Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/service-wrapper-java-3.5.30/src/c/Makefile-irix-mips-32.cc Examining data/service-wrapper-java-3.5.30/src/c/logger.h Examining data/service-wrapper-java-3.5.30/src/c/logger_base.h Examining data/service-wrapper-java-3.5.30/src/c/logger_file.c Examining data/service-wrapper-java-3.5.30/src/c/logger_file.h Examining data/service-wrapper-java-3.5.30/src/c/loggerjni.c Examining data/service-wrapper-java-3.5.30/src/c/loggerjni.h Examining data/service-wrapper-java-3.5.30/src/c/messages.h Examining data/service-wrapper-java-3.5.30/src/c/org_tanukisoftware_wrapper_WrapperManager.h Examining data/service-wrapper-java-3.5.30/src/c/org_tanukisoftware_wrapper_WrapperProcessConfig.h Examining data/service-wrapper-java-3.5.30/src/c/org_tanukisoftware_wrapper_WrapperProcessInputStream.h Examining data/service-wrapper-java-3.5.30/src/c/org_tanukisoftware_wrapper_WrapperProcessOutputStream.h Examining data/service-wrapper-java-3.5.30/src/c/org_tanukisoftware_wrapper_WrapperResources.h Examining data/service-wrapper-java-3.5.30/src/c/property.c Examining data/service-wrapper-java-3.5.30/src/c/property.h Examining data/service-wrapper-java-3.5.30/src/c/psapi.h Examining data/service-wrapper-java-3.5.30/src/c/resource.h Examining data/service-wrapper-java-3.5.30/src/c/test_example.c Examining data/service-wrapper-java-3.5.30/src/c/test_filter.c Examining data/service-wrapper-java-3.5.30/src/c/test_hashmap.c Examining data/service-wrapper-java-3.5.30/src/c/test_javaadditionalparam.c Examining data/service-wrapper-java-3.5.30/src/c/testsuite.c Examining data/service-wrapper-java-3.5.30/src/c/testsuite.h Examining data/service-wrapper-java-3.5.30/src/c/wrapper.h Examining data/service-wrapper-java-3.5.30/src/c/wrapper_file.c Examining data/service-wrapper-java-3.5.30/src/c/wrapper_file.h Examining data/service-wrapper-java-3.5.30/src/c/wrapper_hashmap.c Examining data/service-wrapper-java-3.5.30/src/c/wrapper_hashmap.h Examining data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c Examining data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h Examining data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c Examining data/service-wrapper-java-3.5.30/src/c/wrapper_win.c Examining data/service-wrapper-java-3.5.30/src/c/wrappereventloop.c Examining data/service-wrapper-java-3.5.30/src/c/wrapperinfo.h Examining data/service-wrapper-java-3.5.30/src/c/wrapperjni.c Examining data/service-wrapper-java-3.5.30/src/c/wrapperjni.h Examining data/service-wrapper-java-3.5.30/src/c/wrapperjni_unix.c Examining data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c Examining data/service-wrapper-java-3.5.30/src/c/logger.c Examining data/service-wrapper-java-3.5.30/src/c/wrapper.c FINAL RESULTS: data/service-wrapper-java-3.5.30/src/c/logger.c:3749:9: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(buffer, TEXT("..."), QUEUED_BUFFER_SIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4533:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Windows 10 "), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4535:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Windows Server 2016 "), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4541:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Windows Vista "), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4543:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Windows Server 2008 "), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4547:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Windows 7 "), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4549:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Windows Server 2008 R2 "), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4553:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Windows 8 "), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4555:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Windows Server 2012 "), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4559:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Windows 8.1 "), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4561:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Windows Server 2012 R2 "), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4566:17: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Windows Server 2003 R2, "), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4568:17: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Windows Storage Server 2003"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4570:17: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Windows Home Server"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4572:17: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Windows XP Professional x64 Edition"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4574:17: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Windows Server 2003, "), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4581:25: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Datacenter Edition for Itanium-based Systems"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4583:25: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Enterprise Edition for Itanium-based Systems"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4587:25: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Datacenter x64 Edition"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4589:25: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Enterprise x64 Edition"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4591:25: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Standard x64 Edition"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4595:25: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Compute Cluster Edition"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4597:25: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Datacenter Edition"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4599:25: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Enterprise Edition"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4601:25: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Web Edition" ), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4603:25: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Standard Edition"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4608:13: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Windows XP "), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4610:17: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Home Edition"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4612:17: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Professional"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4615:13: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Windows 2000 "), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4617:17: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Professional"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4620:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Datacenter Server"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4622:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Advanced Server"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4624:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Server"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4636:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Ultimate Edition" ), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4639:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Professional"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4642:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Home Premium Edition"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4645:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Home Basic Edition"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4648:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Enterprise Edition"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4651:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Business Edition"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4654:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Starter Edition"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4657:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Cluster Server Edition"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4660:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Datacenter Edition"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4663:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Datacenter Edition (core installation)"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4666:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Enterprise Edition"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4669:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Enterprise Edition (core installation)"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4672:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Enterprise Edition for Itanium-based Systems"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4675:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Small Business Server"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4678:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Small Business Server Premium Edition"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4681:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Standard Edition"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4684:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Standard Edition (core installation)"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4687:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Web Server Edition"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4690:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Home"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4693:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Home N"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4696:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Home China"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4699:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Home Single Language"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4702:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Mobile"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4705:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Mobile Enterprise"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4708:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Education"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4711:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Education N"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4714:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Enterprise E"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4717:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Enterprise N (evaluation installation)"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4720:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Enterprise N"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4723:21: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT("Enterprise (evaluation installation)"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4730:13: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT(" "), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4731:13: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, osvi.szCSDVersion, OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4734:9: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, buf, OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4738:17: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT(", 64-bit"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4740:17: [5] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. _tcsncat(*pszOS, TEXT(", 32-bit"), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:354:19: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. req = readlink(cExe, cFullPath, size); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:195:9: [5] (buffer) _getts: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead. #define _getts getws data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:269:23: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. #define _treadlink readlink data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:274:23: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. #define _tchmod chmod data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:387:9: [5] (buffer) _getts: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead. #define _getts gets data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:387:23: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead. #define _getts gets data/service-wrapper-java-3.5.30/src/c/logger.c:311:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(pos, 4, TEXT("%02x "), c); data/service-wrapper-java-3.5.30/src/c/logger.c:320:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(pos, 4, TEXT("\\0 ")); data/service-wrapper-java-3.5.30/src/c/logger.c:322:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(pos, 4, TEXT("\\%c "), TEXT('a') + c - 1); data/service-wrapper-java-3.5.30/src/c/logger.c:324:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(pos, 4, TEXT("%c "), c); data/service-wrapper-java-3.5.30/src/c/logger.c:326:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(pos, 4, TEXT(". ")); data/service-wrapper-java-3.5.30/src/c/logger.c:814:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(testfile, len, TEXT("%s%c.wrapper_test-%.4d%.4d"), data/service-wrapper-java-3.5.30/src/c/logger.c:1467:28: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. temp = _sntprintf( pos, reqSize - len, TEXT("wrapperm") ); data/service-wrapper-java-3.5.30/src/c/logger.c:1469:28: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. temp = _sntprintf( pos, reqSize - len, TEXT("wrapper ") ); data/service-wrapper-java-3.5.30/src/c/logger.c:1472:24: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. temp = _sntprintf( pos, reqSize - len, TEXT("wrapper ") ); data/service-wrapper-java-3.5.30/src/c/logger.c:1477:24: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. temp = _sntprintf( pos, reqSize - len, TEXT("wrapperp") ); data/service-wrapper-java-3.5.30/src/c/logger.c:1481:24: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. temp = _sntprintf( pos, reqSize - len, TEXT("jvm %-4d"), source_id ); data/service-wrapper-java-3.5.30/src/c/logger.c:1489:20: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. temp = _sntprintf( pos, reqSize - len, TEXT("%s"), logLevelNames[ level ] ); data/service-wrapper-java-3.5.30/src/c/logger.c:1498:24: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. temp = _sntprintf( pos, reqSize - len, TEXT("signal ") ); data/service-wrapper-java-3.5.30/src/c/logger.c:1502:24: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. temp = _sntprintf( pos, reqSize - len, TEXT("main ") ); data/service-wrapper-java-3.5.30/src/c/logger.c:1506:24: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. temp = _sntprintf( pos, reqSize - len, TEXT("srvmain") ); data/service-wrapper-java-3.5.30/src/c/logger.c:1510:24: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. temp = _sntprintf( pos, reqSize - len, TEXT("timer ") ); data/service-wrapper-java-3.5.30/src/c/logger.c:1514:24: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. temp = _sntprintf( pos, reqSize - len, TEXT("javaio ") ); data/service-wrapper-java-3.5.30/src/c/logger.c:1518:24: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. temp = _sntprintf( pos, reqSize - len, TEXT("startup") ); data/service-wrapper-java-3.5.30/src/c/logger.c:1522:24: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. temp = _sntprintf( pos, reqSize - len, TEXT("unknown") ); data/service-wrapper-java-3.5.30/src/c/logger.c:1530:20: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. temp = _sntprintf( pos, reqSize - len, TEXT("%c"), ( queued ? TEXT('Q') : TEXT(' '))); data/service-wrapper-java-3.5.30/src/c/logger.c:1536:20: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. temp = _sntprintf( pos, reqSize - len, TEXT("%04d/%02d/%02d %02d:%02d:%02d"), data/service-wrapper-java-3.5.30/src/c/logger.c:1544:20: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. temp = _sntprintf( pos, reqSize - len, TEXT("%04d/%02d/%02d %02d:%02d:%02d.%03d"), data/service-wrapper-java-3.5.30/src/c/logger.c:1553:24: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. temp = _sntprintf( pos, reqSize - len, TEXT("--------") ); data/service-wrapper-java-3.5.30/src/c/logger.c:1555:24: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. temp = _sntprintf( pos, reqSize - len, TEXT("%8d"), uptimeSeconds); data/service-wrapper-java-3.5.30/src/c/logger.c:1563:24: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. temp = _sntprintf( pos, reqSize - len, TEXT(" ") ); data/service-wrapper-java-3.5.30/src/c/logger.c:1565:24: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. temp = _sntprintf( pos, reqSize - len, TEXT("99999999") ); data/service-wrapper-java-3.5.30/src/c/logger.c:1567:24: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. temp = _sntprintf( pos, reqSize - len, TEXT("%8d"), durationMillis); data/service-wrapper-java-3.5.30/src/c/logger.c:1574:20: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. temp = _sntprintf( pos, reqSize - len, TEXT("%8d"), __min(previousLogLag, 99999999)); data/service-wrapper-java-3.5.30/src/c/logger.c:1580:20: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. temp = _sntprintf( pos, reqSize - len, TEXT("%s"), message ); data/service-wrapper-java-3.5.30/src/c/logger.c:1598:24: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. temp = _sntprintf(pos, reqSize - len, TEXT(" | ")); data/service-wrapper-java-3.5.30/src/c/logger.c:1655:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer + bufferLen, bufferSize - bufferLen, TEXT(".%s"), rollNum); data/service-wrapper-java-3.5.30/src/c/logger.c:1729:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(nowDate, 9, TEXT("%04d%02d%02d"), nowTM->tm_year + 1900, nowTM->tm_mon + 1, nowTM->tm_mday ); data/service-wrapper-java-3.5.30/src/c/logger.c:1778:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(tempConfLogFileResumeDateStr, 20, TEXT("%04d/%02d/%02d %02d:%02d:%02d"), data/service-wrapper-java-3.5.30/src/c/logger.c:1787:21: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(tempBuffer, tempBufferLen, tempBufferFormat, confLogFileName, confLogFileStopDateStr, tempConfLogFileResumeDateStr, defaultLogFile, syslogName); data/service-wrapper-java-3.5.30/src/c/logger.c:1801:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(currentLogFileName, currentLogFileNameSize, confLogFileName); data/service-wrapper-java-3.5.30/src/c/logger.c:1849:25: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(confLogFileStopDateStr, 20, TEXT("%04d/%02d/%02d %02d:%02d:%02d"), data/service-wrapper-java-3.5.30/src/c/logger.c:1864:25: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(tempBuffer, tempBufferLen, tempBufferFormat, currentLogFileName, getLastErrorText(), defaultLogFile); data/service-wrapper-java-3.5.30/src/c/logger.c:1878:21: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(currentLogFileName, currentLogFileNameSize, defaultLogFile); data/service-wrapper-java-3.5.30/src/c/logger.c:1895:25: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(tempBuffer, tempBufferLen, tempBufferFormat, currentLogFileName, getLastErrorText()); data/service-wrapper-java-3.5.30/src/c/logger.c:1945:13: [4] (format) _ftprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. _ftprintf(logfileFP, TEXT("%s\n"), printBuffer); data/service-wrapper-java-3.5.30/src/c/logger.c:2056:13: [4] (format) _ftprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. _ftprintf(target, TEXT("%s\n"), printBuffer); data/service-wrapper-java-3.5.30/src/c/logger.c:2217:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(printBuffer, reqSize, TEXT("%s|%02d|%02d|%02d|%s"), LOG_SPECIAL_MARKER, source_id, level, threadId, message + _tcslen(LOG_FORK_MARKER)); data/service-wrapper-java-3.5.30/src/c/logger.c:2250:9: [4] (format) _ftprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. _ftprintf(target, TEXT("%s\n"), printBuffer); data/service-wrapper-java-3.5.30/src/c/logger.c:2408:21: [4] (format) _vsntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. count = _vsntprintf( threadMessageBuffer, threadMessageBufferSize, msg, vargs ); data/service-wrapper-java-3.5.30/src/c/logger.c:2410:21: [4] (format) _vsntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. count = _vsntprintf( threadMessageBuffer, threadMessageBufferSize, lpszFmt, vargs ); data/service-wrapper-java-3.5.30/src/c/logger.c:2563:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(lastErrorTextBufferW, LAST_ERROR_TEXT_BUFFER_SIZE, TEXT("Failed to format system error message (Error: %d) (Original Error: 0x%x)"), GetLastError(), errorNum); data/service-wrapper-java-3.5.30/src/c/logger.c:2566:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(lastErrorTextBufferW, LAST_ERROR_TEXT_BUFFER_SIZE, TEXT("System error message is too large to convert (Required size: %d) (Original Error: 0x%x)"), dwRet, errorNum); data/service-wrapper-java-3.5.30/src/c/logger.c:2569:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(lastErrorTextBufferW, LAST_ERROR_TEXT_BUFFER_SIZE, TEXT("%s (0x%x)"), lpszTemp, errorNum); data/service-wrapper-java-3.5.30/src/c/logger.c:2582:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(lastErrorTextBufferW, LAST_ERROR_TEXT_BUFFER_SIZE, TEXT("System error message could not be decoded (Error 0x%x)"), errorNum); data/service-wrapper-java-3.5.30/src/c/logger.c:2584:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(lastErrorTextBufferW, LAST_ERROR_TEXT_BUFFER_SIZE, TEXT("System error message too large to convert (Require size: %d) (Original Error: 0x%x)"), req, errorNum); data/service-wrapper-java-3.5.30/src/c/logger.c:2663:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf( regPath, 1024, TEXT("SYSTEM\\CurrentControlSet\\Services\\Eventlog\\Application\\%s"), loginfoSourceName ); data/service-wrapper-java-3.5.30/src/c/logger.c:2716:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf( regPath, 1024, TEXT("SYSTEM\\CurrentControlSet\\Services\\Eventlog\\Application\\%s"), loginfoSourceName ); data/service-wrapper-java-3.5.30/src/c/logger.c:2772:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf( regPath, 1024, TEXT("SYSTEM\\CurrentControlSet\\Services\\Eventlog\\Application\\%s"), loginfoSourceName ); data/service-wrapper-java-3.5.30/src/c/logger.c:2817:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf( header, 16, TEXT("wrapperm") ); data/service-wrapper-java-3.5.30/src/c/logger.c:2819:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf( header, 16, TEXT("wrapper") ); data/service-wrapper-java-3.5.30/src/c/logger.c:2822:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf( header, 16, TEXT("wrapper") ); data/service-wrapper-java-3.5.30/src/c/logger.c:2827:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf( header, 16, TEXT("wrapperp") ); data/service-wrapper-java-3.5.30/src/c/logger.c:2831:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf( header, 16, TEXT("jvm %d"), source_id ); data/service-wrapper-java-3.5.30/src/c/logger.c:3042:19: [4] (format) _vsntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. while ((cnt = _vsntprintf(vWriteToConsoleBuffer, vWriteToConsoleBufferSize - 1, lpszFmt, vargs)) < 0) { data/service-wrapper-java-3.5.30/src/c/logger.c:3275:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(rollNum, 11, TEXT("%d"), i); data/service-wrapper-java-3.5.30/src/c/logger.c:3288:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(rollNum, 11, TEXT("%d"), i - 1); data/service-wrapper-java-3.5.30/src/c/logger.c:3737:13: [4] (format) _vsntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. count = _vsntprintf(buffer, QUEUED_BUFFER_SIZE_USABLE, lpszFmt, vargs); data/service-wrapper-java-3.5.30/src/c/logger.c:3752:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer, QUEUED_BUFFER_SIZE, TEXT("(Message too long to be logged as a queued message. Please report this.)")); data/service-wrapper-java-3.5.30/src/c/logger_file.c:330:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(files[cnt], _tcslen(dirPart) + _tcslen(fblock.name) + 1, TEXT("%s%s"), dirPart, fblock.name); data/service-wrapper-java-3.5.30/src/c/logger_file.c:387:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(files[cnt], _tcslen(dirPart) + _tcslen(fblock.name) + 1, TEXT("%s%s"), dirPart, fblock.name); data/service-wrapper-java-3.5.30/src/c/loggerjni.c:64:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(lastErrorTextBufferW, LAST_ERROR_TEXT_BUFFER_SIZE, TEXT("Failed to format system error message (Error: %d) (Original Error: 0x%x)"), GetLastError(), errorNum); data/service-wrapper-java-3.5.30/src/c/loggerjni.c:66:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(lastErrorTextBufferW, LAST_ERROR_TEXT_BUFFER_SIZE, TEXT("System error message is too large to convert (Required size: %d) (Original Error: 0x%x)"), dwRet, errorNum); data/service-wrapper-java-3.5.30/src/c/loggerjni.c:69:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(lastErrorTextBufferW, LAST_ERROR_TEXT_BUFFER_SIZE, TEXT("%s (0x%x)"), lpszTemp, errorNum); data/service-wrapper-java-3.5.30/src/c/loggerjni.c:82:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(lastErrorTextBufferW, LAST_ERROR_TEXT_BUFFER_SIZE, TEXT("System error message could not be decoded (Error 0x%x)"), errorNum); data/service-wrapper-java-3.5.30/src/c/loggerjni.c:84:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(lastErrorTextBufferW, LAST_ERROR_TEXT_BUFFER_SIZE, TEXT("System error message too large to convert (Require size: %d) (Original Error: 0x%x)"), req, errorNum); data/service-wrapper-java-3.5.30/src/c/property.c:209:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(generateValueBuffer, 256, TEXT("%04d%02d%02d%02d%02d%02d"), data/service-wrapper-java-3.5.30/src/c/property.c:213:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(generateValueBuffer, 256, TEXT("%04d%02d%02d_%02d%02d%02d"), data/service-wrapper-java-3.5.30/src/c/property.c:217:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(generateValueBuffer, 256, TEXT("%04d%02d%02d%02d%02d"), data/service-wrapper-java-3.5.30/src/c/property.c:221:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(generateValueBuffer, 256, TEXT("%04d%02d%02d%02d"), data/service-wrapper-java-3.5.30/src/c/property.c:225:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(generateValueBuffer, 