlen(pwd), sh1h); data/rserve-1.7-3.1/src/Rserv.c:2053:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((*c1 == '$' && strlen(c1) == 33 && !strcmp(c1 + 1, md5_pwd)) || data/rserve-1.7-3.1/src/Rserv.c:2054:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (*c1 == '$' && strlen(c1) == 41 && !strcmp(c1 + 1, sha1_pwd)) || data/rserve-1.7-3.1/src/Rserv.c:2055:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((*c1 != '$' || (strlen(c1) != 33 && strlen(c1) !=41)) && !strcmp(c1, pwd)))) { data/rserve-1.7-3.1/src/Rserv.c:2055:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((*c1 != '$' || (strlen(c1) != 33 && strlen(c1) !=41)) && !strcmp(c1, pwd)))) { data/rserve-1.7-3.1/src/Rserv.c:2058:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printf(" - %s password matches.\n", (*c1 == '$' && strlen(c1) == 33) ? "MD5" : data/rserve-1.7-3.1/src/Rserv.c:2059:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((*c1 == '$' && strlen(c1) == 41) ? "SHA1" : "plain")); data/rserve-1.7-3.1/src/Rserv.c:2215:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(what) + 1 + strlen(d->d_name) + 1; data/rserve-1.7-3.1/src/Rserv.c:2215:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(what) + 1 + strlen(d->d_name) + 1; data/rserve-1.7-3.1/src/Rserv.c:2300:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (main_argv && tag_argv && strlen(main_argv[0]) >= 8) data/rserve-1.7-3.1/src/Rserv.c:2301:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(main_argv[0] + strlen(main_argv[0]) - 8, "/RsrvCHq"); data/rserve-1.7-3.1/src/Rserv.c:2836:66: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (ph.cmd == CMD_ctrlEval) { cmd[0] = CCTL_EVAL; cmd[1] = strlen(parP[0]) + 1; } data/rserve-1.7-3.1/src/Rserv.c:2837:75: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (ph.cmd == CMD_ctrlSource) { cmd[0] = CCTL_SOURCE; cmd[1] = strlen(parP[0]) + 1; } data/rserve-1.7-3.1/src/Rserv.c:3478:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (main_argv && tag_argv == 1 && strlen(main_argv[0]) >= 8) { data/rserve-1.7-3.1/src/Rserv.c:3479:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(main_argv[0] + strlen(main_argv[0]) - 8, "/RsrvSRV"); data/rserve-1.7-3.1/src/Rserv.c:3603:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int n = read(cp->inp, cmd, sizeof(cmd)); data/rserve-1.7-3.1/src/Rserv.c:3626:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). n = read(cp->inp, cib, cmd[1]); data/rserve-1.7-3.1/src/Rserv.c:3631:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). n = read(cp->inp, xb, cmd[1]); data/rserve-1.7-3.1/src/client/cxx/Rconnection.cc:124:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int tl=strlen(txt)+1; data/rserve-1.7-3.1/src/client/cxx/Rconnection.cc:165:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int Rmessage::read(int s) { data/rserve-1.7-3.1/src/client/cxx/Rconnection.cc:654:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int q = msg->read(s); data/rserve-1.7-3.1/src/client/cxx/Rconnection.cc:712:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return msg->read(s); data/rserve-1.7-3.1/src/client/cxx/Rconnection.cc:721:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return targetMsg->read(s); data/rserve-1.7-3.1/src/client/cxx/Rconnection.cc:739:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int tl=strlen(symbol)+1; data/rserve-1.7-3.1/src/client/cxx/Rconnection.cc:910:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). authbuf=(char*) malloc(strlen(user)+strlen(pwd)+22); data/rserve-1.7-3.1/src/client/cxx/Rconnection.cc:910:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). authbuf=(char*) malloc(strlen(user)+strlen(pwd)+22); data/rserve-1.7-3.1/src/client/cxx/Rconnection.cc:911:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(authbuf, user); c=authbuf+strlen(user); data/rserve-1.7-3.1/src/client/cxx/Rconnection.h:93:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int read(int s); data/rserve-1.7-3.1/src/client/cxx/Rconnection.h:267:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Rstring(const char *str) : Rexp(XT_STR, str, strlen(str)+1) {} data/rserve-1.7-3.1/src/client/cxx/rcmd.cc:98:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). d = es = (char*) malloc(strlen(wd) * 2 + 14); data/rserve-1.7-3.1/src/client/cxx/sisocks.h:159:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case EBADF: strncpy(buf,"bad descriptor",blen); break; data/rserve-1.7-3.1/src/client/cxx/sisocks.h:160:18: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case EINVAL: strncpy(buf,"already in use",blen); break; data/rserve-1.7-3.1/src/client/cxx/sisocks.h:161:18: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case EACCES: strncpy(buf,"access denied",blen); break; data/rserve-1.7-3.1/src/client/cxx/sisocks.h:162:20: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case ENOTSOCK: strncpy(buf,"descriptor is not a