Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/service-wrapper-java-3.5.30/src/c/Makefile-irix-mips-32.cc
Examining data/service-wrapper-java-3.5.30/src/c/logger.h
Examining data/service-wrapper-java-3.5.30/src/c/logger_base.h
Examining data/service-wrapper-java-3.5.30/src/c/logger_file.c
Examining data/service-wrapper-java-3.5.30/src/c/logger_file.h
Examining data/service-wrapper-java-3.5.30/src/c/loggerjni.c
Examining data/service-wrapper-java-3.5.30/src/c/loggerjni.h
Examining data/service-wrapper-java-3.5.30/src/c/messages.h
Examining data/service-wrapper-java-3.5.30/src/c/org_tanukisoftware_wrapper_WrapperManager.h
Examining data/service-wrapper-java-3.5.30/src/c/org_tanukisoftware_wrapper_WrapperProcessConfig.h
Examining data/service-wrapper-java-3.5.30/src/c/org_tanukisoftware_wrapper_WrapperProcessInputStream.h
Examining data/service-wrapper-java-3.5.30/src/c/org_tanukisoftware_wrapper_WrapperProcessOutputStream.h
Examining data/service-wrapper-java-3.5.30/src/c/org_tanukisoftware_wrapper_WrapperResources.h
Examining data/service-wrapper-java-3.5.30/src/c/property.c
Examining data/service-wrapper-java-3.5.30/src/c/property.h
Examining data/service-wrapper-java-3.5.30/src/c/psapi.h
Examining data/service-wrapper-java-3.5.30/src/c/resource.h
Examining data/service-wrapper-java-3.5.30/src/c/test_example.c
Examining data/service-wrapper-java-3.5.30/src/c/test_filter.c
Examining data/service-wrapper-java-3.5.30/src/c/test_hashmap.c
Examining data/service-wrapper-java-3.5.30/src/c/test_javaadditionalparam.c
Examining data/service-wrapper-java-3.5.30/src/c/testsuite.c
Examining data/service-wrapper-java-3.5.30/src/c/testsuite.h
Examining data/service-wrapper-java-3.5.30/src/c/wrapper.h
Examining data/service-wrapper-java-3.5.30/src/c/wrapper_file.c
Examining data/service-wrapper-java-3.5.30/src/c/wrapper_file.h
Examining data/service-wrapper-java-3.5.30/src/c/wrapper_hashmap.c
Examining data/service-wrapper-java-3.5.30/src/c/wrapper_hashmap.h
Examining data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c
Examining data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h
Examining data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c
Examining data/service-wrapper-java-3.5.30/src/c/wrapper_win.c
Examining data/service-wrapper-java-3.5.30/src/c/wrappereventloop.c
Examining data/service-wrapper-java-3.5.30/src/c/wrapperinfo.h
Examining data/service-wrapper-java-3.5.30/src/c/wrapperjni.c
Examining data/service-wrapper-java-3.5.30/src/c/wrapperjni.h
Examining data/service-wrapper-java-3.5.30/src/c/wrapperjni_unix.c
Examining data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c
Examining data/service-wrapper-java-3.5.30/src/c/logger.c
Examining data/service-wrapper-java-3.5.30/src/c/wrapper.c
FINAL RESULTS:
data/service-wrapper-java-3.5.30/src/c/logger.c:3749:9: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(buffer, TEXT("..."), QUEUED_BUFFER_SIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4533:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Windows 10 "), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4535:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Windows Server 2016 "), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4541:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Windows Vista "), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4543:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Windows Server 2008 "), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4547:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Windows 7 "), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4549:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Windows Server 2008 R2 "), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4553:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Windows 8 "), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4555:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Windows Server 2012 "), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4559:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Windows 8.1 "), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4561:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Windows Server 2012 R2 "), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4566:17: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Windows Server 2003 R2, "), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4568:17: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Windows Storage Server 2003"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4570:17: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Windows Home Server"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4572:17: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Windows XP Professional x64 Edition"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4574:17: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Windows Server 2003, "), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4581:25: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Datacenter Edition for Itanium-based Systems"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4583:25: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Enterprise Edition for Itanium-based Systems"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4587:25: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Datacenter x64 Edition"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4589:25: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Enterprise x64 Edition"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4591:25: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Standard x64 Edition"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4595:25: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Compute Cluster Edition"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4597:25: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Datacenter Edition"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4599:25: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Enterprise Edition"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4601:25: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Web Edition" ), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4603:25: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Standard Edition"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4608:13: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Windows XP "), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4610:17: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Home Edition"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4612:17: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Professional"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4615:13: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Windows 2000 "), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4617:17: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Professional"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4620:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Datacenter Server"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4622:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Advanced Server"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4624:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Server"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4636:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Ultimate Edition" ), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4639:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Professional"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4642:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Home Premium Edition"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4645:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Home Basic Edition"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4648:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Enterprise Edition"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4651:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Business Edition"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4654:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Starter Edition"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4657:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Cluster Server Edition"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4660:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Datacenter Edition"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4663:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Datacenter Edition (core installation)"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4666:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Enterprise Edition"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4669:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Enterprise Edition (core installation)"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4672:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Enterprise Edition for Itanium-based Systems"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4675:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Small Business Server"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4678:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Small Business Server Premium Edition"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4681:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Standard Edition"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4684:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Standard Edition (core installation)"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4687:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Web Server Edition"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4690:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Home"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4693:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Home N"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4696:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Home China"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4699:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Home Single Language"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4702:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Mobile"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4705:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Mobile Enterprise"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4708:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Education"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4711:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Education N"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4714:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Enterprise E"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4717:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Enterprise N (evaluation installation)"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4720:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Enterprise N"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4723:21: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT("Enterprise (evaluation installation)"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4730:13: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT(" "), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4731:13: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, osvi.szCSDVersion, OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4734:9: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, buf, OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4738:17: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT(", 64-bit"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4740:17: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