256, TEXT("%04d%02d%02d"), data/service-wrapper-java-3.5.30/src/c/property.c:228:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(generateValueBuffer, 256, TEXT("{INVALID}")); data/service-wrapper-java-3.5.30/src/c/property.c:241:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(generateValueBuffer, 256, TEXT("%01d"), rand() % 10); data/service-wrapper-java-3.5.30/src/c/property.c:243:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(generateValueBuffer, 256, TEXT("%02d"), rand() % 100); data/service-wrapper-java-3.5.30/src/c/property.c:245:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(generateValueBuffer, 256, TEXT("%03d"), rand() % 1000); data/service-wrapper-java-3.5.30/src/c/property.c:247:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(generateValueBuffer, 256, TEXT("%04d"), rand() % 10000); data/service-wrapper-java-3.5.30/src/c/property.c:249:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(generateValueBuffer, 256, TEXT("%04d%01d"), rand() % 10000, rand() % 10); data/service-wrapper-java-3.5.30/src/c/property.c:251:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(generateValueBuffer, 256, TEXT("%04d%02d"), rand() % 10000, rand() % 100); data/service-wrapper-java-3.5.30/src/c/property.c:253:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(generateValueBuffer, 256, TEXT("{INVALID}")); data/service-wrapper-java-3.5.30/src/c/property.c:727:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(envBuf, len, TEXT("%s="), name); data/service-wrapper-java-3.5.30/src/c/property.c:743:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(envBuf, len, TEXT("%s="), name); data/service-wrapper-java-3.5.30/src/c/property.c:778:21: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(envBuf, len, TEXT("%s=%s"), name, value); data/service-wrapper-java-3.5.30/src/c/property.c:795:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(envBuf, len, TEXT("%s=%s"), name, value); data/service-wrapper-java-3.5.30/src/c/property.c:861:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(nameCopy, len, TEXT("%s"), name); data/service-wrapper-java-3.5.30/src/c/property.c:1655:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer, 16, TEXT("%d"), defaultValue); data/service-wrapper-java-3.5.30/src/c/test_filter.c:51:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(tsFLTR_workBuffer, TSFLTR_WORK_BUFFER_LEN, TEXT("wrapperGetMinimumTextLengthForPattern(\"%s\") returned %d rather than expected %d."), pattern, minLen, expectedMinLen); data/service-wrapper-java-3.5.30/src/c/test_filter.c:55:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(tsFLTR_workBuffer, TSFLTR_WORK_BUFFER_LEN, TEXT("wrapperGetMinimumTextLengthForPattern(\"%s\") returned %d."), pattern, minLen); data/service-wrapper-java-3.5.30/src/c/test_filter.c:61:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(tsFLTR_workBuffer, TSFLTR_WORK_BUFFER_LEN, TEXT("wrapperWildcardMatch(\"%s\", \"%s\", %d) returned %s rather than expected %s."), data/service-wrapper-java-3.5.30/src/c/test_filter.c:66:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(tsFLTR_workBuffer, TSFLTR_WORK_BUFFER_LEN, TEXT("wrapperWildcardMatch(\"%s\", \"%s\", %d) returned %s."), data/service-wrapper-java-3.5.30/src/c/test_hashmap.c:95:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(tailStr, 32, TEXT("-%d"), tail); data/service-wrapper-java-3.5.30/src/c/test_hashmap.c:194:21: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(tsHASH_workBuffer, TSHASH_WORK_BUFFER_LEN, TEXT("hashMapGetKWVW(map, \"%s\") returned \"%s\" rather than expected \"%s\"."), keys[i], value, values[i]); data/service-wrapper-java-3.5.30/src/c/test_hashmap.c:198:21: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(tsHASH_workBuffer, TSHASH_WORK_BUFFER_LEN, TEXT("hashMapGetKWVW(map, \"%s\") returned \"%s\" as expected."), keys[i], value); data/service-wrapper-java-3.5.30/src/c/test_hashmap.c:202:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(tsHASH_workBuffer, TSHASH_WORK_BUFFER_LEN, TEXT("hashMapGetKWVW(map, \"%s\") returned NULL rather than expected \"%s\"."), keys[i], values[i]); data/service-wrapper-java-3.5.30/src/c/test_hashmap.c:211:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(tsHASH_workBuffer, TSHASH_WORK_BUFFER_LEN, TEXT("hashMapGetKWVW(map, \"$\") returned \"%s\" rather than expected NULL."), value); data/service-wrapper-java-3.5.30/src/c/test_hashmap.c:215:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(tsHASH_workBuffer, TSHASH_WORK_BUFFER_LEN, TEXT("hashMapGetKWVW(map, \"$\") returned NULL as expected.")); data/service-wrapper-java-3.5.30/src/c/wrapper.c:277:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(confDirTemp, 2, TEXT("%c"), pathSep); data/service-wrapper-java-3.5.30/src/c/wrapper.c:336:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer, bufferLen, TEXT("set.WRAPPER_LANG=en")); data/service-wrapper-java-3.5.30/src/c/wrapper.c:339:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer, bufferLen, TEXT("set.WRAPPER_LANG=%.2s"), langTemp); data/service-wrapper-java-3.5.30/src/c/wrapper.c:341:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer, bufferLen, TEXT("set.WRAPPER_LANG=%.2S"), langTemp); data/service-wrapper-java-3.5.30/src/c/wrapper.c:351:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer, bufferLen, TEXT("set.WRAPPER_PID=%d"), wrapperData->wrapperPID); data/service-wrapper-java-3.5.30/src/c/wrapper.c:354:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer, bufferLen, TEXT("set.WRAPPER_BITS=%s"), wrapperBits); data/service-wrapper-java-3.5.30/src/c/wrapper.c:357:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer, bufferLen, TEXT("set.WRAPPER_ARCH=%s"), wrapperArch); data/service-wrapper-java-3.5.30/src/c/wrapper.c:360:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer, bufferLen, TEXT("set.WRAPPER_OS=%s"), wrapperOS); data/service-wrapper-java-3.5.30/src/c/wrapper.c:363:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer, bufferLen, TEXT("set.WRAPPER_HOSTNAME=%s"), wrapperData->hostName); data/service-wrapper-java-3.5.30/src/c/wrapper.c:366:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer, bufferLen, TEXT("set.WRAPPER_HOST_NAME=%s"), wrapperData->hostName); data/service-wrapper-java-3.5.30/src/c/wrapper.c:458:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(pair, len + 1, TEXT("%s"), sourcePair); data/service-wrapper-java-3.5.30/src/c/wrapper.c:905:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(wrapperData->configFile, PATH_MAX + 1, TEXT("%s"), wrapperData->argConfFile); data/service-wrapper-java-3.5.30/src/c/wrapper.c:1162:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(pipeName, pipeNameLen, TEXT("\\\\.\\pipe\\wrapper-%d-%d-out"), wrapperData->wrapperPID, wrapperData->jvmRestarts + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:1174:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(pipeName, pipeNameLen, TEXT("/tmp/wrapper-%d-%d-out"), wrapperData->wrapperPID, wrapperData->jvmRestarts + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:1187:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(pipeName, pipeNameLen, TEXT("\\\\.\\pipe\\wrapper-%d-%d-in"), wrapperData->wrapperPID, wrapperData->jvmRestarts + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:1199:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(pipeName, pipeNameLen, TEXT("/tmp/wrapper-%d-%d-in"), wrapperData->wrapperPID, wrapperData->jvmRestarts + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:1640:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(pipeName, pipeNameLen, TEXT("/tmp/wrapper-%d-%d-out"), wrapperData->wrapperPID, wrapperData->jvmRestarts); data/service-wrapper-java-3.5.30/src/c/wrapper.c:1648:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(pipeName, pipeNameLen, TEXT("/tmp/wrapper-%d-%d-in"), wrapperData->wrapperPID, wrapperData->jvmRestarts); data/service-wrapper-java-3.5.30/src/c/wrapper.c:1867:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(pipeName, pipeNameLen, TEXT("/tmp/wrapper-%d-%d-in"), wrapperData->wrapperPID, wrapperData->jvmRestarts); data/service-wrapper-java-3.5.30/src/c/wrapper.c:1869:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(pipeName, pipeNameLen, TEXT("/tmp/wrapper-%d-%d-out"), wrapperData->wrapperPID, wrapperData->jvmRestarts); data/service-wrapper-java-3.5.30/src/c/wrapper.c:2030:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(unknownBuffer, 14, TEXT("UNKNOWN(%d)"), code); data/service-wrapper-java-3.5.30/src/c/wrapper.c:2197:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(logMsgW, len, messageTemplate, (messageMB ? strlen(messageMB) : 0)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:2808:20: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. return _sntprintf( *pBuffer, printSize, TEXT("%*d"), jPidSize, wrapperData->javaPID); data/service-wrapper-java-3.5.30/src/c/wrapper.c:2810:20: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. return _sntprintf( *pBuffer, printSize, TEXT("-----")); data/service-wrapper-java-3.5.30/src/c/wrapper.c:2815:16: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. return _sntprintf( *pBuffer, printSize, TEXT("%*d"), wPidSize, wrapperData->wrapperPID); data/service-wrapper-java-3.5.30/src/c/wrapper.c:3263:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer, len, banner, product, wrapperBits, wrapperVersionRoot, copyright); data/service-wrapper-java-3.5.30/src/c/wrapper.c:3430:21: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(wrapperData->argConfFile, _tcslen(argConfFileBase) + 5 + 1, TEXT("%s.conf"), argConfFileBase); data/service-wrapper-java-3.5.30/src/c/wrapper.c:3466:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(wrapperData->argConfFile, _tcslen(argConfFileBase) + 5 + 1, TEXT("%s.conf"), argConfFileBase); data/service-wrapper-java-3.5.30/src/c/wrapper.c:3509:25: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(propertyName, 32, TEXT("wrapper.filter.action.%d"), actionPropertyIndex); data/service-wrapper-java-3.5.30/src/c/wrapper.c:3512:25: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(propertyName, 32, TEXT("wrapper.ping.timeout.action")); data/service-wrapper-java-3.5.30/src/c/wrapper.c:3515:25: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(propertyName, 32, TEXT("")); data/service-wrapper-java-3.5.30/src/c/wrapper.c:3728:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(&(tempCommand[index]), commandLen2 + 1 - index, TEXT("FILL-%d-"), fillerLen); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4149:17: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(TEXT("Log: [%S]\n"), wrapperChildWorkBuffer + loggedOffset); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4151:17: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(TEXT("Log: [%s]\n"), wrapperChildWorkBuffer + loggedOffset); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4183:21: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(TEXT("Defer Log: [%S]\n"), wrapperChildWorkBuffer + loggedOffset); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4185:21: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(TEXT("Defer Log: [%s]\n"), wrapperChildWorkBuffer + loggedOffset); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4202:21: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(TEXT("Log: [%S]\n"), wrapperChildWorkBuffer + loggedOffset); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4204:21: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(TEXT("Log: [%s]\n"), wrapperChildWorkBuffer + loggedOffset); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4733:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buf, 80, TEXT(" (build %d)"), osvi.dwBuildNumber); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5173:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(msgBuffer, 10, TEXT("%d"), actionSourceCode); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5232:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(msgBuffer, 10, TEXT("%d"), actionSourceCode); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5247:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(msgBuffer, 10, TEXT("%d"), actionSourceCode); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5751:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(cpPath, 512, TEXT("%s"), prop); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5759:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(cpPath, 512, TEXT("%s.exe"), prop); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5776:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], _tcslen(cpPath) + 2 + 1, TEXT("\"%s\""), cpPath); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5778:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], _tcslen(cpPath) + 2 + 1, TEXT("%s"), cpPath); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5787:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], _tcslen(prop) + 2 + 1, TEXT("\"%s\""), prop); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5789:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], _tcslen(prop) + 2 + 1, TEXT("%s"), prop); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5805:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], _tcslen(prop) + 2 + 1, TEXT("\"%s\""), prop); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5807:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], _tcslen(prop) + 2 + 1, TEXT("%s"), prop); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5880:25: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(paramBuffer2, 128, TEXT("wrapper.java.additional.%lu.stripquotes"), propertyIndices[i]); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5920:29: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], _tcslen(propStripped) + 1, TEXT("%s"), propStripped); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6123:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(prop, 256, TEXT("%s.stripquotes"), parameterName); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6206:25: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 22 + _tcslen(prop) + 1 + _tcslen(systemPath) + 1 + 1, TEXT("-Djava.library.path=\"%s%c%s\\\""), prop, wrapperClasspathSeparator, systemPath); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6208:25: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 22 + _tcslen(prop) + 1 + _tcslen(systemPath) + 1 + 1, TEXT("-Djava.library.path=\"%s%c%s\""), prop, wrapperClasspathSeparator, systemPath); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6211:21: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 22 + _tcslen(prop) + 1 + _tcslen(systemPath) + 1 + 1, TEXT("-Djava.library.path=%s%c%s"), prop, wrapperClasspathSeparator, systemPath); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6221:25: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 22 + _tcslen(prop) + 1 + 1, TEXT("-Djava.library.path=\"%s\\\""), prop); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6223:25: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 22 + _tcslen(prop) + 1 + 1, TEXT("-Djava.library.path=\"%s\""), prop); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6226:21: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 22 + _tcslen(prop) + 1 + 1, TEXT("-Djava.library.path=%s"), prop); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6249:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(&(strings[index][cpLen]), cpLenAlloc - cpLen, TEXT("-Djava.library.path=")); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6254:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(&(strings[index][cpLen]), cpLenAlloc - cpLen, TEXT("\"")); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6291:29: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], cpLenAlloc, TEXT("%s"), tmpString); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6299:25: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(&(strings[index][cpLen]), cpLenAlloc - cpLen, TEXT("%s"), prop); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6325:25: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], cpLenAlloc, TEXT("%s"), tmpString); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6333:21: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(&(strings[index][cpLen]), cpLenAlloc - cpLen, TEXT("%s"), systemPath); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6341:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(&(strings[index][cpLen]), cpLenAlloc - cpLen, TEXT("./")); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6350:21: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(&(strings[index][cpLen]), cpLenAlloc - cpLen, TEXT("\\")); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6353:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(&(strings[index][cpLen]), cpLenAlloc - cpLen, TEXT("\"")); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6472:29: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(*classpath, cpLenAlloc, TEXT("%s"), tmpString); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6481:21: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(&((*classpath)[cpLen]), cpLenAlloc - cpLen, TEXT("%s"), files[cnt]); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6542:25: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(*classpath, cpLenAlloc, TEXT("%s"), tmpString); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6551:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(&((*classpath)[cpLen]), cpLenAlloc - cpLen, TEXT("%s"), propStripped); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6568:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(&(*classpath[cpLen]), cpLenAlloc - cpLen, TEXT("./")); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6592:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 10 + 1, TEXT("-classpath")); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6607:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(&(strings[index][cpLen]), len + 4 - cpLen, TEXT("\"")); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6611:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(&(strings[index][cpLen]), len + 4 - cpLen, TEXT("%s"), classpath); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6620:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(&(strings[index][cpLen]), len + 4 - cpLen, TEXT("\\")); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6623:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(&(strings[index][cpLen]), len + 4 - cpLen, TEXT("\"")); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6670:21: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(paramBuffer2, 128, TEXT("wrapper.app.parameter.%lu.stripquotes"), propertyIndices[i]); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6710:25: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], _tcslen(propStripped) + 1, TEXT("%s"), propStripped); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6747:21: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], _tcslen(wrapperData->javaArgValues[i]) + 1, TEXT("%s"), wrapperData->javaArgValues[i]); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6812:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 5, TEXT("-d%s"), wrapperBits); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6838:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 5 + 10 + 1, TEXT("-Xms%dm"), initMemory); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6856:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 5 + 10 + 1, TEXT("-Xmx%dm"), maxMemory); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6881:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 16 + _tcslen(wrapperData->key) + 1, TEXT("-Dwrapper.key=\"%s\""), wrapperData->key); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6883:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 16 + _tcslen(wrapperData->key) + 1, TEXT("-Dwrapper.key=%s"), wrapperData->key); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6896:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 22 + 1, TEXT("-Dwrapper.backend=pipe")); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6909:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 29 + 1, TEXT("-Dwrapper.backend=socket_ipv6")); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6920:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 35 + 1, TEXT("-Djava.net.preferIPv6Addresses=TRUE")); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6932:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 15 + 5 + 1, TEXT("-Dwrapper.port=%d"), (int)wrapperData->actualPort); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6946:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], _tcslen(TEXT("-Dwrapper.port.address=")) + _tcslen(wrapperData->portAddress) + 1, TEXT("-Dwrapper.port.address=%s"), wrapperData->portAddress); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6958:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 19 + 5 + 1, TEXT("-Dwrapper.jvm.port=%d"), wrapperData->jvmPort); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6969:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 23 + 5 + 1, TEXT("-Dwrapper.jvm.port.min=%d"), wrapperData->jvmPortMin); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6979:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 23 + 5 + 1, TEXT("-Dwrapper.jvm.port.max=%d"), wrapperData->jvmPortMax); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6992:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 22 + 1, TEXT("-Dwrapper.debug=\"TRUE\"")); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6994:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 22 + 1, TEXT("-Dwrapper.debug=TRUE")); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7015:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 38 + 1, TEXT("-Dwrapper.disable_console_input=\"TRUE\"")); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7017:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 38 + 1, TEXT("-Dwrapper.disable_console_input=TRUE")); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7032:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 38 + 1, TEXT("-Dwrapper.listener.force_stop=\"TRUE\"")); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7034:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 38 + 1, TEXT("-Dwrapper.listener.force_stop=TRUE")); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7048:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 24 + 1, TEXT("-Dwrapper.pid=%ld"), wrapperData->wrapperPID); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7050:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 24 + 1, TEXT("-Dwrapper.pid=%d"), wrapperData->wrapperPID); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7064:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 32 + 1, TEXT("-Dwrapper.use_system_time=\"TRUE\"")); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7066:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 32 + 1, TEXT("-Dwrapper.use_system_time=TRUE")); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7081:21: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 43 + 1, TEXT("-Dwrapper.timer_fast_threshold=\"%d\""), wrapperData->timerFastThreshold * WRAPPER_TICK_MS / 1000); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7083:21: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 43 + 1, TEXT("-Dwrapper.timer_fast_threshold=%d"), wrapperData->timerFastThreshold * WRAPPER_TICK_MS / 1000); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7096:21: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 43 + 1, TEXT("-Dwrapper.timer_slow_threshold=\"%d\""), wrapperData->timerSlowThreshold * WRAPPER_TICK_MS / 1000); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7098:21: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 43 + 1, TEXT("-Dwrapper.timer_slow_threshold=%d"), wrapperData->timerSlowThreshold * WRAPPER_TICK_MS / 1000); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7114:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 20 + _tcslen(wrapperVersion) + 1, TEXT("-Dwrapper.version=\"%s\""), wrapperVersion); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7116:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 20 + _tcslen(wrapperVersion) + 1, TEXT("-Dwrapper.version=%s"), wrapperVersion); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7129:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 27 + _tcslen(wrapperData->nativeLibrary) + 1, TEXT("-Dwrapper.native_library=\"%s\""), wrapperData->nativeLibrary); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7131:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 27 + _tcslen(wrapperData->nativeLibrary) + 1, TEXT("-Dwrapper.native_library=%s"), wrapperData->nativeLibrary); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7144:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 17 + _tcslen(wrapperArch) + 1, TEXT("-Dwrapper.arch=\"%s\""), wrapperArch); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7146:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 17 + _tcslen(wrapperArch) + 1, TEXT("-Dwrapper.arch=%s"), wrapperArch); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7160:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 31 + 1, TEXT("-Dwrapper.ignore_signals=\"TRUE\"")); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7162:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 31 + 1, TEXT("-Dwrapper.ignore_signals=TRUE")); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7177:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 24 + 1, TEXT("-Dwrapper.service=\"TRUE\"")); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7179:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 24 + 1, TEXT("-Dwrapper.service=TRUE")); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7194:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 30 + 1, TEXT("-Dwrapper.disable_tests=\"TRUE\"")); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7196:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 30 + 1, TEXT("-Dwrapper.disable_tests=TRUE")); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7211:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 38 + 1, TEXT("-Dwrapper.disable_shutdown_hook=\"TRUE\"")); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7213:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 38 + 1, TEXT("-Dwrapper.disable_shutdown_hook=TRUE")); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7228:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 24 + 20 + 1, TEXT("-Dwrapper.cpu.timeout=\"%d\""), wrapperData->cpuTimeout); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7230:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 24 + 20 + 1, TEXT("-Dwrapper.cpu.timeout=%d"), wrapperData->cpuTimeout); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7243:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 25 + _tcslen(prop) + 1, TEXT("-Dwrapper.java.outfile=\"%s\""), prop); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7245:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 25 + _tcslen(prop) + 1, TEXT("-Dwrapper.java.outfile=%s"), prop); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7259:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 25 + _tcslen(prop) + 1, TEXT("-Dwrapper.java.errfile=\"%s\""), prop); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7261:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 25 + _tcslen(prop) + 1, TEXT("-Dwrapper.java.errfile=%s"), prop); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7274:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 16 + 5 + 1, TEXT("-Dwrapper.jvmid=%d"), (wrapperData->jvmRestarts + 1)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7288:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 30 + 1, TEXT("-Dwrapper.detachStarted=\"TRUE\"")); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7290:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], 30 + 1, TEXT("-Dwrapper.detachStarted=TRUE")); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7309:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strings[index], _tcslen(prop) + 1, TEXT("%s"), prop); data/service-wrapper-java-3.5.30/src/c/wrapper.c:8162:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(propName, 256, TEXT("wrapper.filter.action.