socket",blen); break; data/rserve-1.7-3.1/src/client/cxx/sisocks.h:163:22: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case EOPNOTSUPP: strncpy(buf,"operation not supported",blen); break; data/rserve-1.7-3.1/src/client/cxx/sisocks.h:164:18: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case EFAULT: strncpy(buf,"fault",blen); break; data/rserve-1.7-3.1/src/client/cxx/sisocks.h:165:23: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case EWOULDBLOCK: strncpy(buf,"operation would block",blen); break; data/rserve-1.7-3.1/src/client/cxx/sisocks.h:166:19: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case EISCONN: strncpy(buf,"is already connected",blen); break; data/rserve-1.7-3.1/src/client/cxx/sisocks.h:167:24: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case ECONNREFUSED: strncpy(buf,"connection refused",blen); break; data/rserve-1.7-3.1/src/client/cxx/sisocks.h:168:21: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case ETIMEDOUT: strncpy(buf,"operation timed out",blen); break; data/rserve-1.7-3.1/src/client/cxx/sisocks.h:169:23: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case ENETUNREACH: strncpy(buf,"network is unreachable",blen); break; data/rserve-1.7-3.1/src/client/cxx/sisocks.h:170:22: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case EADDRINUSE: strncpy(buf,"address already in use",blen); break; data/rserve-1.7-3.1/src/client/cxx/sisocks.h:171:23: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case EINPROGRESS: strncpy(buf,"in progress",blen); break; data/rserve-1.7-3.1/src/client/cxx/sisocks.h:172:20: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case EALREADY: strncpy(buf,"previous connect request not completed yet",blen); break; data/rserve-1.7-3.1/src/http.c:193:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int l = strlen(text), res; data/rserve-1.7-3.1/src/http.c:202:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return send_response(c, text, strlen(text)); data/rserve-1.7-3.1/src/http.c:378:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). send_response(c, s, strlen(s)); data/rserve-1.7-3.1/src/http.c:407:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). send_response(c, buf, strlen(buf)); data/rserve-1.7-3.1/src/http.c:409:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). send_response(c, ct, strlen(ct)); data/rserve-1.7-3.1/src/http.c:416:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). send_response(c, hs, strlen(hs)); data/rserve-1.7-3.1/src/http.c:439:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). send_response(c, buf, strlen(buf)); data/rserve-1.7-3.1/src/http.c:471:67: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(buf, "\r\nContent-length: %u\r\n\r\n", (unsigned int) strlen(cs)); data/rserve-1.7-3.1/src/http.c:472:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). send_response(c, buf, strlen(buf)); data/rserve-1.7-3.1/src/http.c:474:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). send_response(c, cs, strlen(cs)); data/rserve-1.7-3.1/src/http.c:486:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). send_response(c, buf, strlen(buf)); data/rserve-1.7-3.1/src/http.c:488:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). send_response(c, ct, strlen(ct)); data/rserve-1.7-3.1/src/http.c:494:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). send_response(c, hs, strlen(hs)); data/rserve-1.7-3.1/src/http.c:498:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). send_response(c, buf, strlen(buf)); data/rserve-1.7-3.1/src/http.c:639:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int rll = strlen(bol); /* request line length */ data/rserve-1.7-3.1/src/http.c:672:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bol[strlen(bol) - 9] = 0; data/rserve-1.7-3.1/src/http.c:682:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int l = strlen(bol); data/rserve-1.7-3.1/src/include/sbthread.h:86:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i=strlen(m); data/rserve-1.7-3.1/src/include/sbthread.h:95:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i=strlen(m); i+=sizeof(h)+1; data/rserve-1.7-3.1/src/include/sbthread.h:107:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i=strlen(m); i+=sizeof(h)+1; data/rserve-1.7-3.1/src/include/sisocks.h:159:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case EBADF: strncpy(buf,"bad descriptor",blen); break; data/rserve-1.7-3.1/src/include/sisocks.h:160:18: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case EINVAL: strncpy(buf,"already in use",blen); break; data/rserve-1.7-3.1/src/include/sisocks.h:161:18: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case EACCES: strncpy(buf,"access denied",blen); break; data/rserve-1.7-3.1/src/include/sisocks.h:162:20: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case ENOTSOCK: strncpy(buf,"descriptor is not a socket",blen); break; data/rserve-1.7-3.1/src/include/sisocks.h:163:22: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case EOPNOTSUPP: strncpy(buf,"operation not supported",blen); break; data/rserve-1.7-3.1/src/include/sisocks.h:164:18: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case EFAULT: strncpy(buf,"fault",blen); break; data/rserve-1.7-3.1/src/include/sisocks.h:165:23: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case EWOULDBLOCK: strncpy(buf,"operation would block",blen); break; data/rserve-1.7-3.1/src/include/sisocks.h:166:19: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case EISCONN: strncpy(buf,"is already connected",blen); break; data/rserve-1.7-3.1/src/include/sisocks.h:167:24: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case ECONNREFUSED: strncpy(buf,"connection refused",blen); break; data/rserve-1.7-3.1/src/include/sisocks.h:168:21: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case ETIMEDOUT: strncpy(buf,"operation timed out",blen); break; data/rserve-1.7-3.1/src/include/sisocks.h:169:23: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case ENETUNREACH: strncpy(buf,"network is unreachable",blen); break; data/rserve-1.7-3.1/src/include/sisocks.h:170:22: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case EADDRINUSE: strncpy(buf,"address already in use",blen); break; data/rserve-1.7-3.1/src/include/sisocks.h:171:23: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case EINPROGRESS: strncpy(buf,"in progress",blen); break; data/rserve-1.7-3.1/src/include/sisocks.h:172:20: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. case EALREADY: strncpy(buf,"previous connect request not completed yet",blen); break; data/rserve-1.7-3.1/src/other/RSpool.c:287:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int n = read(w->w_out, ids, sizeof(ids)); data/rserve-1.7-3.1/src/other/RSpool.c:297:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int n = read(w->w_out, &hdr, sizeof(hdr)); data/rserve-1.7-3.1/src/other/RSpool.c:310:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int n = read(w->w_out, server_io_buffer, to_go); data/rserve-1.7-3.1/src/qap_encode.c:86:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rlen_t sl = strlen(ct) + 1L; data/rserve-1.7-3.1/src/qap_encode.c:266:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rlen_t l = strlen(cv); data/rserve-1.7-3.1/src/qap_encode.c:332:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen((char*)buf); sl++; data/rserve-1.7-3.1/src/standalone.c:36:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rserve_rev, d, c - d); data/rserve-1.7-3.1/src/standalone.c:226:5: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(umask_value); data/rserve-1.7-3.1/src/websockets.c:142:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WS_wire_send(arg, lbuf, strlen(lbuf)); data/rserve-1.7-3.1/src/websockets.c:223:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WS_wire_send(arg, buf, strlen(buf)); data/rserve-1.7-3.1/src/websockets.c:244:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WS_wire_send(arg, buf, strlen(buf)); data/rserve-1.7-3.1/src/websockets.c:267:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WS_wire_send(arg, buf, strlen(buf)); data/rserve-1.7-3.1/src/websockets.c:277:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WS_wire_send(arg, buf, strlen(buf)); data/rserve-1.7-3.1/src/websockets.c:299:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bp = strlen(buf); data/rserve-1.7-3.1/src/websockets.c:310:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sha1hash(buf, strlen(buf), hash); data/rserve-1.7-3.1/src/websockets.c:315:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WS_wire_send(arg, buf, strlen(buf)); data/rserve-1.7-3.1/src/websockets.c:358:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). arg->srv->send(arg, buf, strlen(buf)); data/rserve-1.7-3.1/src/websockets.c:379:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, key, sizeof(buf) - 50); data/rserve-1.7-3.1/src/websockets.c:381:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sha1hash(buf, strlen(buf), hash); data/rserve-1.7-3.1/src/websockets.c:386:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). arg->srv->send(arg, buf, strlen(buf)); data/rserve-1.7-3.1/src/winembed.c:119:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). myWriteConsole(s, strlen(s)); data/rserve-1.7-3.1/src/winembed.c:176:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strncmp(Rversion, getDLLVersion(), strlen(Rversion)) != 0) { data/rserve-1.7-3.1/src/winembed.c:243:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = RUser + (strlen(RUser) - 1); ANALYSIS SUMMARY: Hits = 430 Lines analyzed = 15428 in approximately 0.51 seconds (30186 lines/second) Physical Source Lines of Code (SLOC) = 11586 Hits@level = [0] 463 [1] 139 [2] 212 [3] 23 [4] 52 [5] 4 Hits@level+ = [0+] 893 [1+] 430 [2+] 291 [3+] 79 [4+] 56 [5+] 4 Hits/KSLOC@level+ = [0+] 77.0758 [1+] 37.1138 [2+] 25.1165 [3+] 6.81857 [4+] 4.83342 [5+] 0.345244 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.