_tcsncat(*pszOS, TEXT(", 32-bit"), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:354:19: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
req = readlink(cExe, cFullPath, size);
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:195:9: [5] (buffer) _getts:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
#define _getts getws
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:269:23: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
#define _treadlink readlink
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:274:23: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
#define _tchmod chmod
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:387:9: [5] (buffer) _getts:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
#define _getts gets
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:387:23: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
#define _getts gets
data/service-wrapper-java-3.5.30/src/c/logger.c:311:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(pos, 4, TEXT("%02x "), c);
data/service-wrapper-java-3.5.30/src/c/logger.c:320:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(pos, 4, TEXT("\\0 "));
data/service-wrapper-java-3.5.30/src/c/logger.c:322:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(pos, 4, TEXT("\\%c "), TEXT('a') + c - 1);
data/service-wrapper-java-3.5.30/src/c/logger.c:324:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(pos, 4, TEXT("%c "), c);
data/service-wrapper-java-3.5.30/src/c/logger.c:326:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(pos, 4, TEXT(". "));
data/service-wrapper-java-3.5.30/src/c/logger.c:814:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(testfile, len, TEXT("%s%c.wrapper_test-%.4d%.4d"),
data/service-wrapper-java-3.5.30/src/c/logger.c:1467:28: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
temp = _sntprintf( pos, reqSize - len, TEXT("wrapperm") );
data/service-wrapper-java-3.5.30/src/c/logger.c:1469:28: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
temp = _sntprintf( pos, reqSize - len, TEXT("wrapper ") );
data/service-wrapper-java-3.5.30/src/c/logger.c:1472:24: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
temp = _sntprintf( pos, reqSize - len, TEXT("wrapper ") );
data/service-wrapper-java-3.5.30/src/c/logger.c:1477:24: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
temp = _sntprintf( pos, reqSize - len, TEXT("wrapperp") );
data/service-wrapper-java-3.5.30/src/c/logger.c:1481:24: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
temp = _sntprintf( pos, reqSize - len, TEXT("jvm %-4d"), source_id );
data/service-wrapper-java-3.5.30/src/c/logger.c:1489:20: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
temp = _sntprintf( pos, reqSize - len, TEXT("%s"), logLevelNames[ level ] );
data/service-wrapper-java-3.5.30/src/c/logger.c:1498:24: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
temp = _sntprintf( pos, reqSize - len, TEXT("signal ") );
data/service-wrapper-java-3.5.30/src/c/logger.c:1502:24: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
temp = _sntprintf( pos, reqSize - len, TEXT("main ") );
data/service-wrapper-java-3.5.30/src/c/logger.c:1506:24: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
temp = _sntprintf( pos, reqSize - len, TEXT("srvmain") );
data/service-wrapper-java-3.5.30/src/c/logger.c:1510:24: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
temp = _sntprintf( pos, reqSize - len, TEXT("timer ") );
data/service-wrapper-java-3.5.30/src/c/logger.c:1514:24: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
temp = _sntprintf( pos, reqSize - len, TEXT("javaio ") );
data/service-wrapper-java-3.5.30/src/c/logger.c:1518:24: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
temp = _sntprintf( pos, reqSize - len, TEXT("startup") );
data/service-wrapper-java-3.5.30/src/c/logger.c:1522:24: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
temp = _sntprintf( pos, reqSize - len, TEXT("unknown") );
data/service-wrapper-java-3.5.30/src/c/logger.c:1530:20: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
temp = _sntprintf( pos, reqSize - len, TEXT("%c"), ( queued ? TEXT('Q') : TEXT(' ')));
data/service-wrapper-java-3.5.30/src/c/logger.c:1536:20: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
temp = _sntprintf( pos, reqSize - len, TEXT("%04d/%02d/%02d %02d:%02d:%02d"),
data/service-wrapper-java-3.5.30/src/c/logger.c:1544:20: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
temp = _sntprintf( pos, reqSize - len, TEXT("%04d/%02d/%02d %02d:%02d:%02d.%03d"),
data/service-wrapper-java-3.5.30/src/c/logger.c:1553:24: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
temp = _sntprintf( pos, reqSize - len, TEXT("--------") );
data/service-wrapper-java-3.5.30/src/c/logger.c:1555:24: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
temp = _sntprintf( pos, reqSize - len, TEXT("%8d"), uptimeSeconds);
data/service-wrapper-java-3.5.30/src/c/logger.c:1563:24: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
temp = _sntprintf( pos, reqSize - len, TEXT(" ") );
data/service-wrapper-java-3.5.30/src/c/logger.c:1565:24: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
temp = _sntprintf( pos, reqSize - len, TEXT("99999999") );
data/service-wrapper-java-3.5.30/src/c/logger.c:1567:24: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
temp = _sntprintf( pos, reqSize - len, TEXT("%8d"), durationMillis);
data/service-wrapper-java-3.5.30/src/c/logger.c:1574:20: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
temp = _sntprintf( pos, reqSize - len, TEXT("%8d"), __min(previousLogLag, 99999999));
data/service-wrapper-java-3.5.30/src/c/logger.c:1580:20: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
temp = _sntprintf( pos, reqSize - len, TEXT("%s"), message );
data/service-wrapper-java-3.5.30/src/c/logger.c:1598:24: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
temp = _sntprintf(pos, reqSize - len, TEXT(" | "));
data/service-wrapper-java-3.5.30/src/c/logger.c:1655:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer + bufferLen, bufferSize - bufferLen, TEXT(".%s"), rollNum);
data/service-wrapper-java-3.5.30/src/c/logger.c:1729:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(nowDate, 9, TEXT("%04d%02d%02d"), nowTM->tm_year + 1900, nowTM->tm_mon + 1, nowTM->tm_mday );
data/service-wrapper-java-3.5.30/src/c/logger.c:1778:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(tempConfLogFileResumeDateStr, 20, TEXT("%04d/%02d/%02d %02d:%02d:%02d"),
data/service-wrapper-java-3.5.30/src/c/logger.c:1787:21: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(tempBuffer, tempBufferLen, tempBufferFormat, confLogFileName, confLogFileStopDateStr, tempConfLogFileResumeDateStr, defaultLogFile, syslogName);
data/service-wrapper-java-3.5.30/src/c/logger.c:1801:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(currentLogFileName, currentLogFileNameSize, confLogFileName);
data/service-wrapper-java-3.5.30/src/c/logger.c:1849:25: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(confLogFileStopDateStr, 20, TEXT("%04d/%02d/%02d %02d:%02d:%02d"),
data/service-wrapper-java-3.5.30/src/c/logger.c:1864:25: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(tempBuffer, tempBufferLen, tempBufferFormat, currentLogFileName, getLastErrorText(), defaultLogFile);
data/service-wrapper-java-3.5.30/src/c/logger.c:1878:21: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(currentLogFileName, currentLogFileNameSize, defaultLogFile);
data/service-wrapper-java-3.5.30/src/c/logger.c:1895:25: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(tempBuffer, tempBufferLen, tempBufferFormat, currentLogFileName, getLastErrorText());
data/service-wrapper-java-3.5.30/src/c/logger.c:1945:13: [4] (format) _ftprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
_ftprintf(logfileFP, TEXT("%s\n"), printBuffer);
data/service-wrapper-java-3.5.30/src/c/logger.c:2056:13: [4] (format) _ftprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
_ftprintf(target, TEXT("%s\n"), printBuffer);
data/service-wrapper-java-3.5.30/src/c/logger.c:2217:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(printBuffer, reqSize, TEXT("%s|%02d|%02d|%02d|%s"), LOG_SPECIAL_MARKER, source_id, level, threadId, message + _tcslen(LOG_FORK_MARKER));
data/service-wrapper-java-3.5.30/src/c/logger.c:2250:9: [4] (format) _ftprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
_ftprintf(target, TEXT("%s\n"), printBuffer);
data/service-wrapper-java-3.5.30/src/c/logger.c:2408:21: [4] (format) _vsntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
count = _vsntprintf( threadMessageBuffer, threadMessageBufferSize, msg, vargs );
data/service-wrapper-java-3.5.30/src/c/logger.c:2410:21: [4] (format) _vsntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
count = _vsntprintf( threadMessageBuffer, threadMessageBufferSize, lpszFmt, vargs );
data/service-wrapper-java-3.5.30/src/c/logger.c:2563:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(lastErrorTextBufferW, LAST_ERROR_TEXT_BUFFER_SIZE, TEXT("Failed to format system error message (Error: %d) (Original Error: 0x%x)"), GetLastError(), errorNum);
data/service-wrapper-java-3.5.30/src/c/logger.c:2566:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(lastErrorTextBufferW, LAST_ERROR_TEXT_BUFFER_SIZE, TEXT("System error message is too large to convert (Required size: %d) (Original Error: 0x%x)"), dwRet, errorNum);
data/service-wrapper-java-3.5.30/src/c/logger.c:2569:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(lastErrorTextBufferW, LAST_ERROR_TEXT_BUFFER_SIZE, TEXT("%s (0x%x)"), lpszTemp, errorNum);
data/service-wrapper-java-3.5.30/src/c/logger.c:2582:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(lastErrorTextBufferW, LAST_ERROR_TEXT_BUFFER_SIZE, TEXT("System error message could not be decoded (Error 0x%x)"), errorNum);
data/service-wrapper-java-3.5.30/src/c/logger.c:2584:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(lastErrorTextBufferW, LAST_ERROR_TEXT_BUFFER_SIZE, TEXT("System error message too large to convert (Require size: %d) (Original Error: 0x%x)"), req, errorNum);
data/service-wrapper-java-3.5.30/src/c/logger.c:2663:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf( regPath, 1024, TEXT("SYSTEM\\CurrentControlSet\\Services\\Eventlog\\Application\\%s"), loginfoSourceName );
data/service-wrapper-java-3.5.30/src/c/logger.c:2716:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf( regPath, 1024, TEXT("SYSTEM\\CurrentControlSet\\Services\\Eventlog\\Application\\%s"), loginfoSourceName );
data/service-wrapper-java-3.5.30/src/c/logger.c:2772:5: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf( regPath, 1024, TEXT("SYSTEM\\CurrentControlSet\\Services\\Eventlog\\Application\\%s"), loginfoSourceName );
data/service-wrapper-java-3.5.30/src/c/logger.c:2817:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf( header, 16, TEXT("wrapperm") );
data/service-wrapper-java-3.5.30/src/c/logger.c:2819:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf( header, 16, TEXT("wrapper") );
data/service-wrapper-java-3.5.30/src/c/logger.c:2822:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf( header, 16, TEXT("wrapper") );
data/service-wrapper-java-3.5.30/src/c/logger.c:2827:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf( header, 16, TEXT("wrapperp") );
data/service-wrapper-java-3.5.30/src/c/logger.c:2831:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf( header, 16, TEXT("jvm %d"), source_id );