%lu"), propertyIndices[i]); data/service-wrapper-java-3.5.30/src/c/wrapper.c:8167:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(propName, 256, TEXT("wrapper.filter.message.%lu"), propertyIndices[i]); data/service-wrapper-java-3.5.30/src/c/wrapper.c:8172:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(propName, 256, TEXT("wrapper.filter.allow_wildcards.%lu"), propertyIndices[i]); data/service-wrapper-java-3.5.30/src/c/wrapper.c:8606:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(propName, 256, TEXT("wrapper.console.title.%s"), wrapperOS); data/service-wrapper-java-3.5.30/src/c/wrapper.c:9034:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer, 11, TEXT("%d"), getLowLogLevel()); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:89:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(*outputBufferW, errorTemplateLen, TEXT("%s"), errorTemplate); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:99:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(*outputBufferW, errorTemplateLen, errorTemplate, GetLastError()); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:175:21: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(*outputBufferW, errorTemplateLen, errorTemplate, multiByteEncoding, interumEncoding); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:185:21: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(*outputBufferW, errorTemplateLen, errorTemplate, errno); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:243:25: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(*outputBufferW, errorTemplateLen, errorTemplate); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:255:25: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(*outputBufferW, errorTemplateLen, errorTemplate); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:273:25: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(*outputBufferW, errorTemplateLen, errorTemplate, errno); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:289:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(*outputBufferW, errorTemplateLen, errorTemplate, errno); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:316:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(*outputBufferW, errorTemplateLen, errorTemplate, errno); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:492:13: [4] (format) vwprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. i = vwprintf(msg, args); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:502:5: [4] (format) _ftprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. int _ftprintf(FILE *stream, const wchar_t *fmt, ...) { data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:525:13: [4] (format) vfwprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. i = vfwprintf(stream, msg, args); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:535:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int _sntprintf(TCHAR *str, size_t size, const TCHAR *fmt, ...) { data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:558:13: [4] (format) vswprintf: Potential format string problem (CWE-134). Make format string constant. i = vswprintf(str, size, msg, args); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:820:17: [4] (shell) execvp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. i = execvp(cArg, cCmd); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:856:5: [4] (format) _vsntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int _vsntprintf(wchar_t *ws, size_t n, const wchar_t *format, va_list arg) { data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:861:12: [4] (format) vswprintf: Potential format string problem (CWE-134). Make format string constant. return vswprintf(ws, n, format, arg); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:22:11: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #ifdef _sntprintf data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:23:12: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #undef _sntprintf data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:167:12: [4] (format) _vsntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. extern int _vsntprintf(wchar_t *ws, size_t n, const wchar_t *format, va_list arg); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:169:9: [4] (format) _vsntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define _vsntprintf vswprintf data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:169:23: [4] (buffer) vswprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define _vsntprintf vswprintf data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:184:9: [4] (buffer) _ftscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. #define _ftscanf fwscanf data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:184:23: [4] (buffer) fwscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. #define _ftscanf fwscanf data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:219:9: [4] (buffer) _tscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. #define _tscanf wscanf data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:219:23: [4] (buffer) wscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. #define _tscanf wscanf data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:221:12: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. extern int _sntprintf(TCHAR *str, size_t size, const TCHAR *format, ...); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:222:9: [4] (buffer) _stprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define _stprintf _sntprintf data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:222:23: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define _stprintf _sntprintf data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:223:12: [4] (format) _ftprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. extern int _ftprintf(FILE *stream, const wchar_t *format, ...); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:225:9: [4] (buffer) _tcscat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). #define _tcscat wcscat data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:225:23: [4] (buffer) wcscat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). #define _tcscat wcscat data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:229:9: [4] (buffer) _tcscpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. #define _tcscpy wcscpy data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:229:23: [4] (buffer) wcscpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. #define _tcscpy wcscpy data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:255:9: [4] (format) _vftprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define _vftprintf vfwprintf data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:255:23: [4] (format) vfwprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define _vftprintf vfwprintf data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:256:9: [4] (format) _vtprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define _vtprintf vwprintf data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:256:23: [4] (format) vwprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define _vtprintf vwprintf data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:257:9: [4] (buffer) _vstprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define _vstprintf vswprintf data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:257:23: [4] (buffer) vswprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define _vstprintf vswprintf data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:281:23: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. #define _texecl execl data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:282:23: [4] (shell) execle: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. #define _texecle execle data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:283:23: [4] (shell) execlp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. #define _texeclp execlp data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:285:23: [4] (shell) execv: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. #define _texecv execv data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:287:23: [4] (shell) execvp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. #define _texecvp execvp data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:315:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define _sntprintf _snprintf data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:315:23: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define _sntprintf _snprintf data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:368:9: [4] (format) _vsntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define _vsntprintf vsnprintf data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:368:23: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define _vsntprintf vsnprintf data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:379:9: [4] (format) _ftprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define _ftprintf fprintf data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:379:23: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define _ftprintf fprintf data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:383:9: [4] (buffer) _ftscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. #define _ftscanf fscanf data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:383:23: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. #define _ftscanf fscanf data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:405:23: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define _tprintf printf data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:411:9: [4] (buffer) _tscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. #define _tscanf scanf data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:411:23: [4] (buffer) scanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. #define _tscanf scanf data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:413:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define _sntprintf snprintf data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:413:23: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define _sntprintf snprintf data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:414:23: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. #define _stscanf sscanf data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:415:9: [4] (buffer) _tcscat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). #define _tcscat strcat data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:415:23: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). #define _tcscat strcat data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:419:9: [4] (buffer) _tcscpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. #define _tcscpy strcpy data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:419:23: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). #define _tcscpy strcpy data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:440:23: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. #define _tsystem system data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:445:9: [4] (format) _vftprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define _vftprintf vfprintf data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:445:23: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define _vftprintf vfprintf data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:446:9: [4] (format) _vtprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define _vtprintf vprintf data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:446:23: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define _vtprintf vprintf data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:447:9: [4] (buffer) _vstprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define _vstprintf vsprintf data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:447:23: [4] (buffer) vsprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define _vstprintf vsprintf data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:449:23: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. #define _tsyslog syslog data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:192:9: [4] (format) _ftprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. _ftprintf(pid_fp, TEXT("%d\n"), (int)pid); data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:477:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(uName, MAX_USER_NAME_LENGTH + 1, TEXT("<unknown>")); data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:480:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(uName, MAX_USER_NAME_LENGTH + 1, TEXT("%s"), pw->pw_name); data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:770:13: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(TEXT("Waiting for javaIO thread to stop.\n")); data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:922:13: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(TEXT("Waiting for timer thread to stop.\n")); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:325:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(mutexName, 30 + _tcslen(wrapperData->serviceName) + 1, TEXT("Global\\Java Service Wrapper - %s"), wrapperData->serviceName); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:445:9: [4] (format) _ftprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. _ftprintf(pid_fp, TEXT("%d\n"), pid); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:640:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(wrapperData->jvmVersionCommand, commandLen, TEXT("%s -version"), strings[0]); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:664:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(wrapperData->jvmCommand + commandLen, commandLen2 - commandLen, TEXT("%s"), strings[i]); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:758:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(hexPosi, 9, TEXT("%04x%04x"), workarea.bottom, workarea.right); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:1035:13: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(TEXT("Waiting for %s thread to stop.\n"), TEXT("Startup")); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:1133:13: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(TEXT("Waiting for %s thread to stop.\n"), TEXT("JavaIO")); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:1269:13: [4] (format) wprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. wprintf(TEXT("Waiting for timer thread to stop.\n")); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:1481:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(titleBuffer, 80, TEXT("Wrapper Console Id %d-%d (Do not close)"), wrapperData->wrapperPID, rand()); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:1996:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(titleBuffer, 80, TEXT("Wrapper Controlled JVM Console Id %d-%d (Do not close)"), wrapperData->wrapperPID, rand()); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:2717:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer, 11, TEXT("%d"), ctrlCodeLast); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4067:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(domain, dsize, TEXT("%s"), wrapperData->domainName); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4079:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(account, dsize, TEXT("%s"), wrapperData->userName); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4090:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(tempAccount, _tcslen(domain) + _tcslen(account) + 2, TEXT("%s\\%s"), domain, account); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4160:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(regPath, 1024, TEXT("SYSTEM\\CurrentControlSet\\Services\\%s"), wrapperData->serviceName); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4312:29: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(newVal, _tcslen(oldVal) + 1 + _tcslen(value) + 1, TEXT("%s;%s"), oldVal, value); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:5820:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(exName, 64, TEXT("Unknown Exception (%ld)"), exCode); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:5856:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(curDir, MAX_PATH, TEXT(".")); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:5861:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(dumpFile, MAX_PATH, TEXT("wrapper-%s-%s-%s-%s-%04d%02d%02d%02d%02d%02d-%ld-%ld.dmp"), data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:5904:9: [4] (buffer) lstrcpyW: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). lstrcpyW(outputString, inputString); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6120:21: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(serialNr + (n * 3) , serialNrLength - (n * 3), TEXT("%02x "), pCertContext->pCertInfo->SerialNumber.pbData[dwData - (n + 1)]); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6187:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Serial Number: ")); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6188:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT("\n %s\n"), serialNr); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6189:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Issuer Name: %s"), szName1); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6191:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Subject Name: %s"), szName2); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6367:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Program Name : %s"), data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6372:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Publisher Link : %s"), data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6378:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" MoreInfo Link : %s"), data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6383:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Signer Certificate:")); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6384:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT("\n%s\n"), string1); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6386:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" TimeStamp Certificate:")); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6387:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT("\n%s\n"), string2); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6390:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Date of TimeStamp : %04d/%02d/%02d %02d:%02d"), data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7257:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strNamedPipeNameIn, len, TEXT("\\\\.\\pipe\\%sINN"), pipeBaseName); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7265:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strNamedPipeNameOut, len, TEXT("\\\\.\\pipe\\%sOUT"), pipeBaseName); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7274:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strNamedPipeNameErr, len, TEXT("\\\\.\\pipe\\%sERR"), pipeBaseName); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7300:25: [4] (format) _ftprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. _ftprintf(stderr, TEXT("12345\n"));fflush(NULL); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7301:25: [4] (format) _ftprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. _ftprintf(stderr, TEXT("1234567890\n"));fflush(NULL); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7302:25: [4] (format) _ftprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. _ftprintf(stdout, TEXT("12345\n"));fflush(NULL); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7303:25: [4] (format) _ftprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. _ftprintf(stdout, TEXT("1234567890\n"));fflush(NULL); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7350:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strNamedPipeNameIn, len, TEXT("\\\\.\\pipe\\%sINN"), namedPipeName); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7358:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strNamedPipeNameOut, len, TEXT("\\\\.\\pipe\\%sOUT"), namedPipeName); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7367:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strNamedPipeNameErr, len, TEXT("\\\\.\\pipe\\%sERR"), namedPipeName); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7502:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(strNamedPipeName, 11, TEXT("%05d%05d"), rand() % 100000, rand() % 100000); data/service-wrapper-java-3.5.30/src/c/wrappereventloop.c:186:13: [4] (format) _ftprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. _ftprintf(fp, TEXT("%s\n"), state); data/service-wrapper-java-3.5.30/src/c/wrappereventloop.c:615:45: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer, MAX_COMMAND_LENGTH, TEXT("%d"), getLowLogLevel()); data/service-wrapper-java-3.5.30/src/c/wrappereventloop.c:1066:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(onExitParamBuffer, 16 + 10 + 1, TEXT("wrapper.on_exit.%d"), wrapperData->exitCode); data/service-wrapper-java-3.5.30/src/c/wrappereventloop.c:1127:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(onExitParamBuffer, 16 + 10 + 1, TEXT("wrapper.on_exit.%d"), wrapperData->exitCode); data/service-wrapper-java-3.5.30/src/c/wrappereventloop.c:1556:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(protocolMessage, JSTATESTARTED_MESSAGE_MAXLEN, TEXT("ping %08x"), nowTicks); data/service-wrapper-java-3.5.30/src/c/wrappereventloop.c:1563:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(protocolMessage, JSTATESTARTED_MESSAGE_MAXLEN, TEXT("silent %08x"), nowTicks); data/service-wrapper-java-3.5.30/src/c/wrapperjni.c:540:9: [4] (format) _ftprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. _ftprintf(stderr, TEXT("WrapperJNI: Redirecting %s to file %s...\n"), TEXT("StdErr"), errfile); fflush(NULL); data/service-wrapper-java-3.5.30/src/c/wrapperjni.c:593:17: [4] (format) _vsntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. count = _vsntprintf(messageBuffer, messageBufferSize, lpszFmt, vargs); data/service-wrapper-java-3.5.30/src/c/wrapperjni_unix.c:186:13: [4] (format) _ftprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. _ftprintf(stderr, TEXT("WrapperJNI: Redirecting %s to /dev/null\n"), TEXT("StdErr")); fflush(NULL); data/service-wrapper-java-3.5.30/src/c/wrapperjni_unix.c:188:17: [4] (format) _ftprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. _ftprintf(stderr, TEXT("WrapperJNI: Failed to redirect %s to /dev/null (Err: %s)\n"), TEXT("StdErr"), getLastErrorText()); fflush(NULL); data/service-wrapper-java-3.5.30/src/c/wrapperjni_unix.c:203:9: [4] (format) _ftprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. _ftprintf(stderr, TEXT("WrapperJNI: Failed to open /dev/null (Err: %s)\n"), getLastErrorText()); fflush(NULL); data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:172:5: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(explorerExe, 1024, TEXT("Explorer.exe")); data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:938:25: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer, 512, TEXT("Unable to enumerate the system services: %s"), data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:949:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer, 512, TEXT("Unable to enumerate the system services: %s"), data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:996:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer, 512, TEXT("Unable to locate class org.tanukisoftware.wrapper.WrapperWin32Service")); data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:1009:9: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer, 512, TEXT("Unable to open the Windows service control manager database: %s"), data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:1066:17: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer, 512, TEXT("Illegal Control code specified: %d"), controlCode); data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:1080:29: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer, bufferSize, TEXT("Unable to start service \"%s\": %s"), serviceName, getLastErrorText()); data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:1097:37: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer, bufferSize, TEXT("Unable to query status of service \"%s\": %s"), serviceName, getLastErrorText()); data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:1103:33: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer, bufferSize, TEXT("Unable to query status of service \"%s\": %s"), serviceName, getLastErrorText()); data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:1118:41: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer, bufferSize, TEXT("Unable to obtain the display name of service \"%s\": %s"), serviceName, getLastErrorText()); data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:1130:49: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer, bufferSize, TEXT("Unable to obtain the display name of service \"%s\": %s"), serviceName, getLastErrorText()); data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:1169:21: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer, bufferSize, TEXT("Unable to open the service '%s': %s"), serviceName, getLastErrorText()); data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:1179:13: [4] (format) _sntprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _sntprintf(buffer, bufferSize, TEXT("Unable to open the Windows service control manager database: %s"), getLastErrorText()); data/service-wrapper-java-3.5.30/src/c/testsuite.c:82:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned)time(NULL)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:2836:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned)time(NULL)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7425:18: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. handle = LoadLibrary(TEXT("ntdll.dll")); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7568:9: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned)time(NULL)); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:658:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. cVal = getenv(cName); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:1130:21: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. returnVal = realpath(cFile, resolved); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:339:66: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. #define _trealpathN(fileName, resolvedName, resolvedNameSize) realpath(fileName, resolvedName) data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:386:23: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. #define _tgetenv getenv data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:441:23: [3] (tmpfile) tmpnam: Temporary file race condition (CWE-377). #define _ttmpnam tmpnam data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:210:21: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. if ((psapiMod = LoadLibrary(TEXT("PSAPI.DLL"))) == NULL) { data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:221:24: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. if ((advapi32Mod = LoadLibrary(TEXT("ADVAPI32.DLL"))) == NULL) { data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:1413:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(nowMillis); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:1861:9: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. if (CreateProcess(NULL, data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:1861:9: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. if (CreateProcess(NULL, data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:2111:9: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. ret=CreateProcess(NULL, data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:2111:9: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. ret=CreateProcess(NULL, data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:5802:26: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. HMODULE dbgHelpDll = LoadLibrary(TEXT("Dbghelp.dll")); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7495:9: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned)time(NULL)); data/service-wrapper-java-3.5.30/src/c/wrapperjni_unix.c:404:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("DISPLAY")) { data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:1367:23: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. if ((scalingAPI = LoadLibrary(TEXT("Shcore.dll"))) == NULL) { data/service-wrapper-java-3.5.30/src/c/logger.c:149:1: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR confLogFileStopDateStr[20]; data/service-wrapper-java-3.5.30/src/c/logger.c:174:1: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR logFileLastNowDate[9]; data/service-wrapper-java-3.5.30/src/c/logger.c:176:1: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR consoleFormat[32]; data/service-wrapper-java-3.5.30/src/c/logger.c:177:1: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR logfileFormat[32]; data/service-wrapper-java-3.5.30/src/c/logger.c:225:1: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR formatMessages[WRAPPER_THREAD_COUNT][QUEUED_BUFFER_SIZE]; data/service-wrapper-java-3.5.30/src/c/logger.c:230:1: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR queueMessages[WRAPPER_THREAD_COUNT][QUEUE_SIZE][QUEUED_BUFFER_SIZE]; data/service-wrapper-java-3.5.30/src/c/logger.c:1713:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR nowDate[9]; data/service-wrapper-java-3.5.30/src/c/logger.c:1719:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR tempConfLogFileResumeDateStr[20]; data/service-wrapper-java-3.5.30/src/c/logger.c:2097:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR intBuffer[3]; data/service-wrapper-java-3.5.30/src/c/logger.c:2526:1: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR lastErrorTextBufferW[LAST_ERROR_TEXT_BUFFER_SIZE]; data/service-wrapper-java-3.5.30/src/c/logger.c:2638:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR bufferPath[_MAX_PATH]; data/service-wrapper-java-3.5.30/src/c/logger.c:2639:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR bufferKVal[_MAX_PATH]; data/service-wrapper-java-3.5.30/src/c/logger.c:2642:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR regPath[1024]; data/service-wrapper-java-3.5.30/src/c/logger.c:2695:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR buffer[_MAX_PATH]; data/service-wrapper-java-3.5.30/src/c/logger.c:2697:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR regPath[1024]; data/service-wrapper-java-3.5.30/src/c/logger.c:2769:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR regPath[ 1024 ]; data/service-wrapper-java-3.5.30/src/c/logger.c:2787:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR header[16]; data/service-wrapper-java-3.5.30/src/c/logger.c:3241:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR rollNum[11]; data/service-wrapper-java-3.5.30/src/c/logger.c:3447:8: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static TCHAR distroDescription[100]; data/service-wrapper-java-3.5.30/src/c/logger.c:3523:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR versionW[10]; data/service-wrapper-java-3.5.30/src/c/loggerjni.c:34:1: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR lastErrorTextBufferW[LAST_ERROR_TEXT_BUFFER_SIZE]; data/service-wrapper-java-3.5.30/src/c/property.c:199:1: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR generateValueBuffer[256]; data/service-wrapper-java-3.5.30/src/c/property.c:538:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&loadPropertiesTM, nowTM, sizeof(struct tm)); data/service-wrapper-java-3.5.30/src/c/property.c:1316:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR buffer[MAX_PROPERTY_NAME_VALUE_LENGTH]; data/service-wrapper-java-3.5.30/src/c/property.c:1475:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR indexS[11]; data/service-wrapper-java-3.5.30/src/c/property.c:1647:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR buffer[16]; data/service-wrapper-java-3.5.30/src/c/test_filter.c:24:1: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR tsFLTR_workBuffer[TSFLTR_WORK_BUFFER_LEN]; data/service-wrapper-java-3.5.30/src/c/test_hashmap.c:25:1: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR tsHASH_workBuffer[TSHASH_WORK_BUFFER_LEN]; data/service-wrapper-java-3.5.30/src/c/test_hashmap.c:93:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR tailStr[32]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:123:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char packetBufferMB[MAX_LOG_SIZE + 1]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:124:1: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR packetBufferW[MAX_LOG_SIZE + 1]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:182:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR temp[5]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:1231:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(addr4.sin_addr), src, sizeof(addr4.sin_addr)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:1239:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(addr6.sin6_addr), src, sizeof(addr6.sin6_addr)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:1285:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, &sockaddr_ipv4->sin_addr, sizeof(struct in_addr)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:1290:22: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, &sockaddr_ipv6->sin6_addr, sizeof(struct in6_addr)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:1679:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char straddr[256] = {0}; data/service-wrapper-java-3.5.30/src/c/wrapper.c:1733:11: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). req = MultiByteToWideChar(CP_OEMCP, 0, straddr, -1, NULL, 0); data/service-wrapper-java-3.5.30/src/c/wrapper.c:1744:5: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). MultiByteToWideChar(CP_OEMCP, 0, straddr, -1, socketSource, req + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:1917:12: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static TCHAR unknownBuffer[14]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:2105:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR buffer[16]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:2469:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR cpBuffer[16]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:2631:15: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). req = MultiByteToWideChar(cp, 0, packetBufferMB, -1, packetBufferW, MAX_LOG_SIZE + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:3493:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR propertyName[32]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:3689:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR commandLenBuffer[8]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:3713:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(commandLenBuffer, pos1 + 24, sizeof(TCHAR) * commandLenLen); data/service-wrapper-java-3.5.30/src/c/wrapper.c:3725:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tempCommand, command, (pos1 - command) * sizeof(TCHAR)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:3742:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(tempCommand[index]), pos2 + 1, sizeof(TCHAR) * _tcslen(pos2 + 1)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:3926:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR buffer[16]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:3935:12: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). size = MultiByteToWideChar(cp, 0, log, -1 , NULL, 0); data/service-wrapper-java-3.5.30/src/c/wrapper.c:3947:5: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). MultiByteToWideChar(cp, 0, log, -1, tlog, size + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4067:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tempBuffer, wrapperChildWorkBuffer, wrapperChildWorkBufferLen); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4503:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR buf[80]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:4838:15: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). req = MultiByteToWideChar(CP_OEMCP, 0, tzname[0], -1, NULL, 0); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4849:13: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). MultiByteToWideChar(CP_OEMCP,0, tzname[0], -1, tz1, (int)req + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4850:19: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). req = MultiByteToWideChar(CP_OEMCP, 0, tzname[1], -1, NULL, 0); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4862:17: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). MultiByteToWideChar(CP_OEMCP,0, tzname[1], -1, tz2, (int)req + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5131:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR msgBuffer[10]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:5185:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR msgBuffer[10]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:5244:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR msgBuffer[10]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:5451:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char head[5]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:5513:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR pth[PATH_MAX + 1]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:5515:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR resolvedPath[PATH_MAX + 1]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:5706:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR cpPath[512]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:5840:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR paramBuffer2[128]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:5959:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR argExpanded[MAX_PROPERTY_VALUE_LENGTH]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:5967:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(argTerm, arg, sizeof(TCHAR) * argLen); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6109:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR prop[256]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:6649:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR paramBuffer2[128]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:7835:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostName[80]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:7847:15: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). len = MultiByteToWideChar(CP_OEMCP, 0, hostName, -1, NULL, 0); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7859:9: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). MultiByteToWideChar(CP_OEMCP,0, hostName, -1, hostName2, len + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:8059:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR propName[256]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:8241:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR propName[256]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:9018:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR buffer[11]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:9463:13: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR *strings[1]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:9470:13: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR *strings[2]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:9478:13: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR *strings[2]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:9486:13: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR *strings[2]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:9495:17: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR *strings[1]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:9503:13: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR *strings[2]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:9515:13: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR *strings[2]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:9523:13: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR *strings[2]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:9531:13: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR *strings[2]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:9539:13: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR *strings[2]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:9549:13: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR *strings[2]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:9557:13: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR *strings[2]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:9565:13: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR *strings[2]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:9573:13: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR *strings[2]; data/service-wrapper-java-3.5.30/src/c/wrapper.h:277:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR key[17]; /* Key which the JVM uses to authorize connections. (16 digits + \0) */ data/service-wrapper-java-3.5.30/src/c/wrapper_file.c:71:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR drive[4]; data/service-wrapper-java-3.5.30/src/c/wrapper_file.c:113:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufferMB[MAX_PROPERTY_NAME_VALUE_LENGTH]; data/service-wrapper-java-3.5.30/src/c/wrapper_file.c:114:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR expBuffer[MAX_PROPERTY_NAME_VALUE_LENGTH]; data/service-wrapper-java-3.5.30/src/c/wrapper_hashmap.c:44:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. cA = ((unsigned char *)vA)[i]; data/service-wrapper-java-3.5.30/src/c/wrapper_hashmap.c:45:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. cB = ((unsigned char *)vB)[i]; data/service-wrapper-java-3.5.30/src/c/wrapper_hashmap.c:208:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(keyCopy, key, keySize); data/service-wrapper-java-3.5.30/src/c/wrapper_hashmap.c:215:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(valueCopy, value, valueSize); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:53:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char iconvLibNameMB[128]; data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:54:8: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static TCHAR iconvLibNameW[128]; data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:82:11: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). req = MultiByteToWideChar(encoding, MB_ERR_INVALID_CHARS, multiByteChars, -1, NULL, 0); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:113:5: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). MultiByteToWideChar(encoding, MB_ERR_INVALID_CHARS, multiByteChars, -1, *outputBufferW, req + 1); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:703:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(cFile, cMode); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:994:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). r = open(cPath, oflag, mode); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:1109:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char resolved[FILENAME_MAX + 1]; data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:1111:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char resolved[PATH_MAX + 1]; data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:64:23: [2] (integer) _wtoi64: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). #define _tstoi64 _wtoi64 data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:65:23: [2] (integer) _wtoi64: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). #define _ttoi64 _wtoi64 data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:173:23: [2] (integer) _wtoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). #define _tstoi _wtoi data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:306:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define _topen open data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:371:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). #define _tstoi atoi data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:372:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). #define _ttoi atoi data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:373:23: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). #define _tstol atol data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:374:23: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). #define _ttol atol data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:378:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define _tfopen fopen data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:438:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR uName[MAX_USER_NAME_LENGTH + 1]; data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:1218:13: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR *javaVersionArgv[3]; data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:98:8: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static TCHAR *systemPath[SYSTEM_PATH_MAX_LEN]; data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:275:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(systemPath[i], lc, sizeof(TCHAR) * len); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:691:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR hexPosi[9]; data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:1392:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR titleBuffer[80]; data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:1932:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szPath[_MAX_PATH]; data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:1935:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR titleBuffer[80]; data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:2628:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR buffer[11]; data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3433:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR drive[4]; data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4025:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR regPath[ 1024 ]; data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4026:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR domain[ 1024 ]; data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4027:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR account[ 1024 ]; data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4519:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR subKey[512]; /* Registry subkey that jvm creates when is installed */ data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4521:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR jreversion[10]; /* Will receive a registry value that has jvm version */ data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4725:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR wrapperFullPath[FILEPATHSIZE] = TEXT(""); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4726:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR logFileFullPath[FILEPATHSIZE] = TEXT(""); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4727:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR defaultLogFileFullPath[FILEPATHSIZE] = TEXT(""); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:5794:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR curDir[MAX_PATH]; data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:5795:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR dumpFile[MAX_PATH]; data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6436:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR pwszSourceFile[_MAX_PATH]; data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7092:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR inbuf[1024], outbuf[512], errbuf[512], *secret; data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7486:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szPath[_MAX_PATH]; data/service-wrapper-java-3.5.30/src/c/wrappereventloop.c:454:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR buffer[MAX_COMMAND_LENGTH]; data/service-wrapper-java-3.5.30/src/c/wrappereventloop.c:954:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR onExitParamBuffer[16 + 10 + 1]; data/service-wrapper-java-3.5.30/src/c/wrappereventloop.c:1514:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR protocolMessage[JSTATESTARTED_MESSAGE_MAXLEN]; data/service-wrapper-java-3.5.30/src/c/wrapperjni.c:309:12: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). size = MultiByteToWideChar(CP_OEMCP, 0, result, -1, NULL, 0); data/service-wrapper-java-3.5.30/src/c/wrapperjni.c:316:5: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). MultiByteToWideChar(CP_OEMCP, 0, result,-1, tresult, size); data/service-wrapper-java-3.5.30/src/c/wrapperjni.c:394:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(utf8Chars, stringChars, jlen); data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:168:1: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR explorerExe[1024]; data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:247:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR userKeyName[MAX_PATH]; data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:607:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szPath[_MAX_PATH]; data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:906:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR buffer[512]; data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:1027:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR buffer[2048]; data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:1201:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char localAddr[128]; data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:1204:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char remoteAddr[128]; data/service-wrapper-java-3.5.30/src/c/logger.c:348:21: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t oldLen = _tcslen(oldToken); data/service-wrapper-java-3.5.30/src/c/logger.c:354:18: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newLen = _tcslen(newToken); data/service-wrapper-java-3.5.30/src/c/logger.c:368:17: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(out, newToken, newLen); data/service-wrapper-java-3.5.30/src/c/logger.c:671:18: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = _tcslen(log_file_path); data/service-wrapper-java-3.5.30/src/c/logger.c:692:5: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(logFilePath, log_file_path, len + 1); data/service-wrapper-java-3.5.30/src/c/logger.c:757:43: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). logFileCopy = malloc(sizeof(TCHAR) * (_tcslen(currentLogFileName) + 1)); data/service-wrapper-java-3.5.30/src/c/logger.c:761:9: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(logFileCopy, currentLogFileName, _tcslen(currentLogFileName) + 1); data/service-wrapper-java-3.5.30/src/c/logger.c:761:51: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tcsncpy(logFileCopy, currentLogFileName, _tcslen(currentLogFileName) + 1); data/service-wrapper-java-3.5.30/src/c/logger.c:789:11: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = _tcslen(logFilePath) + 1; data/service-wrapper-java-3.5.30/src/c/logger.c:795:5: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(logFileDir, logFilePath, len); data/service-wrapper-java-3.5.30/src/c/logger.c:806:15: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = _tcslen(logFileDir) + 