data/service-wrapper-java-3.5.30/src/c/logger.c:3042:19: [4] (format) _vsntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
while ((cnt = _vsntprintf(vWriteToConsoleBuffer, vWriteToConsoleBufferSize - 1, lpszFmt, vargs)) < 0) {
data/service-wrapper-java-3.5.30/src/c/logger.c:3275:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(rollNum, 11, TEXT("%d"), i);
data/service-wrapper-java-3.5.30/src/c/logger.c:3288:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(rollNum, 11, TEXT("%d"), i - 1);
data/service-wrapper-java-3.5.30/src/c/logger.c:3737:13: [4] (format) _vsntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
count = _vsntprintf(buffer, QUEUED_BUFFER_SIZE_USABLE, lpszFmt, vargs);
data/service-wrapper-java-3.5.30/src/c/logger.c:3752:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer, QUEUED_BUFFER_SIZE, TEXT("(Message too long to be logged as a queued message. Please report this.)"));
data/service-wrapper-java-3.5.30/src/c/logger_file.c:330:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(files[cnt], _tcslen(dirPart) + _tcslen(fblock.name) + 1, TEXT("%s%s"), dirPart, fblock.name);
data/service-wrapper-java-3.5.30/src/c/logger_file.c:387:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(files[cnt], _tcslen(dirPart) + _tcslen(fblock.name) + 1, TEXT("%s%s"), dirPart, fblock.name);
data/service-wrapper-java-3.5.30/src/c/loggerjni.c:64:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(lastErrorTextBufferW, LAST_ERROR_TEXT_BUFFER_SIZE, TEXT("Failed to format system error message (Error: %d) (Original Error: 0x%x)"), GetLastError(), errorNum);
data/service-wrapper-java-3.5.30/src/c/loggerjni.c:66:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(lastErrorTextBufferW, LAST_ERROR_TEXT_BUFFER_SIZE, TEXT("System error message is too large to convert (Required size: %d) (Original Error: 0x%x)"), dwRet, errorNum);
data/service-wrapper-java-3.5.30/src/c/loggerjni.c:69:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(lastErrorTextBufferW, LAST_ERROR_TEXT_BUFFER_SIZE, TEXT("%s (0x%x)"), lpszTemp, errorNum);
data/service-wrapper-java-3.5.30/src/c/loggerjni.c:82:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(lastErrorTextBufferW, LAST_ERROR_TEXT_BUFFER_SIZE, TEXT("System error message could not be decoded (Error 0x%x)"), errorNum);
data/service-wrapper-java-3.5.30/src/c/loggerjni.c:84:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(lastErrorTextBufferW, LAST_ERROR_TEXT_BUFFER_SIZE, TEXT("System error message too large to convert (Require size: %d) (Original Error: 0x%x)"), req, errorNum);
data/service-wrapper-java-3.5.30/src/c/property.c:209:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(generateValueBuffer, 256, TEXT("%04d%02d%02d%02d%02d%02d"),
data/service-wrapper-java-3.5.30/src/c/property.c:213:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(generateValueBuffer, 256, TEXT("%04d%02d%02d_%02d%02d%02d"),
data/service-wrapper-java-3.5.30/src/c/property.c:217:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(generateValueBuffer, 256, TEXT("%04d%02d%02d%02d%02d"),
data/service-wrapper-java-3.5.30/src/c/property.c:221:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(generateValueBuffer, 256, TEXT("%04d%02d%02d%02d"),
data/service-wrapper-java-3.5.30/src/c/property.c:225:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(generateValueBuffer, 256, TEXT("%04d%02d%02d"),
data/service-wrapper-java-3.5.30/src/c/property.c:228:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(generateValueBuffer, 256, TEXT("{INVALID}"));
data/service-wrapper-java-3.5.30/src/c/property.c:241:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(generateValueBuffer, 256, TEXT("%01d"), rand() % 10);
data/service-wrapper-java-3.5.30/src/c/property.c:243:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(generateValueBuffer, 256, TEXT("%02d"), rand() % 100);
data/service-wrapper-java-3.5.30/src/c/property.c:245:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(generateValueBuffer, 256, TEXT("%03d"), rand() % 1000);
data/service-wrapper-java-3.5.30/src/c/property.c:247:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(generateValueBuffer, 256, TEXT("%04d"), rand() % 10000);
data/service-wrapper-java-3.5.30/src/c/property.c:249:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(generateValueBuffer, 256, TEXT("%04d%01d"), rand() % 10000, rand() % 10);
data/service-wrapper-java-3.5.30/src/c/property.c:251:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(generateValueBuffer, 256, TEXT("%04d%02d"), rand() % 10000, rand() % 100);
data/service-wrapper-java-3.5.30/src/c/property.c:253:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(generateValueBuffer, 256, TEXT("{INVALID}"));
data/service-wrapper-java-3.5.30/src/c/property.c:727:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(envBuf, len, TEXT("%s="), name);
data/service-wrapper-java-3.5.30/src/c/property.c:743:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(envBuf, len, TEXT("%s="), name);
data/service-wrapper-java-3.5.30/src/c/property.c:778:21: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(envBuf, len, TEXT("%s=%s"), name, value);
data/service-wrapper-java-3.5.30/src/c/property.c:795:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(envBuf, len, TEXT("%s=%s"), name, value);
data/service-wrapper-java-3.5.30/src/c/property.c:861:5: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(nameCopy, len, TEXT("%s"), name);
data/service-wrapper-java-3.5.30/src/c/property.c:1655:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer, 16, TEXT("%d"), defaultValue);
data/service-wrapper-java-3.5.30/src/c/test_filter.c:51:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(tsFLTR_workBuffer, TSFLTR_WORK_BUFFER_LEN, TEXT("wrapperGetMinimumTextLengthForPattern(\"%s\") returned %d rather than expected %d."), pattern, minLen, expectedMinLen);
data/service-wrapper-java-3.5.30/src/c/test_filter.c:55:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(tsFLTR_workBuffer, TSFLTR_WORK_BUFFER_LEN, TEXT("wrapperGetMinimumTextLengthForPattern(\"%s\") returned %d."), pattern, minLen);
data/service-wrapper-java-3.5.30/src/c/test_filter.c:61:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(tsFLTR_workBuffer, TSFLTR_WORK_BUFFER_LEN, TEXT("wrapperWildcardMatch(\"%s\", \"%s\", %d) returned %s rather than expected %s."),
data/service-wrapper-java-3.5.30/src/c/test_filter.c:66:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(tsFLTR_workBuffer, TSFLTR_WORK_BUFFER_LEN, TEXT("wrapperWildcardMatch(\"%s\", \"%s\", %d) returned %s."),
data/service-wrapper-java-3.5.30/src/c/test_hashmap.c:95:5: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(tailStr, 32, TEXT("-%d"), tail);
data/service-wrapper-java-3.5.30/src/c/test_hashmap.c:194:21: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(tsHASH_workBuffer, TSHASH_WORK_BUFFER_LEN, TEXT("hashMapGetKWVW(map, \"%s\") returned \"%s\" rather than expected \"%s\"."), keys[i], value, values[i]);
data/service-wrapper-java-3.5.30/src/c/test_hashmap.c:198:21: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(tsHASH_workBuffer, TSHASH_WORK_BUFFER_LEN, TEXT("hashMapGetKWVW(map, \"%s\") returned \"%s\" as expected."), keys[i], value);
data/service-wrapper-java-3.5.30/src/c/test_hashmap.c:202:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(tsHASH_workBuffer, TSHASH_WORK_BUFFER_LEN, TEXT("hashMapGetKWVW(map, \"%s\") returned NULL rather than expected \"%s\"."), keys[i], values[i]);
data/service-wrapper-java-3.5.30/src/c/test_hashmap.c:211:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(tsHASH_workBuffer, TSHASH_WORK_BUFFER_LEN, TEXT("hashMapGetKWVW(map, \"$\") returned \"%s\" rather than expected NULL."), value);
data/service-wrapper-java-3.5.30/src/c/test_hashmap.c:215:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(tsHASH_workBuffer, TSHASH_WORK_BUFFER_LEN, TEXT("hashMapGetKWVW(map, \"$\") returned NULL as expected."));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:277:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(confDirTemp, 2, TEXT("%c"), pathSep);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:336:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer, bufferLen, TEXT("set.WRAPPER_LANG=en"));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:339:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer, bufferLen, TEXT("set.WRAPPER_LANG=%.2s"), langTemp);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:341:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer, bufferLen, TEXT("set.WRAPPER_LANG=%.2S"), langTemp);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:351:5: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer, bufferLen, TEXT("set.WRAPPER_PID=%d"), wrapperData->wrapperPID);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:354:5: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer, bufferLen, TEXT("set.WRAPPER_BITS=%s"), wrapperBits);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:357:5: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer, bufferLen, TEXT("set.WRAPPER_ARCH=%s"), wrapperArch);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:360:5: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer, bufferLen, TEXT("set.WRAPPER_OS=%s"), wrapperOS);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:363:5: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer, bufferLen, TEXT("set.WRAPPER_HOSTNAME=%s"), wrapperData->hostName);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:366:5: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer, bufferLen, TEXT("set.WRAPPER_HOST_NAME=%s"), wrapperData->hostName);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:458:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(pair, len + 1, TEXT("%s"), sourcePair);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:905:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(wrapperData->configFile, PATH_MAX + 1, TEXT("%s"), wrapperData->argConfFile);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:1162:5: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(pipeName, pipeNameLen, TEXT("\\\\.\\pipe\\wrapper-%d-%d-out"), wrapperData->wrapperPID, wrapperData->jvmRestarts + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:1174:5: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(pipeName, pipeNameLen, TEXT("/tmp/wrapper-%d-%d-out"), wrapperData->wrapperPID, wrapperData->jvmRestarts + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:1187:5: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(pipeName, pipeNameLen, TEXT("\\\\.\\pipe\\wrapper-%d-%d-in"), wrapperData->wrapperPID, wrapperData->jvmRestarts + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:1199:5: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(pipeName, pipeNameLen, TEXT("/tmp/wrapper-%d-%d-in"), wrapperData->wrapperPID, wrapperData->jvmRestarts + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:1640:5: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(pipeName, pipeNameLen, TEXT("/tmp/wrapper-%d-%d-out"), wrapperData->wrapperPID, wrapperData->jvmRestarts);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:1648:5: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(pipeName, pipeNameLen, TEXT("/tmp/wrapper-%d-%d-in"), wrapperData->wrapperPID, wrapperData->jvmRestarts);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:1867:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(pipeName, pipeNameLen, TEXT("/tmp/wrapper-%d-%d-in"), wrapperData->wrapperPID, wrapperData->jvmRestarts);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:1869:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(pipeName, pipeNameLen, TEXT("/tmp/wrapper-%d-%d-out"), wrapperData->wrapperPID, wrapperData->jvmRestarts);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:2030:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(unknownBuffer, 14, TEXT("UNKNOWN(%d)"), code);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:2197:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(logMsgW, len, messageTemplate, (messageMB ? strlen(messageMB) : 0));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:2808:20: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
return _sntprintf( *pBuffer, printSize, TEXT("%*d"), jPidSize, wrapperData->javaPID);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:2810:20: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
return _sntprintf( *pBuffer, printSize, TEXT("-----"));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:2815:16: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
return _sntprintf( *pBuffer, printSize, TEXT("%*d"), wPidSize, wrapperData->wrapperPID);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3263:5: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer, len, banner, product, wrapperBits, wrapperVersionRoot, copyright);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3430:21: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(wrapperData->argConfFile, _tcslen(argConfFileBase) + 5 + 1, TEXT("%s.conf"), argConfFileBase);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3466:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(wrapperData->argConfFile, _tcslen(argConfFileBase) + 5 + 1, TEXT("%s.conf"), argConfFileBase);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3509:25: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(propertyName, 32, TEXT("wrapper.filter.action.%d"), actionPropertyIndex);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3512:25: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(propertyName, 32, TEXT("wrapper.ping.timeout.action"));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3515:25: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(propertyName, 32, TEXT(""));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3728:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(&(tempCommand[index]), commandLen2 + 1 - index, TEXT("FILL-%d-"), fillerLen);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4149:17: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(TEXT("Log: [%S]\n"), wrapperChildWorkBuffer + loggedOffset);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4151:17: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(TEXT("Log: [%s]\n"), wrapperChildWorkBuffer + loggedOffset);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4183:21: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(TEXT("Defer Log: [%S]\n"), wrapperChildWorkBuffer + loggedOffset);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4185:21: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(TEXT("Defer Log: [%s]\n"), wrapperChildWorkBuffer + loggedOffset);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4202:21: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(TEXT("Log: [%S]\n"), wrapperChildWorkBuffer + loggedOffset);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4204:21: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(TEXT("Log: [%s]\n"), wrapperChildWorkBuffer + loggedOffset);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4733:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buf, 80, TEXT(" (build %d)"), osvi.dwBuildNumber);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5173:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(msgBuffer, 10, TEXT("%d"), actionSourceCode);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5232:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(msgBuffer, 10, TEXT("%d"), actionSourceCode);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5247:5: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(msgBuffer, 10, TEXT("%d"), actionSourceCode);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5751:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(cpPath, 512, TEXT("%s"), prop);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5759:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(cpPath, 512, TEXT("%s.exe"), prop);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5776:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], _tcslen(cpPath) + 2 + 1, TEXT("\"%s\""), cpPath);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5778:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], _tcslen(cpPath) + 2 + 1, TEXT("%s"), cpPath);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5787:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], _tcslen(prop) + 2 + 1, TEXT("\"%s\""), prop);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5789:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], _tcslen(prop) + 2 + 1, TEXT("%s"), prop);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5805:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], _tcslen(prop) + 2 + 1, TEXT("\"%s\""), prop);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5807:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], _tcslen(prop) + 2 + 1, TEXT("%s"), prop);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5880:25: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(paramBuffer2, 128, TEXT("wrapper.java.additional.%lu.stripquotes"), propertyIndices[i]);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5920:29: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], _tcslen(propStripped) + 1, TEXT("%s"), propStripped);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6123:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(prop, 256, TEXT("%s.stripquotes"), parameterName);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6206:25: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 22 + _tcslen(prop) + 1 + _tcslen(systemPath) + 1 + 1, TEXT("-Djava.library.path=\"%s%c%s\\\""), prop, wrapperClasspathSeparator, systemPath);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6208:25: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 22 + _tcslen(prop) + 1 + _tcslen(systemPath) + 1 + 1, TEXT("-Djava.library.path=\"%s%c%s\""), prop, wrapperClasspathSeparator, systemPath);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6211:21: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 22 + _tcslen(prop) + 1 + _tcslen(systemPath) + 1 + 1, TEXT("-Djava.library.path=%s%c%s"), prop, wrapperClasspathSeparator, systemPath);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6221:25: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 22 + _tcslen(prop) + 1 + 1, TEXT("-Djava.library.path=\"%s\\\""), prop);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6223:25: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 22 + _tcslen(prop) + 1 + 1, TEXT("-Djava.library.path=\"%s\""), prop);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6226:21: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 22 + _tcslen(prop) + 1 + 1, TEXT("-Djava.library.path=%s"), prop);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6249:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(&(strings[index][cpLen]), cpLenAlloc - cpLen, TEXT("-Djava.library.path="));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6254:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(&(strings[index][cpLen]), cpLenAlloc - cpLen, TEXT("\""));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6291:29: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], cpLenAlloc, TEXT("%s"), tmpString);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6299:25: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(&(strings[index][cpLen]), cpLenAlloc - cpLen, TEXT("%s"), prop);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6325:25: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], cpLenAlloc, TEXT("%s"), tmpString);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6333:21: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(&(strings[index][cpLen]), cpLenAlloc - cpLen, TEXT("%s"), systemPath);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6341:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(&(strings[index][cpLen]), cpLenAlloc - cpLen, TEXT("./"));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6350:21: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(&(strings[index][cpLen]), cpLenAlloc - cpLen, TEXT("\\"));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6353:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(&(strings[index][cpLen]), cpLenAlloc - cpLen, TEXT("\""));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6472:29: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(*classpath, cpLenAlloc, TEXT("%s"), tmpString);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6481:21: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(&((*classpath)[cpLen]), cpLenAlloc - cpLen, TEXT("%s"), files[cnt]);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6542:25: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(*classpath, cpLenAlloc, TEXT("%s"), tmpString);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6551:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(&((*classpath)[cpLen]), cpLenAlloc - cpLen, TEXT("%s"), propStripped);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6568:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(&(*classpath[cpLen]), cpLenAlloc - cpLen, TEXT("./"));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6592:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 10 + 1, TEXT("-classpath"));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6607:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(&(strings[index][cpLen]), len + 4 - cpLen, TEXT("\""));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6611:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(&(strings[index][cpLen]), len + 4 - cpLen, TEXT("%s"), classpath);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6620:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(&(strings[index][cpLen]), len + 4 - cpLen, TEXT("\\"));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6623:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(&(strings[index][cpLen]), len + 4 - cpLen, TEXT("\""));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6670:21: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(paramBuffer2, 128, TEXT("wrapper.app.parameter.