23 + 1 + 1000; data/service-wrapper-java-3.5.30/src/c/logger.c:874:5: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(ms * 1000); /* microseconds */ data/service-wrapper-java-3.5.30/src/c/logger.c:933:9: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy( logfileFormat, log_file_format, 32 ); data/service-wrapper-java-3.5.30/src/c/logger.c:961:51: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmpFileSizeBuff = malloc(sizeof(TCHAR) * (_tcslen( max_file_size ) + 1)); data/service-wrapper-java-3.5.30/src/c/logger.c:970:30: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for( i = 0; i < (int)_tcslen(max_file_size); i++ ) { data/service-wrapper-java-3.5.30/src/c/logger.c:1022:11: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = _tcslen(pattern); data/service-wrapper-java-3.5.30/src/c/logger.c:1029:9: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(logFilePurgePattern, pattern, len + 1); data/service-wrapper-java-3.5.30/src/c/logger.c:1165:9: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy( consoleFormat, console_log_format, 32 ); data/service-wrapper-java-3.5.30/src/c/logger.c:1258:33: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = sizeof(TCHAR) * (_tcslen(event_source_name) + 1); data/service-wrapper-java-3.5.30/src/c/logger.c:1273:9: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(loginfoSourceName, event_source_name, _tcslen(event_source_name) + 1); data/service-wrapper-java-3.5.30/src/c/logger.c:1273:56: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tcsncpy(loginfoSourceName, event_source_name, _tcslen(event_source_name) + 1); data/service-wrapper-java-3.5.30/src/c/logger.c:1274:13: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (_tcslen(loginfoSourceName) > 32) { data/service-wrapper-java-3.5.30/src/c/logger.c:1279:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(loginfoSourceName) > 32) { data/service-wrapper-java-3.5.30/src/c/logger.c:1350:42: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for( i = 0, numColumns = 0; i < (int)_tcslen( format ); i++ ) { data/service-wrapper-java-3.5.30/src/c/logger.c:1408:25: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *reqSize += _tcslen( message ) + 3; data/service-wrapper-java-3.5.30/src/c/logger.c:1457:64: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for( i = 0, currentColumn = 0, len = 0, temp = 0; i < (int)_tcslen( format ); i++ ) { data/service-wrapper-java-3.5.30/src/c/logger.c:1622:5: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(buffer, template, _tcslen(logFilePath) + 11); data/service-wrapper-java-3.5.30/src/c/logger.c:1622:32: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tcsncpy(buffer, template, _tcslen(logFilePath) + 11); data/service-wrapper-java-3.5.30/src/c/logger.c:1654:25: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufferLen = _tcslen(buffer); data/service-wrapper-java-3.5.30/src/c/logger.c:1726:25: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (logFilePath && (_tcslen(logFilePath) > 0)) { data/service-wrapper-java-3.5.30/src/c/logger.c:1739:31: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). messageMBMaxLen = _tcslen(message) * sizeof(TCHAR); data/service-wrapper-java-3.5.30/src/c/logger.c:1747:32: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). reqSize -= _tcslen(message); data/service-wrapper-java-3.5.30/src/c/logger.c:1748:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). reqSize += strlen(messageMB); data/service-wrapper-java-3.5.30/src/c/logger.c:1761:25: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). old_umask = umask( logFileUmask ); data/service-wrapper-java-3.5.30/src/c/logger.c:1782:33: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tempBufferLen = _tcslen(tempBufferFormat) - 2 - 2 - 2 - 2 - 2 + _tcslen(confLogFileName) + _tcslen(confLogFileStopDateStr) + _tcslen(tempConfLogFileResumeDateStr) + _tcslen(defaultLogFile) + _tcslen(syslogName) + 1; data/service-wrapper-java-3.5.30/src/c/logger.c:1782:81: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tempBufferLen = _tcslen(tempBufferFormat) - 2 - 2 - 2 - 2 - 2 + _tcslen(confLogFileName) + _tcslen(confLogFileStopDateStr) + _tcslen(tempConfLogFileResumeDateStr) + _tcslen(defaultLogFile) + _tcslen(syslogName) + 1; data/service-wrapper-java-3.5.30/src/c/logger.c:1782:108: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tempBufferLen = _tcslen(tempBufferFormat) - 2 - 2 - 2 - 2 - 2 + _tcslen(confLogFileName) + _tcslen(confLogFileStopDateStr) + _tcslen(tempConfLogFileResumeDateStr) + _tcslen(defaultLogFile) + _tcslen(syslogName) + 1; data/service-wrapper-java-3.5.30/src/c/logger.c:1782:142: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tempBufferLen = _tcslen(tempBufferFormat) - 2 - 2 - 2 - 2 - 2 + _tcslen(confLogFileName) + _tcslen(confLogFileStopDateStr) + _tcslen(tempConfLogFileResumeDateStr) + _tcslen(defaultLogFile) + _tcslen(syslogName) + 1; data/service-wrapper-java-3.5.30/src/c/logger.c:1782:182: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tempBufferLen = _tcslen(tempBufferFormat) - 2 - 2 - 2 - 2 - 2 + _tcslen(confLogFileName) + _tcslen(confLogFileStopDateStr) + _tcslen(tempConfLogFileResumeDateStr) + _tcslen(defaultLogFile) + _tcslen(syslogName) + 1; data/service-wrapper-java-3.5.30/src/c/logger.c:1782:208: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tempBufferLen = _tcslen(tempBufferFormat) - 2 - 2 - 2 - 2 - 2 + _tcslen(confLogFileName) + _tcslen(confLogFileStopDateStr) + _tcslen(tempConfLogFileResumeDateStr) + _tcslen(defaultLogFile) + _tcslen(syslogName) + 1; data/service-wrapper-java-3.5.30/src/c/logger.c:1806:13: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(old_umask); data/service-wrapper-java-3.5.30/src/c/logger.c:1811:25: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). old_umask = umask( logFileUmask ); data/service-wrapper-java-3.5.30/src/c/logger.c:1846:29: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(confLogFileName, currentLogFileName, confLogFileNameSize); data/service-wrapper-java-3.5.30/src/c/logger.c:1859:37: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tempBufferLen = _tcslen(tempBufferFormat) - 2 - 2 - 2 + _tcslen(currentLogFileName) + _tcslen(tempBufferLastErrorText) + _tcslen(defaultLogFile) + 1; data/service-wrapper-java-3.5.30/src/c/logger.c:1859:77: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tempBufferLen = _tcslen(tempBufferFormat) - 2 - 2 - 2 + _tcslen(currentLogFileName) + _tcslen(tempBufferLastErrorText) + _tcslen(defaultLogFile) + 1; data/service-wrapper-java-3.5.30/src/c/logger.c:1859:107: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tempBufferLen = _tcslen(tempBufferFormat) - 2 - 2 - 2 + _tcslen(currentLogFileName) + _tcslen(tempBufferLastErrorText) + _tcslen(defaultLogFile) + 1; data/service-wrapper-java-3.5.30/src/c/logger.c:1859:142: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tempBufferLen = _tcslen(tempBufferFormat) - 2 - 2 - 2 + _tcslen(currentLogFileName) + _tcslen(tempBufferLastErrorText) + _tcslen(defaultLogFile) + 1; data/service-wrapper-java-3.5.30/src/c/logger.c:1890:37: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tempBufferLen = _tcslen(tempBufferFormat) - 2 - 2 + _tcslen(currentLogFileName) + _tcslen(tempBufferLastErrorText) + 1; data/service-wrapper-java-3.5.30/src/c/logger.c:1890:73: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tempBufferLen = _tcslen(tempBufferFormat) - 2 - 2 + _tcslen(currentLogFileName) + _tcslen(tempBufferLastErrorText) + 1; data/service-wrapper-java-3.5.30/src/c/logger.c:1890:103: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tempBufferLen = _tcslen(tempBufferFormat) - 2 - 2 + _tcslen(currentLogFileName) + _tcslen(tempBufferLastErrorText) + 1; data/service-wrapper-java-3.5.30/src/c/logger.c:1911:13: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(old_umask); data/service-wrapper-java-3.5.30/src/c/logger.c:1925:13: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(logFileLastNowDate, nowDate, 9); data/service-wrapper-java-3.5.30/src/c/logger.c:2106:63: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((_tcsstr(message, LOG_SPECIAL_MARKER) == message) && (_tcslen(message) >= _tcslen(LOG_SPECIAL_MARKER) + 10)) { data/service-wrapper-java-3.5.30/src/c/logger.c:2106:83: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((_tcsstr(message, LOG_SPECIAL_MARKER) == message) && (_tcslen(message) >= _tcslen(LOG_SPECIAL_MARKER) + 10)) { data/service-wrapper-java-3.5.30/src/c/logger.c:2111:35: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pos = (TCHAR *)(message + _tcslen(LOG_SPECIAL_MARKER) + 1); data/service-wrapper-java-3.5.30/src/c/logger.c:2114:9: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(intBuffer, pos, 2); data/service-wrapper-java-3.5.30/src/c/logger.c:2120:9: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(intBuffer, pos, 2); data/service-wrapper-java-3.5.30/src/c/logger.c:2126:9: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(intBuffer, pos, 2); data/service-wrapper-java-3.5.30/src/c/logger.c:2213:19: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). reqSize = _tcslen(LOG_SPECIAL_MARKER) + 1 + 2 + 1 + 2 + 1 + 2 + 1 + _tcslen(message) - _tcslen(LOG_FORK_MARKER) + 1; data/service-wrapper-java-3.5.30/src/c/logger.c:2213:77: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). reqSize = _tcslen(LOG_SPECIAL_MARKER) + 1 + 2 + 1 + 2 + 1 + 2 + 1 + _tcslen(message) - _tcslen(LOG_FORK_MARKER) + 1; data/service-wrapper-java-3.5.30/src/c/logger.c:2213:96: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). reqSize = _tcslen(LOG_SPECIAL_MARKER) + 1 + 2 + 1 + 2 + 1 + 2 + 1 + _tcslen(message) - _tcslen(LOG_FORK_MARKER) + 1; data/service-wrapper-java-3.5.30/src/c/logger.c:2217:130: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(printBuffer, reqSize, TEXT("%s|%02d|%02d|%02d|%s"), LOG_SPECIAL_MARKER, source_id, level, threadId, message + _tcslen(LOG_FORK_MARKER)); data/service-wrapper-java-3.5.30/src/c/logger.c:2357:41: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg = malloc(sizeof(wchar_t) * (wcslen(lpszFmt) + 1)); data/service-wrapper-java-3.5.30/src/c/logger.c:2360:17: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (wcslen(lpszFmt) > 0) { data/service-wrapper-java-3.5.30/src/c/logger.c:2361:33: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < _tcslen(lpszFmt); i++){ data/service-wrapper-java-3.5.30/src/c/logger.c:2363:60: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((lpszFmt[i] == TEXT('%')) && (i < _tcslen(lpszFmt)) && (lpszFmt[i + 1] == TEXT('s')) && ((i == 0) || (lpszFmt[i - 1] != TEXT('%')))){ data/service-wrapper-java-3.5.30/src/c/logger.c:2368:17: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg[wcslen(lpszFmt)] = TEXT('\0'); data/service-wrapper-java-3.5.30/src/c/logger.c:2476:47: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). logFileCopy = malloc(sizeof(TCHAR) * (_tcslen(currentLogFileName) + 1)); data/service-wrapper-java-3.5.30/src/c/logger.c:2480:13: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(logFileCopy, currentLogFileName, _tcslen(currentLogFileName) + 1); data/service-wrapper-java-3.5.30/src/c/logger.c:2480:55: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tcsncpy(logFileCopy, currentLogFileName, _tcslen(currentLogFileName) + 1); data/service-wrapper-java-3.5.30/src/c/logger.c:2723:137: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( RegSetValueEx( hKey, TEXT("EventMessageFile"), (DWORD) 0, (DWORD) REG_SZ, (LPBYTE) buffer, (DWORD)(sizeof(TCHAR) * (_tcslen(buffer) + 1))) != ERROR_SUCCESS ) { data/service-wrapper-java-3.5.30/src/c/logger.c:2729:140: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( RegSetValueEx( hKey, TEXT("CategoryMessageFile"), (DWORD) 0, (DWORD) REG_SZ, (LPBYTE) buffer, (DWORD)(sizeof(TCHAR) * (_tcslen(buffer) + 1))) != ERROR_SUCCESS ) { data/service-wrapper-java-3.5.30/src/c/logger.c:3077:110: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tprintf(TEXT("writeToConsole BufferSize=%d, MessageLen=%d, Message=[%s]\n"), vWriteToConsoleBufferSize, _tcslen(vWriteToConsoleBuffer), vWriteToConsoleBuffer); data/service-wrapper-java-3.5.30/src/c/logger.c:3087:15: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fullLen = _tcslen(vWriteToConsoleBuffer); data/service-wrapper-java-3.5.30/src/c/logger.c:3287:9: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(currentLogFileName, workLogFileName, _tcslen(logFilePath) + 11); data/service-wrapper-java-3.5.30/src/c/logger.c:3287:55: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tcsncpy(currentLogFileName, workLogFileName, _tcslen(logFilePath) + 11); data/service-wrapper-java-3.5.30/src/c/logger.c:3472:13: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(distroDescription, centosPattern, 100); data/service-wrapper-java-3.5.30/src/c/logger.c:3475:13: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(distroDescription, rhelPattern, 100); data/service-wrapper-java-3.5.30/src/c/logger.c:3478:13: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(distroDescription, fedoraPattern, 100); data/service-wrapper-java-3.5.30/src/c/logger.c:3480:13: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(distroDescription, amiPattern, 100); data/service-wrapper-java-3.5.30/src/c/logger.c:3482:13: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(distroDescription, linuxPattern, 100); data/service-wrapper-java-3.5.30/src/c/logger.c:3670:9: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(formatMessages[threadId], lpszFmt, QUEUED_BUFFER_SIZE); data/service-wrapper-java-3.5.30/src/c/logger.c:3681:15: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = wcslen(format); data/service-wrapper-java-3.5.30/src/c/logger.c:3856:59: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). logFileCopy = malloc(sizeof(TCHAR) * (_tcslen(currentLogFileName) + 1)); data/service-wrapper-java-3.5.30/src/c/logger.c:3860:25: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(logFileCopy, currentLogFileName, _tcslen(currentLogFileName) + 1); data/service-wrapper-java-3.5.30/src/c/logger.c:3860:67: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tcsncpy(logFileCopy, currentLogFileName, _tcslen(currentLogFileName) + 1); data/service-wrapper-java-3.5.30/src/c/logger_file.c:305:9: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(dirPart, pattern, dirLen); data/service-wrapper-java-3.5.30/src/c/logger_file.c:321:23: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fileLen = _tcslen(fblock.name); data/service-wrapper-java-3.5.30/src/c/logger_file.c:322:34: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). files[cnt] = malloc((_tcslen(dirPart) + _tcslen(fblock.name) + 1) * sizeof(TCHAR)); data/service-wrapper-java-3.5.30/src/c/logger_file.c:322:53: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). files[cnt] = malloc((_tcslen(dirPart) + _tcslen(fblock.name) + 1) * sizeof(TCHAR)); data/service-wrapper-java-3.5.30/src/c/logger_file.c:330:36: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(files[cnt], _tcslen(dirPart) + _tcslen(fblock.name) + 1, TEXT("%s%s"), dirPart, fblock.name); data/service-wrapper-java-3.5.30/src/c/logger_file.c:330:55: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(files[cnt], _tcslen(dirPart) + _tcslen(fblock.name) + 1, TEXT("%s%s"), dirPart, fblock.name); data/service-wrapper-java-3.5.30/src/c/logger_file.c:378:27: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fileLen = _tcslen(fblock.name); data/service-wrapper-java-3.5.30/src/c/logger_file.c:379:38: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). files[cnt] = malloc((_tcslen(dirPart) + _tcslen(fblock.name) + 1) * sizeof(TCHAR)); data/service-wrapper-java-3.5.30/src/c/logger_file.c:379:57: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). files[cnt] = malloc((_tcslen(dirPart) + _tcslen(fblock.name) + 1) * sizeof(TCHAR)); data/service-wrapper-java-3.5.30/src/c/logger_file.c:387:40: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(files[cnt], _tcslen(dirPart) + _tcslen(fblock.name) + 1, TEXT("%s%s"), dirPart, fblock.name); data/service-wrapper-java-3.5.30/src/c/logger_file.c:387:59: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(files[cnt], _tcslen(dirPart) + _tcslen(fblock.name) + 1, TEXT("%s%s"), dirPart, fblock.name); data/service-wrapper-java-3.5.30/src/c/logger_file.c:469:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). files[cnt] = malloc((strlen(g.gl_pathv[findex]) + 1)); data/service-wrapper-java-3.5.30/src/c/logger_file.c:477:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(files[cnt], g.gl_pathv[findex], strlen(g.gl_pathv[findex]) + 1); data/service-wrapper-java-3.5.30/src/c/logger_file.c:477:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(files[cnt], g.gl_pathv[findex], strlen(g.gl_pathv[findex]) + 1); data/service-wrapper-java-3.5.30/src/c/property.c:86:44: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). oldValue = malloc(sizeof(TCHAR) * (_tcslen(property->value) + 1)); data/service-wrapper-java-3.5.30/src/c/property.c:90:13: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(oldValue, property->value, _tcslen(property->value) + 1); data/service-wrapper-java-3.5.30/src/c/property.c:90:49: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tcsncpy(oldValue, property->value, _tcslen(property->value) + 1); data/service-wrapper-java-3.5.30/src/c/property.c:306:17: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(envName, start + 1, len); data/service-wrapper-java-3.5.30/src/c/property.c:333:25: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(out, in, outLen); data/service-wrapper-java-3.5.30/src/c/property.c:339:30: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). outLen = _tcslen(envValue); data/service-wrapper-java-3.5.30/src/c/property.c:344:25: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(out, envValue, outLen); data/service-wrapper-java-3.5.30/src/c/property.c:367:25: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(out, in, outLen); data/service-wrapper-java-3.5.30/src/c/property.c:388:32: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). outLen = len = _tcslen(in); data/service-wrapper-java-3.5.30/src/c/property.c:393:21: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(out, in, outLen); data/service-wrapper-java-3.5.30/src/c/property.c:404:28: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). outLen = len = _tcslen(in); data/service-wrapper-java-3.5.30/src/c/property.c:409:14: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(out, in, outLen); data/service-wrapper-java-3.5.30/src/c/property.c:448:55: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). property->value = malloc(sizeof(TCHAR) * (_tcslen(buffer) + 1)); data/service-wrapper-java-3.5.30/src/c/property.c:454:49: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0, count = 0; i < (int)_tcslen(buffer); i++) { data/service-wrapper-java-3.5.30/src/c/property.c:721:19: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = _tcslen(name) + 1 + 1; data/service-wrapper-java-3.5.30/src/c/property.c:737:19: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = _tcslen(name) + 1 + 1; data/service-wrapper-java-3.5.30/src/c/property.c:768:19: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = _tcslen(name) + 1 + _tcslen(value) + 1; data/service-wrapper-java-3.5.30/src/c/property.c:768:39: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = _tcslen(name) + 1 + _tcslen(value) + 1; data/service-wrapper-java-3.5.30/src/c/property.c:789:19: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = _tcslen(name) + 1 + _tcslen(value) + 1; data/service-wrapper-java-3.5.30/src/c/property.c:789:39: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = _tcslen(name) + 1 + _tcslen(value) + 1; data/service-wrapper-java-3.5.30/src/c/property.c:855:11: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = _tcslen(name) + 1; data/service-wrapper-java-3.5.30/src/c/property.c:946:19: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nameLen = _tcslen(propertyName); data/service-wrapper-java-3.5.30/src/c/property.c:977:39: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tailLen = _tcslen(pattern) - headLen - 1; data/service-wrapper-java-3.5.30/src/c/property.c:1133:48: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). propertyNameTrim = malloc(sizeof(TCHAR) * (_tcslen(propertyName) + 1)); data/service-wrapper-java-3.5.30/src/c/property.c:1139:50: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). propertyValueTrim = malloc(sizeof(TCHAR) * ( _tcslen(propertyValue) + 1)); data/service-wrapper-java-3.5.30/src/c/property.c:1165:50: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). property->name = malloc(sizeof(TCHAR) * (_tcslen(propertyNameTrim) + 1)); data/service-wrapper-java-3.5.30/src/c/property.c:1173:9: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(property->name, propertyNameTrim, _tcslen(propertyNameTrim) + 1); data/service-wrapper-java-3.5.30/src/c/property.c:1173:52: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tcsncpy(property->name, propertyNameTrim, _tcslen(propertyNameTrim) + 1); data/service-wrapper-java-3.5.30/src/c/property.c:1263:14: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((_tcslen(property->name) > 12) && (_tcsstr(property->name, TEXT("set.default.")) == property->name)) { data/service-wrapper-java-3.5.30/src/c/property.c:1285:21: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if ((_tcslen(property->name) > 4) && (_tcsstr(property->name, TEXT("set.")) == property->name)) { data/service-wrapper-java-3.5.30/src/c/property.c:1320:9: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (_tcslen(propertyNameValue) + 1 >= MAX_PROPERTY_NAME_VALUE_LENGTH) { data/service-wrapper-java-3.5.30/src/c/property.c:1325:5: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(buffer, propertyNameValue, MAX_PROPERTY_NAME_VALUE_LENGTH); data/service-wrapper-java-3.5.30/src/c/property.c:1482:15: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). headLen = _tcslen(propertyNameHead); data/service-wrapper-java-3.5.30/src/c/property.c:1483:15: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tailLen = _tcslen(propertyNameTail); data/service-wrapper-java-3.5.30/src/c/property.c:1489:23: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). thisLen = _tcslen(property->name); data/service-wrapper-java-3.5.30/src/c/property.c:1499:21: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(thisHead, property->name, headLen); data/service-wrapper-java-3.5.30/src/c/property.c:1509:29: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(thisTail, property->name + thisLen - tailLen, tailLen + 1); data/service-wrapper-java-3.5.30/src/c/property.c:1519:37: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(indexS, property->name + headLen, indexLen); data/service-wrapper-java-3.5.30/src/c/property.c:1824:11: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = _tcslen(value); data/service-wrapper-java-3.5.30/src/c/property.c:1865:67: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (_tcsstr(propName, TEXT(".password")) == (propName + ((int)_tcslen(propName) - 9))) { data/service-wrapper-java-3.5.30/src/c/property.c:1951:17: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size += _tcslen(property->name); data/service-wrapper-java-3.5.30/src/c/property.c:1953:17: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size += _tcslen(property->value); data/service-wrapper-java-3.5.30/src/c/property.c:1986:13: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(buffer, work, c - work + 1); data/service-wrapper-java-3.5.30/src/c/property.c:1992:9: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(buffer, work, size - _tcslen(fullBuffer)); data/service-wrapper-java-3.5.30/src/c/property.c:1992:39: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tcsncpy(buffer, work, size - _tcslen(fullBuffer)); data/service-wrapper-java-3.5.30/src/c/property.c:1993:19: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer += _tcslen(work); data/service-wrapper-java-3.5.30/src/c/property.c:2002:13: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(buffer, work, c - work + 1); data/service-wrapper-java-3.5.30/src/c/property.c:2008:9: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(buffer, work, size - _tcslen(fullBuffer)); data/service-wrapper-java-3.5.30/src/c/property.c:2008:39: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tcsncpy(buffer, work, size - _tcslen(fullBuffer)); data/service-wrapper-java-3.5.30/src/c/property.c:2009:19: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer += _tcslen(work); data/service-wrapper-java-3.5.30/src/c/test_hashmap.c:61:11: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). num = _tcslen(tsHASH_randomChars); data/service-wrapper-java-3.5.30/src/c/test_hashmap.c:97:11: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). num = _tcslen(tsHASH_randomChars); data/service-wrapper-java-3.5.30/src/c/test_hashmap.c:101:20: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strLen = len + _tcslen(tailStr) + 1; data/service-wrapper-java-3.5.30/src/c/test_hashmap.c:111:5: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(str, tailStr, strLen); data/service-wrapper-java-3.5.30/src/c/wrapper.c:187:5: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy( temp, date, 4 ); data/service-wrapper-java-3.5.30/src/c/wrapper.c:192:5: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy( temp, date + 4, 2 ); data/service-wrapper-java-3.5.30/src/c/wrapper.c:197:5: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy( temp, date + 6, 2 ); data/service-wrapper-java-3.5.30/src/c/wrapper.c:202:5: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy( temp, time, 2 ); data/service-wrapper-java-3.5.30/src/c/wrapper.c:207:5: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy( temp, time + 2, 2 ); data/service-wrapper-java-3.5.30/src/c/wrapper.c:242:34: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufferLen = __max(bufferLen, _tcslen(TEXT("set.WRAPPER_LANG=")) + 3 + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:243:34: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufferLen = __max(bufferLen, _tcslen(TEXT("set.WRAPPER_PID=")) + 10 + 1); /* 32-bit PID would be max of 10 characters */ data/service-wrapper-java-3.5.30/src/c/wrapper.c:244:34: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufferLen = __max(bufferLen, _tcslen(TEXT("set.WRAPPER_BITS=")) + _tcslen(wrapperBits) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:244:71: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufferLen = __max(bufferLen, _tcslen(TEXT("set.WRAPPER_BITS=")) + _tcslen(wrapperBits) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:245:34: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufferLen = __max(bufferLen, _tcslen(TEXT("set.WRAPPER_ARCH=")) + _tcslen(wrapperArch) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:245:71: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufferLen = __max(bufferLen, _tcslen(TEXT("set.WRAPPER_ARCH=")) + _tcslen(wrapperArch) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:246:34: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufferLen = __max(bufferLen, _tcslen(TEXT("set.WRAPPER_OS=")) + _tcslen(wrapperOS) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:246:69: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufferLen = __max(bufferLen, _tcslen(TEXT("set.WRAPPER_OS=")) + _tcslen(wrapperOS) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:247:34: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufferLen = __max(bufferLen, _tcslen(TEXT("set.WRAPPER_HOSTNAME=")) + _tcslen(wrapperData->hostName) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:247:75: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufferLen = __max(bufferLen, _tcslen(TEXT("set.WRAPPER_HOSTNAME=")) + _tcslen(wrapperData->hostName) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:248:34: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufferLen = __max(bufferLen, _tcslen(TEXT("set.WRAPPER_HOST_NAME=")) + _tcslen(wrapperData->hostName) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:248:76: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufferLen = __max(bufferLen, _tcslen(TEXT("set.WRAPPER_HOST_NAME=")) + _tcslen(wrapperData->hostName) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:270:13: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(confDirTemp, TEXT("."), 2); data/service-wrapper-java-3.5.30/src/c/wrapper.c:284:13: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(confDirTemp, wrapperData->argConfFile, pos); data/service-wrapper-java-3.5.30/src/c/wrapper.c:335:32: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((langTemp == NULL) || (_tcslen(langTemp) == 0)) { data/service-wrapper-java-3.5.30/src/c/wrapper.c:405:12: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. TCHAR *equal; data/service-wrapper-java-3.5.30/src/c/wrapper.c:447:19: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = _tcslen(sourcePair); data/service-wrapper-java-3.5.30/src/c/wrapper.c:461:17: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal) { data/service-wrapper-java-3.5.30/src/c/wrapper.c:463:27: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. value = &(equal[1]); data/service-wrapper-java-3.5.30/src/c/wrapper.c:464:17: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. equal[0] = TEXT('\0'); data/service-wrapper-java-3.5.30/src/c/wrapper.c:466:21: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (_tcslen(name) <= 0) { data/service-wrapper-java-3.5.30/src/c/wrapper.c:469:21: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (_tcslen(value) <= 0) { data/service-wrapper-java-3.5.30/src/c/wrapper.c:507:40: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *ptr = malloc(sizeof(TCHAR) * (_tcslen(value) + 1)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:512:13: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(*ptr, value, _tcslen(value) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:512:35: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tcsncpy(*ptr, value, _tcslen(value) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:985:22: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (prop && (_tcslen(prop) > 0)) { data/service-wrapper-java-3.5.30/src/c/wrapper.c:1040:28: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). defaultUMask = umask((mode_t)0); data/service-wrapper-java-3.5.30/src/c/wrapper.c:1041:13: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(defaultUMask); data/service-wrapper-java-3.5.30/src/c/wrapper.c:1045:102: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). wrapperData->javaUmask = getIntProperty(properties, TEXT("wrapper.java.umask"), wrapperData->umask); data/service-wrapper-java-3.5.30/src/c/wrapper.c:1046:108: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). wrapperData->pidFileUmask = getIntProperty(properties, TEXT("wrapper.pidfile.umask"), wrapperData->umask); data/service-wrapper-java-3.5.30/src/c/wrapper.c:1047:110: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). wrapperData->lockFileUmask = getIntProperty(properties, TEXT("wrapper.lockfile.umask"), wrapperData->umask); data/service-wrapper-java-3.5.30/src/c/wrapper.c:1048:117: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). wrapperData->javaPidFileUmask = getIntProperty(properties, TEXT("wrapper.java.pidfile.umask"), wrapperData->umask); data/service-wrapper-java-3.5.30/src/c/wrapper.c:1049:115: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). wrapperData->javaIdFileUmask = getIntProperty(properties, TEXT("wrapper.java.idfile.umask"), wrapperData->umask); data/service-wrapper-java-3.5.30/src/c/wrapper.c:1050:114: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). wrapperData->statusFileUmask = getIntProperty(properties, TEXT("wrapper.statusfile.umask"), wrapperData->umask); data/service-wrapper-java-3.5.30/src/c/wrapper.c:1051:123: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). wrapperData->javaStatusFileUmask = getIntProperty(properties, TEXT("wrapper.java.statusfile.umask"), wrapperData->umask); data/service-wrapper-java-3.5.30/src/c/wrapper.c:1052:114: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). wrapperData->anchorFileUmask = getIntProperty(properties, TEXT("wrapper.anchorfile.umask"), wrapperData->umask); data/service-wrapper-java-3.5.30/src/c/wrapper.c:1053:96: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). setLogfileUmask(getIntProperty(properties, TEXT("wrapper.logfile.umask"), wrapperData->umask)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:2178:17: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(messageMB, messageW, len); data/service-wrapper-java-3.5.30/src/c/wrapper.c:2189:15: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = _tcslen(messageTemplate) + 16 + 1; data/service-wrapper-java-3.5.30/src/c/wrapper.c:2197:68: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(logMsgW, len, messageTemplate, (messageMB ? strlen(messageMB) : 0)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:2206:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = 1 + strlen(messageMB) + 1; data/service-wrapper-java-3.5.30/src/c/wrapper.c:2223:21: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&(protocolSendBuffer[1]), messageMB, len - 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:2585:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). len = read(protocolActiveServerPipeIn, (void*) &c, 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:2605:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). len = read(protocolActiveServerPipeIn, (void*) &c, 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:3222:21: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = &fileName[_tcslen(fileName)]; data/service-wrapper-java-3.5.30/src/c/wrapper.c:3241:5: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(baseName, start, end - start); data/service-wrapper-java-3.5.30/src/c/wrapper.c:3256:11: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = _tcslen(banner) + _tcslen(product) + _tcslen(wrapperBits) + _tcslen(wrapperVersionRoot) + _tcslen(copyright) + 1; data/service-wrapper-java-3.5.30/src/c/wrapper.c:3256:29: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = _tcslen(banner) + _tcslen(product) + _tcslen(wrapperBits) + _tcslen(wrapperVersionRoot) + _tcslen(copyright) + 1; data/service-wrapper-java-3.5.30/src/c/wrapper.c:3256:48: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = _tcslen(banner) + _tcslen(product) + _tcslen(wrapperBits) + _tcslen(wrapperVersionRoot) + _tcslen(copyright) + 1; data/service-wrapper-java-3.5.30/src/c/wrapper.c:3256:71: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = _tcslen(banner) + _tcslen(product) + _tcslen(wrapperBits) + _tcslen(wrapperVersionRoot) + _tcslen(copyright) + 1; data/service-wrapper-java-3.5.30/src/c/wrapper.c:3256:101: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = _tcslen(banner) + _tcslen(product) + _tcslen(wrapperBits) + _tcslen(wrapperVersionRoot) + _tcslen(copyright) + 1; data/service-wrapper-java-3.5.30/src/c/wrapper.c:3286:44: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). confFileBase = malloc(sizeof(TCHAR) * (_tcslen(appName) + 1)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:3416:63: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). argConfFileBase = malloc(sizeof(TCHAR) * (_tcslen(argv[0]) + 1)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:3424:56: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wrapperData->argConfFile = malloc((_tcslen(argConfFileBase) + 5 + 1) * sizeof(TCHAR)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:3430:58: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(wrapperData->argConfFile, _tcslen(argConfFileBase) + 5 + 1, TEXT("%s.conf"), argConfFileBase); data/service-wrapper-java-3.5.30/src/c/wrapper.c:3452:55: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). argConfFileBase = malloc(sizeof(TCHAR) * (_tcslen(argv[0]) + 1)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:3460:48: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wrapperData->argConfFile = malloc((_tcslen(argConfFileBase) + 5 + 1) * sizeof(TCHAR)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:3466:50: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(wrapperData->argConfFile, _tcslen(argConfFileBase) + 5 + 1, TEXT("%s.conf"), argConfFileBase); data/service-wrapper-java-3.5.30/src/c/wrapper.c:3706:18: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). commandLen = _tcslen(command); data/service-wrapper-java-3.5.30/src/c/wrapper.c:3729:22: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fillerLen -= _tcslen(&tempCommand[index]); data/service-wrapper-java-3.5.30/src/c/wrapper.c:3730:18: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). index += _tcslen(&tempCommand[index]); data/service-wrapper-java-3.5.30/src/c/wrapper.c:3742:61: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(&(tempCommand[index]), pos2 + 1, sizeof(TCHAR) * _tcslen(pos2 + 1)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:3793:15: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). textLen = _tcslen(text); data/service-wrapper-java-3.5.30/src/c/wrapper.c:3798:18: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). patternLen = _tcslen(pattern); data/service-wrapper-java-3.5.30/src/c/wrapper.c:3829:18: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). patternLen = _tcslen(pattern); data/service-wrapper-java-3.5.30/src/c/wrapper.c:3853:11: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = _tcslen(in); data/service-wrapper-java-3.5.30/src/c/wrapper.c:3870:13: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(out, in + first, len); data/service-wrapper-java-3.5.30/src/c/wrapper.c:3884:13: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (_tcslen(wrapperData->outputFilters[i]) > 0) { data/service-wrapper-java-3.5.30/src/c/wrapper.c:3904:42: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((!filterMessage) || (_tcslen(filterMessage) <= 0)) { data/service-wrapper-java-3.5.30/src/c/wrapper.c:4527:9: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(*pszOS, TEXT("Microsoft "), OSBUFSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper.c:4729:13: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (_tcslen(osvi.szCSDVersion) > 0) { data/service-wrapper-java-3.5.30/src/c/wrapper.c:5302:41: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = wrapperStripQuotesInner(prop, _tcslen(prop), propStripped); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5312:18: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = _tcslen(value); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5377:18: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = _tcslen(value); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5520:13: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(pth, resolvedPath, PATH_MAX + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5522:31: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = malloc((_tcslen(pth) + 1) * sizeof(TCHAR)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5527:17: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(ret, pth, _tcslen(pth) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5527:36: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tcsncpy(ret, pth, _tcslen(pth) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5545:9: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(pth, resolvedPath, PATH_MAX + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5547:27: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = malloc((_tcslen(pth) + 1) * sizeof(TCHAR)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5552:13: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(ret, pth, _tcslen(pth) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5552:32: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tcsncpy(ret, pth, _tcslen(pth) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5570:28: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (searchPath && (_tcslen(searchPath) <= 0)) { data/service-wrapper-java-3.5.30/src/c/wrapper.c:5588:21: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(pth, beg, PATH_MAX + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5591:21: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(pth, beg, end - beg); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5594:25: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (pth[_tcslen(pth) - 1] != TEXT('/')) { data/service-wrapper-java-3.5.30/src/c/wrapper.c:5595:21: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(pth, TEXT("/"), PATH_MAX + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5597:17: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(pth, exe, PATH_MAX + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5607:21: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(pth, resolvedPath, PATH_MAX + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5621:31: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = malloc((_tcslen(pth) + 1) * sizeof(TCHAR)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5626:17: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(ret, pth, _tcslen(pth) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5626:36: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tcsncpy(ret, pth, _tcslen(pth) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5659:20: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int)_tcslen(*para) - 2; data/service-wrapper-java-3.5.30/src/c/wrapper.c:5662:20: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int)_tcslen(*para); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5668:9: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(path, (*para) + start, len); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5679:29: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *para = malloc((_tcslen(path) + 1) * sizeof(TCHAR)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5685:13: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(*para, path, _tcslen(path) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5685:35: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tcsncpy(*para, path, _tcslen(path) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5727:17: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(cpPath, TEXT("\\bin\\java.exe"), 512); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5770:54: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strings[index] = malloc(sizeof(TCHAR) * (_tcslen(cpPath) + 2 + 1)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5776:44: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(strings[index], _tcslen(cpPath) + 2 + 1, TEXT("\"%s\""), cpPath); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5778:44: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(strings[index], _tcslen(cpPath) + 2 + 1, TEXT("%s"), cpPath); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5781:54: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strings[index] = malloc(sizeof(TCHAR) * (_tcslen(prop) + 2 + 1)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5787:44: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(strings[index], _tcslen(prop) + 2 + 1, TEXT("\"%s\""), prop); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5789:44: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(strings[index], _tcslen(prop) + 2 + 1, TEXT("%s"), prop); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5799:50: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strings[index] = malloc(sizeof(TCHAR) * (_tcslen(prop) + 2 + 1)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5805:40: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(strings[index], _tcslen(prop) + 2 + 1, TEXT("\"%s\""), prop); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5807:40: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(strings[index], _tcslen(prop) + 2 + 1, TEXT("%s"), prop); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5813:61: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (c && ((unsigned int)(c - strings[index]) == _tcslen(strings[index]) - 3 - 1)) { data/service-wrapper-java-3.5.30/src/c/wrapper.c:5818:65: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (c && ((unsigned int)(c - strings[index]) == _tcslen(strings[index]) - 7 - 1)) { data/service-wrapper-java-3.5.30/src/c/wrapper.c:5859:17: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (_tcslen(prop) > 0) { data/service-wrapper-java-3.5.30/src/c/wrapper.c:5887:68: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). propStripped = malloc(sizeof(TCHAR) * (_tcslen(prop) + 1)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5911:70: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strings[index] = malloc(sizeof(TCHAR) * (_tcslen(propStripped) + 1)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5920:56: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(strings[index], _tcslen(propStripped) + 1, TEXT("%s"), propStripped); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5988:15: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = _tcslen(argTerm); data/service-wrapper-java-3.5.30/src/c/wrapper.c:5997:13: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(argStripped, argTerm, len + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6013:15: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = _tcslen(argExpanded); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6018:9: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(param->strings[param->index], argExpanded, len + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6048:22: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(config && _tcslen(config) > 0); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6049:45: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(config[0] != TEXT(' ') && config[_tcslen(config) - 1] != TEXT(' ')); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6051:27: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tail_bound = config + _tcslen(config) + 1; data/service-wrapper-java-3.5.30/src/c/wrapper.c:6116:9: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (_tcslen(parameterFilePath) == 0) { data/service-wrapper-java-3.5.30/src/c/wrapper.c:6196:63: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strings[index] = malloc(sizeof(TCHAR) * (22 + _tcslen(prop) + 1 + _tcslen(systemPath) + 1 + 1)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6196:83: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strings[index] = malloc(sizeof(TCHAR) * (22 + _tcslen(prop) + 1 + _tcslen(systemPath) + 1 + 1)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6205:26: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((_tcslen(systemPath) > 1) && (systemPath[_tcslen(systemPath) - 1] == TEXT('\\'))) { data/service-wrapper-java-3.5.30/src/c/wrapper.c:6205:66: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((_tcslen(systemPath) > 1) && (systemPath[_tcslen(systemPath) - 1] == TEXT('\\'))) { data/service-wrapper-java-3.5.30/src/c/wrapper.c:6206:57: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(strings[index], 22 + _tcslen(prop) + 1 + _tcslen(systemPath) + 1 + 1, TEXT("-Djava.library.path=\"%s%c%s\\\""), prop, wrapperClasspathSeparator, systemPath); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6206:77: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(strings[index], 22 + _tcslen(prop) + 1 + _tcslen(systemPath) + 1 + 1, TEXT("-Djava.library.path=\"%s%c%s\\\""), prop, wrapperClasspathSeparator, systemPath); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6208:57: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(strings[index], 22 + _tcslen(prop) + 1 + _tcslen(systemPath) + 1 + 1, TEXT("-Djava.library.path=\"%s%c%s\""), prop, wrapperClasspathSeparator, systemPath); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6208:77: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(strings[index], 22 + _tcslen(prop) + 1 + _tcslen(systemPath) + 1 + 1, TEXT("-Djava.library.path=\"%s%c%s\""), prop, wrapperClasspathSeparator, systemPath); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6211:53: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(strings[index], 22 + _tcslen(prop) + 1 + _tcslen(systemPath) + 1 + 1, TEXT("-Djava.library.path=%s%c%s"), prop, wrapperClasspathSeparator, systemPath); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6211:73: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(strings[index], 22 + _tcslen(prop) + 1 + _tcslen(systemPath) + 1 + 1, TEXT("-Djava.library.path=%s%c%s"), prop, wrapperClasspathSeparator, systemPath); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6214:63: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strings[index] = malloc(sizeof(TCHAR) * (22 + _tcslen(prop) + 1 + 1)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6220:26: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((_tcslen(prop) > 1) && (prop[_tcslen(prop) - 1] == TEXT('\\'))) { data/service-wrapper-java-3.5.30/src/c/wrapper.c:6220:54: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((_tcslen(prop) > 1) && (prop[_tcslen(prop) - 1] == TEXT('\\'))) { data/service-wrapper-java-3.5.30/src/c/wrapper.c:6221:57: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(strings[index], 22 + _tcslen(prop) + 1 + 1, TEXT("-Djava.library.path=\"%s\\\""), prop); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6223:57: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(strings[index], 22 + _tcslen(prop) + 1 + 1, TEXT("-Djava.library.path=\"%s\""), prop); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6226:53: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(strings[index], 22 + _tcslen(prop) + 1 + 1, TEXT("-Djava.library.path=%s"), prop); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6274:28: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len2 = _tcslen(prop); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6310:24: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len2 = _tcslen(systemPath); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6423:52: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). propStripped = malloc(sizeof(TCHAR) * (_tcslen(prop) + 1)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6436:16: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len2 = _tcslen(propStripped); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6454:28: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len2 = _tcslen(files[cnt]); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6492:35: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((propStripped[_tcslen(propStripped) - 1] == TEXT('/')) || (propStripped[_tcslen(propStripped) - 1] == TEXT('\\'))) { data/service-wrapper-java-3.5.30/src/c/wrapper.c:6492:93: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((propStripped[_tcslen(propStripped) - 1] == TEXT('/')) || (propStripped[_tcslen(propStripped) - 1] == TEXT('\\'))) { data/service-wrapper-java-3.5.30/src/c/wrapper.c:6493:58: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). propBaseDir = malloc(sizeof(TCHAR) * _tcslen(propStripped)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6502:21: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(propBaseDir, propStripped, _tcslen(propStripped) - 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6502:57: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tcsncpy(propBaseDir, propStripped, _tcslen(propStripped) - 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6503:33: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). propBaseDir[_tcslen(propStripped) - 1] = TEXT('\0'); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6598:15: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = _tcslen(classpath); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6664:13: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (_tcslen(prop) > 0) { data/service-wrapper-java-3.5.30/src/c/wrapper.c:6677:64: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). propStripped = malloc(sizeof(TCHAR) * (_tcslen(prop) + 1)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6701:66: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strings[index] = malloc(sizeof(TCHAR) * (_tcslen(propStripped) + 1)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6710:52: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(strings[index], _tcslen(propStripped) + 1, TEXT("%s"), propStripped); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6742:62: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strings[index] = malloc(sizeof(TCHAR) * (_tcslen(wrapperData->javaArgValues[i]) + 1)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6747:48: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(strings[index], _tcslen(wrapperData->javaArgValues[i]) + 1, TEXT("%s"), wrapperData->javaArgValues[i]); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6875:55: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strings[index] = malloc(sizeof(TCHAR) * (16 + _tcslen(wrapperData->key) + 1)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6881:45: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(strings[index], 16 + _tcslen(wrapperData->key) + 1, TEXT("-Dwrapper.key=\"%s\""), wrapperData->key); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6883:45: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(strings[index], 16 + _tcslen(wrapperData->key) + 