%lu.stripquotes"), propertyIndices[i]);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6710:25: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], _tcslen(propStripped) + 1, TEXT("%s"), propStripped);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6747:21: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], _tcslen(wrapperData->javaArgValues[i]) + 1, TEXT("%s"), wrapperData->javaArgValues[i]);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6812:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 5, TEXT("-d%s"), wrapperBits);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6838:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 5 + 10 + 1, TEXT("-Xms%dm"), initMemory);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6856:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 5 + 10 + 1, TEXT("-Xmx%dm"), maxMemory);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6881:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 16 + _tcslen(wrapperData->key) + 1, TEXT("-Dwrapper.key=\"%s\""), wrapperData->key);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6883:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 16 + _tcslen(wrapperData->key) + 1, TEXT("-Dwrapper.key=%s"), wrapperData->key);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6896:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 22 + 1, TEXT("-Dwrapper.backend=pipe"));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6909:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 29 + 1, TEXT("-Dwrapper.backend=socket_ipv6"));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6920:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 35 + 1, TEXT("-Djava.net.preferIPv6Addresses=TRUE"));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6932:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 15 + 5 + 1, TEXT("-Dwrapper.port=%d"), (int)wrapperData->actualPort);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6946:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], _tcslen(TEXT("-Dwrapper.port.address=")) + _tcslen(wrapperData->portAddress) + 1, TEXT("-Dwrapper.port.address=%s"), wrapperData->portAddress);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6958:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 19 + 5 + 1, TEXT("-Dwrapper.jvm.port=%d"), wrapperData->jvmPort);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6969:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 23 + 5 + 1, TEXT("-Dwrapper.jvm.port.min=%d"), wrapperData->jvmPortMin);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6979:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 23 + 5 + 1, TEXT("-Dwrapper.jvm.port.max=%d"), wrapperData->jvmPortMax);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6992:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 22 + 1, TEXT("-Dwrapper.debug=\"TRUE\""));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6994:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 22 + 1, TEXT("-Dwrapper.debug=TRUE"));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7015:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 38 + 1, TEXT("-Dwrapper.disable_console_input=\"TRUE\""));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7017:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 38 + 1, TEXT("-Dwrapper.disable_console_input=TRUE"));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7032:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 38 + 1, TEXT("-Dwrapper.listener.force_stop=\"TRUE\""));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7034:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 38 + 1, TEXT("-Dwrapper.listener.force_stop=TRUE"));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7048:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 24 + 1, TEXT("-Dwrapper.pid=%ld"), wrapperData->wrapperPID);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7050:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 24 + 1, TEXT("-Dwrapper.pid=%d"), wrapperData->wrapperPID);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7064:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 32 + 1, TEXT("-Dwrapper.use_system_time=\"TRUE\""));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7066:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 32 + 1, TEXT("-Dwrapper.use_system_time=TRUE"));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7081:21: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 43 + 1, TEXT("-Dwrapper.timer_fast_threshold=\"%d\""), wrapperData->timerFastThreshold * WRAPPER_TICK_MS / 1000);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7083:21: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 43 + 1, TEXT("-Dwrapper.timer_fast_threshold=%d"), wrapperData->timerFastThreshold * WRAPPER_TICK_MS / 1000);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7096:21: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 43 + 1, TEXT("-Dwrapper.timer_slow_threshold=\"%d\""), wrapperData->timerSlowThreshold * WRAPPER_TICK_MS / 1000);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7098:21: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 43 + 1, TEXT("-Dwrapper.timer_slow_threshold=%d"), wrapperData->timerSlowThreshold * WRAPPER_TICK_MS / 1000);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7114:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 20 + _tcslen(wrapperVersion) + 1, TEXT("-Dwrapper.version=\"%s\""), wrapperVersion);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7116:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 20 + _tcslen(wrapperVersion) + 1, TEXT("-Dwrapper.version=%s"), wrapperVersion);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7129:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 27 + _tcslen(wrapperData->nativeLibrary) + 1, TEXT("-Dwrapper.native_library=\"%s\""), wrapperData->nativeLibrary);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7131:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 27 + _tcslen(wrapperData->nativeLibrary) + 1, TEXT("-Dwrapper.native_library=%s"), wrapperData->nativeLibrary);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7144:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 17 + _tcslen(wrapperArch) + 1, TEXT("-Dwrapper.arch=\"%s\""), wrapperArch);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7146:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 17 + _tcslen(wrapperArch) + 1, TEXT("-Dwrapper.arch=%s"), wrapperArch);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7160:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 31 + 1, TEXT("-Dwrapper.ignore_signals=\"TRUE\""));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7162:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 31 + 1, TEXT("-Dwrapper.ignore_signals=TRUE"));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7177:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 24 + 1, TEXT("-Dwrapper.service=\"TRUE\""));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7179:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 24 + 1, TEXT("-Dwrapper.service=TRUE"));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7194:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 30 + 1, TEXT("-Dwrapper.disable_tests=\"TRUE\""));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7196:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 30 + 1, TEXT("-Dwrapper.disable_tests=TRUE"));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7211:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 38 + 1, TEXT("-Dwrapper.disable_shutdown_hook=\"TRUE\""));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7213:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 38 + 1, TEXT("-Dwrapper.disable_shutdown_hook=TRUE"));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7228:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 24 + 20 + 1, TEXT("-Dwrapper.cpu.timeout=\"%d\""), wrapperData->cpuTimeout);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7230:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 24 + 20 + 1, TEXT("-Dwrapper.cpu.timeout=%d"), wrapperData->cpuTimeout);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7243:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 25 + _tcslen(prop) + 1, TEXT("-Dwrapper.java.outfile=\"%s\""), prop);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7245:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 25 + _tcslen(prop) + 1, TEXT("-Dwrapper.java.outfile=%s"), prop);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7259:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 25 + _tcslen(prop) + 1, TEXT("-Dwrapper.java.errfile=\"%s\""), prop);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7261:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 25 + _tcslen(prop) + 1, TEXT("-Dwrapper.java.errfile=%s"), prop);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7274:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 16 + 5 + 1, TEXT("-Dwrapper.jvmid=%d"), (wrapperData->jvmRestarts + 1));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7288:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 30 + 1, TEXT("-Dwrapper.detachStarted=\"TRUE\""));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7290:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], 30 + 1, TEXT("-Dwrapper.detachStarted=TRUE"));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7309:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strings[index], _tcslen(prop) + 1, TEXT("%s"), prop);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:8162:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(propName, 256, TEXT("wrapper.filter.action.%lu"), propertyIndices[i]);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:8167:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(propName, 256, TEXT("wrapper.filter.message.%lu"), propertyIndices[i]);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:8172:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(propName, 256, TEXT("wrapper.filter.allow_wildcards.%lu"), propertyIndices[i]);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:8606:5: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(propName, 256, TEXT("wrapper.console.title.%s"), wrapperOS);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:9034:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer, 11, TEXT("%d"), getLowLogLevel());
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:89:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(*outputBufferW, errorTemplateLen, TEXT("%s"), errorTemplate);
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:99:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(*outputBufferW, errorTemplateLen, errorTemplate, GetLastError());
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:175:21: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(*outputBufferW, errorTemplateLen, errorTemplate, multiByteEncoding, interumEncoding);
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:185:21: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(*outputBufferW, errorTemplateLen, errorTemplate, errno);
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:243:25: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(*outputBufferW, errorTemplateLen, errorTemplate);
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:255:25: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(*outputBufferW, errorTemplateLen, errorTemplate);
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:273:25: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(*outputBufferW, errorTemplateLen, errorTemplate, errno);
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:289:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(*outputBufferW, errorTemplateLen, errorTemplate, errno);
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:316:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(*outputBufferW, errorTemplateLen, errorTemplate, errno);
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:492:13: [4] (format) vwprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
i = vwprintf(msg, args);
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:502:5: [4] (format) _ftprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int _ftprintf(FILE *stream, const wchar_t *fmt, ...) {
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:525:13: [4] (format) vfwprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
i = vfwprintf(stream, msg, args);
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:535:5: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int _sntprintf(TCHAR *str, size_t size, const TCHAR *fmt, ...) {
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:558:13: [4] (format) vswprintf:
Potential format string problem (CWE-134). Make format string constant.