1, TEXT("-Dwrapper.key=%s"), wrapperData->key); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6941:58: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strings[index] = malloc(sizeof(TCHAR) * (_tcslen(TEXT("-Dwrapper.port.address=")) + _tcslen(wrapperData->portAddress) + 1)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6941:101: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strings[index] = malloc(sizeof(TCHAR) * (_tcslen(TEXT("-Dwrapper.port.address=")) + _tcslen(wrapperData->portAddress) + 1)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6946:44: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(strings[index], _tcslen(TEXT("-Dwrapper.port.address=")) + _tcslen(wrapperData->portAddress) + 1, TEXT("-Dwrapper.port.address=%s"), wrapperData->portAddress); data/service-wrapper-java-3.5.30/src/c/wrapper.c:6946:87: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(strings[index], _tcslen(TEXT("-Dwrapper.port.address=")) + _tcslen(wrapperData->portAddress) + 1, TEXT("-Dwrapper.port.address=%s"), wrapperData->portAddress); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7108:55: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strings[index] = malloc(sizeof(TCHAR) * (20 + _tcslen(wrapperVersion) + 1)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7114:45: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(strings[index], 20 + _tcslen(wrapperVersion) + 1, TEXT("-Dwrapper.version=\"%s\""), wrapperVersion); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7116:45: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(strings[index], 20 + _tcslen(wrapperVersion) + 1, TEXT("-Dwrapper.version=%s"), wrapperVersion); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7123:55: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strings[index] = malloc(sizeof(TCHAR) * (27 + _tcslen(wrapperData->nativeLibrary) + 1)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7129:45: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(strings[index], 27 + _tcslen(wrapperData->nativeLibrary) + 1, TEXT("-Dwrapper.native_library=\"%s\""), wrapperData->nativeLibrary); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7131:45: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(strings[index], 27 + _tcslen(wrapperData->nativeLibrary) + 1, TEXT("-Dwrapper.native_library=%s"), wrapperData->nativeLibrary); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7138:55: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strings[index] = malloc(sizeof(TCHAR) * (17 + _tcslen(wrapperArch) + 1)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7144:45: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(strings[index], 17 + _tcslen(wrapperArch) + 1, TEXT("-Dwrapper.arch=\"%s\""), wrapperArch); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7146:45: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(strings[index], 17 + _tcslen(wrapperArch) + 1, TEXT("-Dwrapper.arch=%s"), wrapperArch); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7237:59: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strings[index] = malloc(sizeof(TCHAR) * (25 + _tcslen(prop) + 1)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7243:49: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(strings[index], 25 + _tcslen(prop) + 1, TEXT("-Dwrapper.java.outfile=\"%s\""), prop); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7245:49: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(strings[index], 25 + _tcslen(prop) + 1, TEXT("-Dwrapper.java.outfile=%s"), prop); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7253:59: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strings[index] = malloc(sizeof(TCHAR) * (25 + _tcslen(prop) + 1)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7259:50: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(strings[index], 25 + _tcslen(prop) + 1, TEXT("-Dwrapper.java.errfile=\"%s\""), prop); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7261:49: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(strings[index], 25 + _tcslen(prop) + 1, TEXT("-Dwrapper.java.errfile=%s"), prop); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7304:50: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strings[index] = malloc(sizeof(TCHAR) * (_tcslen(prop) + 1)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7309:36: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(strings[index], _tcslen(prop) + 1, TEXT("%s"), prop); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7573:11: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). num = _tcslen(keyChars); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7636:22: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). valLen = _tcslen(propertyValues[i]); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7661:22: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). valLen = _tcslen(propertyValues[i]); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7663:17: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(work, propertyValues[i], workLen); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7703:47: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (wrapperData->ntServiceAccount && (_tcslen(wrapperData->ntServiceAccount) <= 0)) { data/service-wrapper-java-3.5.30/src/c/wrapper.c:7716:50: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( wrapperData->ntServicePassword && ( _tcslen( wrapperData->ntServicePassword ) <= 0 ) ) { data/service-wrapper-java-3.5.30/src/c/wrapper.c:7877:15: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = _tcslen(hostName); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7883:9: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(hostName2, hostName, len + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7886:57: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wrapperData->hostName = malloc(sizeof(TCHAR) * (_tcslen(hostName2) + 1)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7892:9: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(wrapperData->hostName, hostName2, _tcslen(hostName2) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7892:52: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tcsncpy(wrapperData->hostName, hostName2, _tcslen(hostName2) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7913:11: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = _tcslen(actionName); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7981:11: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = _tcslen(actionNameList); data/service-wrapper-java-3.5.30/src/c/wrapper.c:7987:9: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(workBuffer, actionNameList, len + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:8019:13: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(workBuffer, actionNameList, len + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:8154:69: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wrapperData->outputFilters[i] = malloc(sizeof(TCHAR) * (_tcslen(prop) + 1)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:8159:13: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(wrapperData->outputFilters[i], prop, _tcslen(prop) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:8159:59: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tcsncpy(wrapperData->outputFilters[i], prop, _tcslen(prop) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:8197:65: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wrapperData->outputFilters[i] = malloc(sizeof(TCHAR) * (_tcslen(TRIGGER_ADVICE_NIL_SERVER) + 1)); data/service-wrapper-java-3.5.30/src/c/wrapper.c:8202:9: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(wrapperData->outputFilters[i], TRIGGER_ADVICE_NIL_SERVER, _tcslen(TRIGGER_ADVICE_NIL_SERVER) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.c:8202:76: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tcsncpy(wrapperData->outputFilters[i], TRIGGER_ADVICE_NIL_SERVER, _tcslen(TRIGGER_ADVICE_NIL_SERVER) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper.h:388:13: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). int umask; /* Default umask for all files. */ data/service-wrapper-java-3.5.30/src/c/wrapper_file.c:75:28: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((path != NULL) && (_tcslen(path) >= 3) && (path[1] == TEXT(':')) && ((path[2] == TEXT('\\')) || (path[2] == TEXT('/')))) { data/service-wrapper-java-3.5.30/src/c/wrapper_file.c:76:9: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(drive, path, 2); data/service-wrapper-java-3.5.30/src/c/wrapper_file.c:215:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(encoding) == 0) { data/service-wrapper-java-3.5.30/src/c/wrapper_file.c:228:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(encoding) == 0) { data/service-wrapper-java-3.5.30/src/c/wrapper_file.c:270:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(interumEncoding) == 0) { data/service-wrapper-java-3.5.30/src/c/wrapper_file.c:329:23: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = _tcslen(trimmedBuffer); data/service-wrapper-java-3.5.30/src/c/wrapper_file.c:357:32: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). trimmedBufferLen = _tcslen(trimmedBuffer); data/service-wrapper-java-3.5.30/src/c/wrapper_file.c:366:17: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (_tcslen(trimmedBuffer) > 0) { data/service-wrapper-java-3.5.30/src/c/wrapper_hashmap.c:165:18: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = _tcslen(key); data/service-wrapper-java-3.5.30/src/c/wrapper_hashmap.c:299:39: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t keySize = sizeof(TCHAR) * (_tcslen(key) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper_hashmap.c:300:41: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t valueSize = sizeof(TCHAR) * (_tcslen(value) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper_hashmap.c:322:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t keySize = sizeof(char) * (strlen(key) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper_hashmap.c:323:41: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t valueSize = sizeof(TCHAR) * (_tcslen(value) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper_hashmap.c:385:39: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t keySize = sizeof(TCHAR) * (_tcslen(key) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper_hashmap.c:399:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t keySize = sizeof(char) * (strlen(key) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:86:32: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). errorTemplateLen = _tcslen(errorTemplate) + 1; data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:96:32: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). errorTemplateLen = _tcslen(errorTemplate) + 10 + 1; data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:172:36: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). errorTemplateLen = _tcslen(errorTemplate) + strlen(multiByteEncoding) + strlen(interumEncoding) + 1; data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:172:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). errorTemplateLen = _tcslen(errorTemplate) + strlen(multiByteEncoding) + strlen(interumEncoding) + 1; data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:172:89: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). errorTemplateLen = _tcslen(errorTemplate) + strlen(multiByteEncoding) + strlen(interumEncoding) + 1; data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:182:36: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). errorTemplateLen = _tcslen(errorTemplate) + 10 + 1; data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:192:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). multiByteCharsLen = strlen(multiByteChars); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:240:40: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). errorTemplateLen = _tcslen(errorTemplate) + 1; data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:252:40: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). errorTemplateLen = _tcslen(errorTemplate) + 1; data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:270:40: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). errorTemplateLen = _tcslen(errorTemplate) + 10 + 1; data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:286:32: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). errorTemplateLen = _tcslen(errorTemplate) + 10 + 1; data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:309:32: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). errorTemplateLen = _tcslen(errorTemplate) + 1; data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:312:32: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). errorTemplateLen = _tcslen(errorTemplate) + 10 + 1; data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:474:41: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg = malloc(sizeof(wchar_t) * (wcslen(fmt) + 1)); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:476:13: [1] (buffer) wcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). wcsncpy(msg, fmt, wcslen(fmt) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:476:31: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wcsncpy(msg, fmt, wcslen(fmt) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:477:29: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < wcslen(fmt); i++){ data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:478:49: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (fmt[i] == TEXT('%') && i < wcslen(fmt) && fmt[i + 1] == TEXT('s') && (i == 0 || fmt[i - 1] != TEXT('%'))) { data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:483:17: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg[wcslen(fmt)] = TEXT('\0'); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:507:41: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg = malloc(sizeof(wchar_t) * (wcslen(fmt) + 1)); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:509:13: [1] (buffer) wcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). wcsncpy(msg, fmt, wcslen(fmt) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:509:31: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wcsncpy(msg, fmt, wcslen(fmt) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:510:29: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < wcslen(fmt); i++){ data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:511:49: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (fmt[i] == TEXT('%') && i < wcslen(fmt) && fmt[i + 1] == TEXT('s') && (i == 0 || fmt[i - 1] != TEXT('%'))) { data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:516:17: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg[wcslen(fmt)] = TEXT('\0'); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:540:41: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg = malloc(sizeof(wchar_t) * (wcslen(fmt) + 1)); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:542:13: [1] (buffer) wcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). wcsncpy(msg, fmt, wcslen(fmt) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:542:31: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wcsncpy(msg, fmt, wcslen(fmt) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:543:29: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < wcslen(fmt); i++){ data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:544:49: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (fmt[i] == TEXT('%') && i < wcslen(fmt) && fmt[i + 1] == TEXT('s') && (i == 0 || fmt[i - 1] != TEXT('%'))) { data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:549:17: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg[wcslen(fmt)] = TEXT('\0'); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:1354:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(*encoding) == 0) { data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:1464:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(iconvLibNameMB, "/usr/local/lib/libiconv.so", 128); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:1469:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(iconvLibNameMB, "/usr/local/lib/libbiconv.so", 128); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:1479:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(iconvLibNameMB, "/usr/lib32/libkiconv.so.4", 128); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:1484:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(iconvLibNameMB, "/lib/libkiconv.so.4", 128); data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:185:9: [1] (buffer) _gettc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). #define _gettc getwc data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:233:23: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define _tcsclen wcslen data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:234:9: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define _tcslen wcslen data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:234:23: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define _tcslen wcslen data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:235:9: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. #define _tcsncat wcsncat data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:235:23: [1] (buffer) wcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. #define _tcsncat wcsncat data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:236:23: [1] (buffer) wcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. #define _tcsnccat wcsncat data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:239:23: [1] (buffer) wcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). #define _tcsnccpy wcsncpy data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:240:9: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). #define _tcsncpy wcsncpy data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:240:23: [1] (buffer) wcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). #define _tcsncpy wcsncpy data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:376:23: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). #define _fgettc fgetc data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:384:9: [1] (buffer) _gettc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). #define _gettc getc data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:384:23: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). #define _gettc getc data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:385:23: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). #define _gettchar getchar data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:423:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define _tcsclen strlen data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:424:9: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define _tcslen strlen data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:424:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define _tcslen strlen data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:425:9: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. #define _tcsncat strncat data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:425:23: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. #define _tcsncat strncat data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:426:23: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. #define _tcsnccat strncat data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:429:23: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). #define _tcsnccpy strncpy data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:430:9: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). #define _tcsncpy strncpy data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:430:23: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). #define _tcsncpy strncpy data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:187:17: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). old_umask = umask(newUmask); data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:189:5: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(old_umask); data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:1009:5: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(ms * 1000); /* microseconds */ data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:1120:65: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wrapperData->jvmVersionCommand[0] = malloc(sizeof(TCHAR) * (_tcslen(strings[0]) + 1)); data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:1125:5: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(wrapperData->jvmVersionCommand[0], strings[0], _tcslen(strings[0]) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:1125:61: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tcsncpy(wrapperData->jvmVersionCommand[0], strings[0], _tcslen(strings[0]) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:1132:5: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(wrapperData->jvmVersionCommand[1], TEXT("-version"), 8 + 1); data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:1146:66: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wrapperData->jvmCommand[i] = malloc(sizeof(TCHAR) * (_tcslen(strings[i]) + 1)); data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:1151:13: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(wrapperData->jvmCommand[i], strings[i], _tcslen(strings[i]) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:1151:62: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tcsncpy(wrapperData->jvmCommand[i], strings[i], _tcslen(strings[i]) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:1352:13: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(wrapperData->javaUmask); data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:1403:31: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lenCmd += _tcslen(wrapperData->jvmCommand[i]) + 1; data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:1710:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). *readCount = read(pipedes[PIPE_READ_END], blockBuffer, blockSize); data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:2009:5: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(wrapperData->umask); data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:2009:24: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(wrapperData->umask); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:284:11: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = _tcslen(lc); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:290:5: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(systemPath[i], lc, len + 1); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:319:50: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mutexName = malloc(sizeof(TCHAR) * (30 + _tcslen(wrapperData->serviceName) + 1)); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:325:36: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(mutexName, 30 + _tcslen(wrapperData->serviceName) + 1, TEXT("Global\\Java Service Wrapper - %s"), wrapperData->serviceName); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:630:18: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). commandLen = _tcslen(strings[0]); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:632:19: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). commandLen += _tcslen(TEXT("-version")); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:649:23: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). commandLen += _tcslen(strings[i]); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:665:23: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). commandLen += _tcslen(strings[i]); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:723:22: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nSubKeyLen = _tcslen(consoleSubKeyBase) + _tcslen(startupTitle) + 1; data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:723:51: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nSubKeyLen = _tcslen(consoleSubKeyBase) + _tcslen(startupTitle) + 1; data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:731:9: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(consoleSubKey, consoleSubKeyBase, nSubKeyLen); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:732:9: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(consoleSubKey, startupTitle, nSubKeyLen - _tcslen(consoleSubKey)); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:732:60: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tcsncat(consoleSubKey, startupTitle, nSubKeyLen - _tcslen(consoleSubKey)); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:735:23: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = (int)_tcslen(consoleSubKeyBase); i < (int)nSubKeyLen; i++) { data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:1956:11: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = _tcslen(wrapperData->jvmCommand); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3483:10: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((_tcslen(moduleFileName) >= 3) && (moduleFileName[1] == TEXT(':')) && (moduleFileName[2] == TEXT('\\'))) { data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3484:9: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(drive, moduleFileName, 3); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3516:21: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(buffer, unc->lpUniversalName, originalSize); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3518:30: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *reqBufferLen += _tcslen(unc->lpUniversalName); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3521:21: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(buffer, TEXT("\""), originalSize); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3522:21: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(buffer, unc->lpUniversalName, originalSize); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3523:21: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(buffer, TEXT("\""), originalSize); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3525:39: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *reqBufferLen += (1 + _tcslen(unc->lpUniversalName) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3535:17: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(buffer, moduleFileName, originalSize); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3537:30: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *reqBufferLen += _tcslen(moduleFileName); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3540:17: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(buffer, TEXT("\""), originalSize); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3541:17: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(buffer, moduleFileName, originalSize); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3542:17: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(buffer, TEXT("\""), originalSize); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3544:35: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *reqBufferLen += (1 + _tcslen(moduleFileName) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3551:9: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(buffer, TEXT(" -s "), originalSize); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3558:10: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((_tcslen(wrapperData->configFile) >= 3) && (wrapperData->configFile[1] == TEXT(':')) && (wrapperData->configFile[2] == TEXT('\\'))) { data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3559:9: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(drive, wrapperData->configFile, 3); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3592:21: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(buffer, unc->lpUniversalName, originalSize); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3594:34: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *reqBufferLen += _tcslen(unc->lpUniversalName); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3597:21: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(buffer, TEXT("\""), originalSize); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3598:21: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(buffer, unc->lpUniversalName, originalSize); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3599:21: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(buffer, TEXT("\""), originalSize); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3601:39: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *reqBufferLen += (1 + _tcslen(unc->lpUniversalName) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3611:17: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(buffer, wrapperData->configFile, originalSize); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3613:30: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *reqBufferLen += _tcslen(wrapperData->configFile); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3616:17: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(buffer, TEXT("\""), originalSize); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3617:17: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(buffer, wrapperData->configFile, originalSize); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3618:17: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(buffer, TEXT("\""), originalSize); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3620:35: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *reqBufferLen += (1 + _tcslen(wrapperData->configFile) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3640:17: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(buffer, TEXT(" "), originalSize); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3647:21: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(buffer, wrapperData->argValues[i], originalSize); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3649:34: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *reqBufferLen += _tcslen(wrapperData->argValues[i]); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3652:21: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(buffer, TEXT("\""), originalSize); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3653:21: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(buffer, wrapperData->argValues[i], originalSize); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3654:21: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(buffer, TEXT("\""), originalSize); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3656:38: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *reqBufferLen += 1 + _tcslen(wrapperData->argValues[i]) + 1; data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3664:13: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(buffer, TEXT(" --"), originalSize); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3670:17: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(buffer, TEXT(" "), originalSize); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3677:21: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(buffer, wrapperData->javaArgValues[i], originalSize); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3679:34: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *reqBufferLen += _tcslen(wrapperData->javaArgValues[i]); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3682:21: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(buffer, TEXT("\""), originalSize); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3683:21: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(buffer, wrapperData->javaArgValues[i], originalSize); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3684:21: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(buffer, TEXT("\""), originalSize); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3686:39: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *reqBufferLen += (1 + _tcslen(wrapperData->javaArgValues[i]) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3707:20: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). StringLength = wcslen(String); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3761:110: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ppdiDomainInfo->Name.MaximumLength,ppdiDomainInfo->Name.Length ,ppdiDomainInfo->Name.Buffer, wcslen(ppdiDomainInfo->Name.Buffer)); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3763:35: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ResName = malloc((wcslen(ppdiDomainInfo->Name.Buffer) + 1 ) * sizeof(wchar_t)); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3765:21: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(ResName, ppdiDomainInfo->Name.Buffer, wcslen(ppdiDomainInfo->Name.Buffer) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3765:68: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tcsncpy(ResName, ppdiDomainInfo->Name.Buffer, wcslen(ppdiDomainInfo->Name.Buffer) + 1); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3775:38: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wcslen(pwkiWorkstationInfo->wki100_computername))) { data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4068:27: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (domain[_tcslen(domain) - 1] == TEXT('\n')) { data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4069:20: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). domain[_tcslen(domain) - 1] = TEXT('\0'); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4080:28: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (account[_tcslen(account) - 1] == TEXT('\n')) { data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4081:21: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). account[_tcslen(account) - 1] = TEXT('\0'); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4083:31: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tempAccount = malloc((_tcslen(domain) + _tcslen(account) + 2) * sizeof(TCHAR)); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4083:49: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tempAccount = malloc((_tcslen(domain) + _tcslen(account) + 2) * sizeof(TCHAR)); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4090:33: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(tempAccount, _tcslen(domain) + _tcslen(account) + 2, TEXT("%s\\%s"), domain, account); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4090:51: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(tempAccount, _tcslen(domain) + _tcslen(account) + 2, TEXT("%s\\%s"), domain, account); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4137:45: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((ntServicePassword != NULL) && (_tcslen(ntServicePassword) <= 0)) { data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4161:65: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((wrapperData->serviceDescription != NULL && _tcslen(wrapperData->serviceDescription) > 0) data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4167:52: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int)(sizeof(TCHAR) * (_tcslen(wrapperData->serviceDescription) + 1))); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4306:62: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newVal = malloc(sizeof(TCHAR) * (_tcslen(oldVal) + 1 + _tcslen(value) + 1)); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4306:84: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newVal = malloc(sizeof(TCHAR) * (_tcslen(oldVal) + 1 + _tcslen(value) + 1)); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4312:48: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(newVal, _tcslen(oldVal) + 1 + _tcslen(value) + 1, TEXT("%s;%s"), oldVal, value); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4312:70: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(newVal, _tcslen(oldVal) + 1 + _tcslen(value) + 1, TEXT("%s;%s"), oldVal, value); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4533:13: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(subKey, prop + 18, 512); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4536:13: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(subKey, prop + 20, 512); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4539:13: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(subKey, prop + 18, 512); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4542:13: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(subKey, prop + 19, 512); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4545:13: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(subKey, prop + 11, 512); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4614:9: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(javaHome, value, 512); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4622:9: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(subKey, TEXT("SOFTWARE\\JavaSoft\\Java Runtime Environment"), 512); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4647:9: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(subKey, TEXT("\\"), 512); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4648:9: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(subKey, jreversion, 512); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4681:9: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(javaHome, value, 512); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4740:9: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(wrapperFullPath, path, FILEPATHSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4743:9: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(wrapperFullPath, path, FILEPATHSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4751:9: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(logFileFullPath, path, FILEPATHSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4754:9: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(logFileFullPath, path, FILEPATHSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4762:9: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(defaultLogFileFullPath, path, FILEPATHSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4765:9: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(defaultLogFileFullPath, path, FILEPATHSIZE); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:5901:10: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (wcslen(inputString) + 1) * sizeof(WCHAR)); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6181:16: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = _tcslen(TEXT(" Serial Number: ")) + dwData * 3 + 6 + _tcslen(TEXT(" Issuer Name: ")) + _tcslen(TEXT(" Subject Name: ")) + _tcslen(szName1) + _tcslen(szName2) + 5; data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6181:72: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = _tcslen(TEXT(" Serial Number: ")) + dwData * 3 + 6 + _tcslen(TEXT(" Issuer Name: ")) + _tcslen(TEXT(" Subject Name: ")) + _tcslen(szName1) + _tcslen(szName2) + 5; data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6181:109: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = _tcslen(TEXT(" Serial Number: ")) + dwData * 3 + 6 + _tcslen(TEXT(" Issuer Name: ")) + _tcslen(TEXT(" Subject Name: ")) + _tcslen(szName1) + _tcslen(szName2) + 5; data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6181:147: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = _tcslen(TEXT(" Serial Number: ")) + dwData * 3 + 6 + _tcslen(TEXT(" Issuer Name: ")) + _tcslen(TEXT(" Subject Name: ")) + _tcslen(szName1) + _tcslen(szName2) + 5; data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6181:166: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = _tcslen(TEXT(" Serial Number: ")) + dwData * 3 + 6 + _tcslen(TEXT(" Issuer Name: ")) + _tcslen(TEXT(" Subject Name: ")) + _tcslen(szName1) + _tcslen(szName2) + 5; data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6187:29: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Serial Number: ")); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6187:53: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Serial Number: ")); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6188:29: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT("\n %s\n"), serialNr); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6188:53: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT("\n %s\n"), serialNr); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6189:29: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Issuer Name: %s"), szName1); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6189:53: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Issuer Name: %s"), szName1); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6190:9: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(buffer, TEXT("\n"), size - _tcslen(buffer)); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6190:45: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tcsncat(buffer, TEXT("\n"), size - _tcslen(buffer)); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6191:29: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Subject Name: %s"), szName2); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6191:53: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Subject Name: %s"), szName2); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6280:25: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size += _tcslen(TEXT(" Program Name : ")) + _tcslen(ProgPubInfo.lpszProgramName) + 1; data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6280:64: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size += _tcslen(TEXT(" Program Name : ")) + _tcslen(ProgPubInfo.lpszProgramName) + 1; data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6287:25: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size += _tcslen(TEXT(" Publisher Link : ")) + _tcslen(ProgPubInfo.lpszPublisherLink) + 1; data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6287:66: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size += _tcslen(TEXT(" Publisher Link : ")) + _tcslen(ProgPubInfo.lpszPublisherLink) + 1; data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6295:25: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size += _tcslen(TEXT(" MoreInfo Link : ")) + _tcslen(ProgPubInfo.lpszMoreInfoLink) + 1; data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6295:65: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size += _tcslen(TEXT(" MoreInfo Link : ")) + _tcslen(ProgPubInfo.lpszMoreInfoLink) + 1; data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6318:17: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size += _tcslen(TEXT(" Signer Certificate:")) + _tcslen(string1) + 2; data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6318:58: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size += _tcslen(TEXT(" Signer Certificate:")) + _tcslen(string1) + 2; data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6345:21: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size += _tcslen(TEXT(" TimeStamp Certificate:")) + _tcslen(string2) + 2; data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6345:65: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size += _tcslen(TEXT(" TimeStamp Certificate:")) + _tcslen(string2) + 2; data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6349:25: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size += _tcslen( TEXT(" Date of TimeStamp : %04d/%02d/%02d %02d:%02d")) - 8 + 1; data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6367:37: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Program Name : %s"), data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6367:61: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Program Name : %s"), data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6369:17: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(buffer, TEXT("\n"), size - _tcslen(buffer)); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6369:53: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tcsncat(buffer, TEXT("\n"), size - _tcslen(buffer)); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6372:37: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Publisher Link : %s"), data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6372:61: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Publisher Link : %s"), data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6374:17: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(buffer, TEXT("\n"), size - _tcslen(buffer)); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6374:53: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tcsncat(buffer, TEXT("\n"), size - _tcslen(buffer)); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6378:37: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" MoreInfo Link : %s"), data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6378:61: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" MoreInfo Link : %s"), data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6380:17: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(buffer, TEXT("\n"), size - _tcslen(buffer)); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6380:53: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tcsncat(buffer, TEXT("\n"), size - _tcslen(buffer)); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6383:29: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Signer Certificate:")); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6383:53: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Signer Certificate:")); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6384:29: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT("\n%s\n"), string1); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6384:53: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT("\n%s\n"), string1); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6386:33: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" TimeStamp Certificate:")); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6386:57: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" TimeStamp Certificate:")); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6387:33: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT("\n%s\n"), string2); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6387:57: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT("\n%s\n"), string2); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6390:33: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Date of TimeStamp : %04d/%02d/%02d %02d:%02d"), data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6390:57: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Date of TimeStamp : %04d/%02d/%02d %02d:%02d"), data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6734:29: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). _umask(wrapperData->umask); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7145:32: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (outbuf[_tcslen(outbuf) - 1] != TEXT('\n')) { data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7152:40: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (outbuf[_tcslen(outbuf) - 1] == TEXT('n')) { data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7154:40: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). outbuf[_tcslen(outbuf) - 1] = TEXT('\0'); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7159:66: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (WriteFile(in, inbuf, (DWORD)(_tcslen(inbuf)) * sizeof(TCHAR), &inWritten, NULL) == FALSE) { data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7164:47: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (outbuf[_tcslen(outbuf) - 1] == TEXT('p')) { data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7167:40: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). outbuf[_tcslen(outbuf) - 1] = TEXT('\0'); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7172:33: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(inbuf, secret, 1024); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7187:66: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (WriteFile(in, inbuf, (DWORD)(_tcslen(inbuf)) * sizeof(TCHAR), &inWritten, NULL) == FALSE) { data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7251:11: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = _tcslen(pipeBaseName) + 13; data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7344:11: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = _tcslen(namedPipeName) + 4 + 9; data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7510:24: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += _tcslen(argv[i]) + 3; data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7514:16: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += _tcslen(strNamedPipeName) + 28 + 27; data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7523:17: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(parameter, TEXT(" "), len); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7527:17: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(parameter, TEXT("wrapper.console.flush=true wrapper.internal.namedpipe="), len); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7528:17: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(parameter, strNamedPipeName, len); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7530:17: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(parameter, TEXT(" --"), len); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7532:17: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(parameter, TEXT("\""), len); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7533:17: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(parameter, argv[i], len); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7534:17: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(parameter, TEXT("\""), len); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7538:13: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(parameter, TEXT(" wrapper.console.flush=true wrapper.internal.namedpipe="), len); data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7539:13: [1] (buffer) _tcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. _tcsncat(parameter, strNamedPipeName, len); data/service-wrapper-java-3.5.30/src/c/wrappereventloop.c:176:21: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). old_umask = umask(newUmask); data/service-wrapper-java-3.5.30/src/c/wrappereventloop.c:178:9: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(old_umask); data/service-wrapper-java-3.5.30/src/c/wrappereventloop.c:180:21: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). old_umask = umask(newUmask); data/service-wrapper-java-3.5.30/src/c/wrappereventloop.c:182:9: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(old_umask); data/service-wrapper-java-3.5.30/src/c/wrapperjni.c:120:5: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(ms * 1000); /* microseconds */ data/service-wrapper-java-3.5.30/src/c/wrapperjni.c:164:11: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = _tcslen(strW); data/service-wrapper-java-3.5.30/src/c/wrapperjni.c:218:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(msgMB); data/service-wrapper-java-3.5.30/src/c/wrapperjni.c:355:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/service-wrapper-java-3.5.30/src/c/wrapperjni.c:459:70: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *propertyValue = malloc(sizeof(TCHAR) * (_tcslen(keyChars) + 1)); data/service-wrapper-java-3.5.30/src/c/wrapperjni.c:464:33: [1] (buffer) _tcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). _tcsncpy(*propertyValue, keyChars, _tcslen(keyChars) + 1); data/service-wrapper-java-3.5.30/src/c/wrapperjni.c:464:68: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tcsncpy(*propertyValue, keyChars, _tcslen(keyChars) + 1); data/service-wrapper-java-3.5.30/src/c/wrapperjni.c:475:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *propertyValue = malloc(strlen((char*)keyChars) + 1); data/service-wrapper-java-3.5.30/src/c/wrapperjni.c:480:33: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((char*)*propertyValue, (char*)keyChars, strlen((char*)keyChars) + 1); data/service-wrapper-java-3.5.30/src/c/wrapperjni.c:480:81: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy((char*)*propertyValue, (char*)keyChars, strlen((char*)keyChars) + 1); data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:184:57: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). jMessage = (*env)->NewByteArray(env, (jsize)_tcslen(message) * sizeof(TCHAR)); data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:187:62: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). JNU_SetByteArrayRegion(env, &jMessage, 0, (jsize)_tcslen(message) * sizeof(TCHAR), message); data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:1249:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(localAddr, inet_ntoa(addr), sizeof(localAddr)); data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:1254:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(remoteAddr, inet_ntoa(addr), sizeof(remoteAddr)); ANALYSIS SUMMARY: Hits = 1260 Lines analyzed = 38028 in approximately 1.16 seconds (32695 lines/second) Physical Source Lines of Code (SLOC) = 26242 Hits@level = [0] 25 [1] 635 [2] 150 [3] 20 [4] 380 [5] 75 Hits@level+ = [0+] 1285 [1+] 1260 [2+] 625 [3+] 475 [4+] 455 [5+] 75 Hits/KSLOC@level+ = [0+] 48.9673 [1+] 48.0146 [2+] 23.8168 [3+] 18.1008 [4+] 17.3386 [5+] 2.85801 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.