i = vswprintf(str, size, msg, args);
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:820:17: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
i = execvp(cArg, cCmd);
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:856:5: [4] (format) _vsntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int _vsntprintf(wchar_t *ws, size_t n, const wchar_t *format, va_list arg) {
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:861:12: [4] (format) vswprintf:
Potential format string problem (CWE-134). Make format string constant.
return vswprintf(ws, n, format, arg);
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:22:11: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#ifdef _sntprintf
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:23:12: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#undef _sntprintf
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:167:12: [4] (format) _vsntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
extern int _vsntprintf(wchar_t *ws, size_t n, const wchar_t *format, va_list arg);
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:169:9: [4] (format) _vsntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define _vsntprintf vswprintf
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:169:23: [4] (buffer) vswprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define _vsntprintf vswprintf
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:184:9: [4] (buffer) _ftscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define _ftscanf fwscanf
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:184:23: [4] (buffer) fwscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define _ftscanf fwscanf
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:219:9: [4] (buffer) _tscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define _tscanf wscanf
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:219:23: [4] (buffer) wscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define _tscanf wscanf
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:221:12: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
extern int _sntprintf(TCHAR *str, size_t size, const TCHAR *format, ...);
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:222:9: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define _stprintf _sntprintf
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:222:23: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define _stprintf _sntprintf
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:223:12: [4] (format) _ftprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
extern int _ftprintf(FILE *stream, const wchar_t *format, ...);
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:225:9: [4] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
#define _tcscat wcscat
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:225:23: [4] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
#define _tcscat wcscat
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:229:9: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
#define _tcscpy wcscpy
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:229:23: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
#define _tcscpy wcscpy
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:255:9: [4] (format) _vftprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define _vftprintf vfwprintf
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:255:23: [4] (format) vfwprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define _vftprintf vfwprintf
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:256:9: [4] (format) _vtprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define _vtprintf vwprintf
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:256:23: [4] (format) vwprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define _vtprintf vwprintf
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:257:9: [4] (buffer) _vstprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define _vstprintf vswprintf
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:257:23: [4] (buffer) vswprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define _vstprintf vswprintf
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:281:23: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#define _texecl execl
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:282:23: [4] (shell) execle:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#define _texecle execle
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:283:23: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#define _texeclp execlp
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:285:23: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#define _texecv execv
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:287:23: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#define _texecvp execvp
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:315:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define _sntprintf _snprintf
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:315:23: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define _sntprintf _snprintf
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:368:9: [4] (format) _vsntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define _vsntprintf vsnprintf
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:368:23: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define _vsntprintf vsnprintf
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:379:9: [4] (format) _ftprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define _ftprintf fprintf
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:379:23: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define _ftprintf fprintf
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:383:9: [4] (buffer) _ftscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define _ftscanf fscanf
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:383:23: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define _ftscanf fscanf
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:405:23: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define _tprintf printf
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:411:9: [4] (buffer) _tscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define _tscanf scanf
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:411:23: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define _tscanf scanf
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:413:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define _sntprintf snprintf
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:413:23: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define _sntprintf snprintf
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:414:23: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define _stscanf sscanf
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:415:9: [4] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
#define _tcscat strcat
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:415:23: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
#define _tcscat strcat
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:419:9: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
#define _tcscpy strcpy
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:419:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define _tcscpy strcpy
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:440:23: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#define _tsystem system
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:445:9: [4] (format) _vftprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define _vftprintf vfprintf
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:445:23: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define _vftprintf vfprintf
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:446:9: [4] (format) _vtprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define _vtprintf vprintf
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:446:23: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define _vtprintf vprintf
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:447:9: [4] (buffer) _vstprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define _vstprintf vsprintf
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:447:23: [4] (buffer) vsprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define _vstprintf vsprintf
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:449:23: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
#define _tsyslog syslog
data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:192:9: [4] (format) _ftprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
_ftprintf(pid_fp, TEXT("%d\n"), (int)pid);
data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:477:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(uName, MAX_USER_NAME_LENGTH + 1, TEXT("<unknown>"));
data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:480:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(uName, MAX_USER_NAME_LENGTH + 1, TEXT("%s"), pw->pw_name);
data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:770:13: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(TEXT("Waiting for javaIO thread to stop.\n"));
data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:922:13: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(TEXT("Waiting for timer thread to stop.\n"));
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:325:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(mutexName, 30 + _tcslen(wrapperData->serviceName) + 1, TEXT("Global\\Java Service Wrapper - %s"), wrapperData->serviceName);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:445:9: [4] (format) _ftprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
_ftprintf(pid_fp, TEXT("%d\n"), pid);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:640:5: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(wrapperData->jvmVersionCommand, commandLen, TEXT("%s -version"), strings[0]);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:664:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(wrapperData->jvmCommand + commandLen, commandLen2 - commandLen, TEXT("%s"), strings[i]);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:758:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(hexPosi, 9, TEXT("%04x%04x"), workarea.bottom, workarea.right);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:1035:13: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(TEXT("Waiting for %s thread to stop.\n"), TEXT("Startup"));
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:1133:13: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(TEXT("Waiting for %s thread to stop.\n"), TEXT("JavaIO"));
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:1269:13: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(TEXT("Waiting for timer thread to stop.\n"));
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:1481:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(titleBuffer, 80, TEXT("Wrapper Console Id %d-%d (Do not close)"), wrapperData->wrapperPID, rand());
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:1996:5: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(titleBuffer, 80, TEXT("Wrapper Controlled JVM Console Id %d-%d (Do not close)"), wrapperData->wrapperPID, rand());
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:2717:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer, 11, TEXT("%d"), ctrlCodeLast);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4067:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(domain, dsize, TEXT("%s"), wrapperData->domainName);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4079:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(account, dsize, TEXT("%s"), wrapperData->userName);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4090:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(tempAccount, _tcslen(domain) + _tcslen(account) + 2, TEXT("%s\\%s"), domain, account);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4160:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(regPath, 1024, TEXT("SYSTEM\\CurrentControlSet\\Services\\%s"), wrapperData->serviceName);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4312:29: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(newVal, _tcslen(oldVal) + 1 + _tcslen(value) + 1, TEXT("%s;%s"), oldVal, value);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:5820:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(exName, 64, TEXT("Unknown Exception (%ld)"), exCode);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:5856:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(curDir, MAX_PATH, TEXT("."));
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:5861:5: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(dumpFile, MAX_PATH, TEXT("wrapper-%s-%s-%s-%s-%04d%02d%02d%02d%02d%02d-%ld-%ld.dmp"),
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:5904:9: [4] (buffer) lstrcpyW:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
lstrcpyW(outputString, inputString);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6120:21: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(serialNr + (n * 3) , serialNrLength - (n * 3), TEXT("%02x "), pCertContext->pCertInfo->SerialNumber.pbData[dwData - (n + 1)]);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6187:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Serial Number: "));
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6188:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT("\n %s\n"), serialNr);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6189:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Issuer Name: %s"), szName1);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6191:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Subject Name: %s"), szName2);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6367:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Program Name : %s"),
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6372:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Publisher Link : %s"),
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6378:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" MoreInfo Link : %s"),
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6383:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Signer Certificate:"));
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6384:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT("\n%s\n"), string1);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6386:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" TimeStamp Certificate:"));
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6387:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT("\n%s\n"), string2);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6390:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Date of TimeStamp : %04d/%02d/%02d %02d:%02d"),
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7257:5: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strNamedPipeNameIn, len, TEXT("\\\\.\\pipe\\%sINN"), pipeBaseName);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7265:5: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strNamedPipeNameOut, len, TEXT("\\\\.\\pipe\\%sOUT"), pipeBaseName);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7274:5: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strNamedPipeNameErr, len, TEXT("\\\\.\\pipe\\%sERR"), pipeBaseName);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7300:25: [4] (format) _ftprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
_ftprintf(stderr, TEXT("12345\n"));fflush(NULL);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7301:25: [4] (format) _ftprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
_ftprintf(stderr, TEXT("1234567890\n"));fflush(NULL);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7302:25: [4] (format) _ftprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
_ftprintf(stdout, TEXT("12345\n"));fflush(NULL);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7303:25: [4] (format) _ftprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
_ftprintf(stdout, TEXT("1234567890\n"));fflush(NULL);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7350:5: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strNamedPipeNameIn, len, TEXT("\\\\.\\pipe\\%sINN"), namedPipeName);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7358:5: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strNamedPipeNameOut, len, TEXT("\\\\.\\pipe\\%sOUT"), namedPipeName);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7367:5: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strNamedPipeNameErr, len, TEXT("\\\\.\\pipe\\%sERR"), namedPipeName);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7502:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(strNamedPipeName, 11, TEXT("%05d%05d"), rand() % 100000, rand() % 100000);
data/service-wrapper-java-3.5.30/src/c/wrappereventloop.c:186:13: [4] (format) _ftprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
_ftprintf(fp, TEXT("%s\n"), state);
data/service-wrapper-java-3.5.30/src/c/wrappereventloop.c:615:45: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer, MAX_COMMAND_LENGTH, TEXT("%d"), getLowLogLevel());
data/service-wrapper-java-3.5.30/src/c/wrappereventloop.c:1066:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(onExitParamBuffer, 16 + 10 + 1, TEXT("wrapper.on_exit.%d"), wrapperData->exitCode);
data/service-wrapper-java-3.5.30/src/c/wrappereventloop.c:1127:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(onExitParamBuffer, 16 + 10 + 1, TEXT("wrapper.on_exit.%d"), wrapperData->exitCode);
data/service-wrapper-java-3.5.30/src/c/wrappereventloop.c:1556:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(protocolMessage, JSTATESTARTED_MESSAGE_MAXLEN, TEXT("ping %08x"), nowTicks);
data/service-wrapper-java-3.5.30/src/c/wrappereventloop.c:1563:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(protocolMessage, JSTATESTARTED_MESSAGE_MAXLEN, TEXT("silent %08x"), nowTicks);
data/service-wrapper-java-3.5.30/src/c/wrapperjni.c:540:9: [4] (format) _ftprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
_ftprintf(stderr, TEXT("WrapperJNI: Redirecting %s to file %s...\n"), TEXT("StdErr"), errfile); fflush(NULL);
data/service-wrapper-java-3.5.30/src/c/wrapperjni.c:593:17: [4] (format) _vsntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
count = _vsntprintf(messageBuffer, messageBufferSize, lpszFmt, vargs);
data/service-wrapper-java-3.5.30/src/c/wrapperjni_unix.c:186:13: [4] (format) _ftprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
_ftprintf(stderr, TEXT("WrapperJNI: Redirecting %s to /dev/null\n"), TEXT("StdErr")); fflush(NULL);
data/service-wrapper-java-3.5.30/src/c/wrapperjni_unix.c:188:17: [4] (format) _ftprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
_ftprintf(stderr, TEXT("WrapperJNI: Failed to redirect %s to /dev/null (Err: %s)\n"), TEXT("StdErr"), getLastErrorText()); fflush(NULL);
data/service-wrapper-java-3.5.30/src/c/wrapperjni_unix.c:203:9: [4] (format) _ftprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
_ftprintf(stderr, TEXT("WrapperJNI: Failed to open /dev/null (Err: %s)\n"), getLastErrorText()); fflush(NULL);
data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:172:5: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(explorerExe, 1024, TEXT("Explorer.exe"));
data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:938:25: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer, 512, TEXT("Unable to enumerate the system services: %s"),
data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:949:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer, 512, TEXT("Unable to enumerate the system services: %s"),
data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:996:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer, 512, TEXT("Unable to locate class org.tanukisoftware.wrapper.WrapperWin32Service"));
data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:1009:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer, 512, TEXT("Unable to open the Windows service control manager database: %s"),
data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:1066:17: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer, 512, TEXT("Illegal Control code specified: %d"), controlCode);
data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:1080:29: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer, bufferSize, TEXT("Unable to start service \"%s\": %s"), serviceName, getLastErrorText());
data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:1097:37: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer, bufferSize, TEXT("Unable to query status of service \"%s\": %s"), serviceName, getLastErrorText());
data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:1103:33: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer, bufferSize, TEXT("Unable to query status of service \"%s\": %s"), serviceName, getLastErrorText());
data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:1118:41: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer, bufferSize, TEXT("Unable to obtain the display name of service \"%s\": %s"), serviceName, getLastErrorText());
data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:1130:49: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer, bufferSize, TEXT("Unable to obtain the display name of service \"%s\": %s"), serviceName, getLastErrorText());
data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:1169:21: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer, bufferSize, TEXT("Unable to open the service '%s': %s"), serviceName, getLastErrorText());
data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:1179:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_sntprintf(buffer, bufferSize, TEXT("Unable to open the Windows service control manager database: %s"), getLastErrorText());
data/service-wrapper-java-3.5.30/src/c/testsuite.c:82:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned)time(NULL));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:2836:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned)time(NULL));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7425:18: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
handle = LoadLibrary(TEXT("ntdll.dll"));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7568:9: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned)time(NULL));
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:658:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cVal = getenv(cName);
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:1130:21: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
returnVal = realpath(cFile, resolved);
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:339:66: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
#define _trealpathN(fileName, resolvedName, resolvedNameSize) realpath(fileName, resolvedName)
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:386:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
#define _tgetenv getenv
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:441:23: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
#define _ttmpnam tmpnam
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:210:21: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
if ((psapiMod = LoadLibrary(TEXT("PSAPI.DLL"))) == NULL) {
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:221:24: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
if ((advapi32Mod = LoadLibrary(TEXT("ADVAPI32.DLL"))) == NULL) {
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:1413:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(nowMillis);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:1861:9: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
if (CreateProcess(NULL,
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:1861:9: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
if (CreateProcess(NULL,
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:2111:9: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
ret=CreateProcess(NULL,
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:2111:9: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
ret=CreateProcess(NULL,
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:5802:26: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
HMODULE dbgHelpDll = LoadLibrary(TEXT("Dbghelp.dll"));
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7495:9: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned)time(NULL));
data/service-wrapper-java-3.5.30/src/c/wrapperjni_unix.c:404:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("DISPLAY")) {
data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:1367:23: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
if ((scalingAPI = LoadLibrary(TEXT("Shcore.dll"))) == NULL) {
data/service-wrapper-java-3.5.30/src/c/logger.c:149:1: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR confLogFileStopDateStr[20];
data/service-wrapper-java-3.5.30/src/c/logger.c:174:1: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR logFileLastNowDate[9];
data/service-wrapper-java-3.5.30/src/c/logger.c:176:1: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR consoleFormat[32];
data/service-wrapper-java-3.5.30/src/c/logger.c:177:1: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR logfileFormat[32];
data/service-wrapper-java-3.5.30/src/c/logger.c:225:1: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR formatMessages[WRAPPER_THREAD_COUNT][QUEUED_BUFFER_SIZE];
data/service-wrapper-java-3.5.30/src/c/logger.c:230:1: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR queueMessages[WRAPPER_THREAD_COUNT][QUEUE_SIZE][QUEUED_BUFFER_SIZE];
data/service-wrapper-java-3.5.30/src/c/logger.c:1713:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR nowDate[9];
data/service-wrapper-java-3.5.30/src/c/logger.c:1719:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR tempConfLogFileResumeDateStr[20];
data/service-wrapper-java-3.5.30/src/c/logger.c:2097:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR intBuffer[3];
data/service-wrapper-java-3.5.30/src/c/logger.c:2526:1: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR lastErrorTextBufferW[LAST_ERROR_TEXT_BUFFER_SIZE];
data/service-wrapper-java-3.5.30/src/c/logger.c:2638:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR bufferPath[_MAX_PATH];
data/service-wrapper-java-3.5.30/src/c/logger.c:2639:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR bufferKVal[_MAX_PATH];
data/service-wrapper-java-3.5.30/src/c/logger.c:2642:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR regPath[1024];
data/service-wrapper-java-3.5.30/src/c/logger.c:2695:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR buffer[_MAX_PATH];
data/service-wrapper-java-3.5.30/src/c/logger.c:2697:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR regPath[1024];
data/service-wrapper-java-3.5.30/src/c/logger.c:2769:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR regPath[ 1024 ];
data/service-wrapper-java-3.5.30/src/c/logger.c:2787:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR header[16];
data/service-wrapper-java-3.5.30/src/c/logger.c:3241:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR rollNum[11];
data/service-wrapper-java-3.5.30/src/c/logger.c:3447:8: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static TCHAR distroDescription[100];
data/service-wrapper-java-3.5.30/src/c/logger.c:3523:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR versionW[10];
data/service-wrapper-java-3.5.30/src/c/loggerjni.c:34:1: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR lastErrorTextBufferW[LAST_ERROR_TEXT_BUFFER_SIZE];
data/service-wrapper-java-3.5.30/src/c/property.c:199:1: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR generateValueBuffer[256];
data/service-wrapper-java-3.5.30/src/c/property.c:538:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&loadPropertiesTM, nowTM, sizeof(struct tm));
data/service-wrapper-java-3.5.30/src/c/property.c:1316:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR buffer[MAX_PROPERTY_NAME_VALUE_LENGTH];
data/service-wrapper-java-3.5.30/src/c/property.c:1475:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR indexS[11];
data/service-wrapper-java-3.5.30/src/c/property.c:1647:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR buffer[16];
data/service-wrapper-java-3.5.30/src/c/test_filter.c:24:1: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR tsFLTR_workBuffer[TSFLTR_WORK_BUFFER_LEN];
data/service-wrapper-java-3.5.30/src/c/test_hashmap.c:25:1: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR tsHASH_workBuffer[TSHASH_WORK_BUFFER_LEN];
data/service-wrapper-java-3.5.30/src/c/test_hashmap.c:93:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR tailStr[32];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:123:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char packetBufferMB[MAX_LOG_SIZE + 1];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:124:1: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR packetBufferW[MAX_LOG_SIZE + 1];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:182:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR temp[5];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:1231:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(addr4.sin_addr), src, sizeof(addr4.sin_addr));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:1239:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(addr6.sin6_addr), src, sizeof(addr6.sin6_addr));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:1285:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, &sockaddr_ipv4->sin_addr, sizeof(struct in_addr));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:1290:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, &sockaddr_ipv6->sin6_addr, sizeof(struct in6_addr));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:1679:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char straddr[256] = {0};
data/service-wrapper-java-3.5.30/src/c/wrapper.c:1733:11: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
req = MultiByteToWideChar(CP_OEMCP, 0, straddr, -1, NULL, 0);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:1744:5: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_OEMCP, 0, straddr, -1, socketSource, req + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:1917:12: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static TCHAR unknownBuffer[14];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:2105:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR buffer[16];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:2469:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR cpBuffer[16];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:2631:15: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
req = MultiByteToWideChar(cp, 0, packetBufferMB, -1, packetBufferW, MAX_LOG_SIZE + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3493:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR propertyName[32];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3689:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR commandLenBuffer[8];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3713:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(commandLenBuffer, pos1 + 24, sizeof(TCHAR) * commandLenLen);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3725:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tempCommand, command, (pos1 - command) * sizeof(TCHAR));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3742:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(tempCommand[index]), pos2 + 1, sizeof(TCHAR) * _tcslen(pos2 + 1));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3926:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR buffer[16];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3935:12: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
size = MultiByteToWideChar(cp, 0, log, -1 , NULL, 0);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3947:5: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(cp, 0, log, -1, tlog, size + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4067:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tempBuffer, wrapperChildWorkBuffer, wrapperChildWorkBufferLen);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4503:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR buf[80];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4838:15: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
req = MultiByteToWideChar(CP_OEMCP, 0, tzname[0], -1, NULL, 0);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4849:13: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_OEMCP,0, tzname[0], -1, tz1, (int)req + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4850:19: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
req = MultiByteToWideChar(CP_OEMCP, 0, tzname[1], -1, NULL, 0);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4862:17: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_OEMCP,0, tzname[1], -1, tz2, (int)req + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5131:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR msgBuffer[10];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5185:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR msgBuffer[10];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5244:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR msgBuffer[10];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5451:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char head[5];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5513:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR pth[PATH_MAX + 1];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5515:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR resolvedPath[PATH_MAX + 1];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5706:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR cpPath[512];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5840:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR paramBuffer2[128];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5959:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR argExpanded[MAX_PROPERTY_VALUE_LENGTH];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5967:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(argTerm, arg, sizeof(TCHAR) * argLen);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6109:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR prop[256];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6649:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR paramBuffer2[128];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7835:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostName[80];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7847:15: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
len = MultiByteToWideChar(CP_OEMCP, 0, hostName, -1, NULL, 0);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7859:9: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_OEMCP,0, hostName, -1, hostName2, len + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:8059:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR propName[256];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:8241:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR propName[256];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:9018:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR buffer[11];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:9463:13: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR *strings[1];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:9470:13: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR *strings[2];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:9478:13: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR *strings[2];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:9486:13: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR *strings[2];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:9495:17: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR *strings[1];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:9503:13: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR *strings[2];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:9515:13: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR *strings[2];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:9523:13: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR *strings[2];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:9531:13: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR *strings[2];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:9539:13: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR *strings[2];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:9549:13: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR *strings[2];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:9557:13: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR *strings[2];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:9565:13: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR *strings[2];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:9573:13: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR *strings[2];
data/service-wrapper-java-3.5.30/src/c/wrapper.h:277:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR key[17]; /* Key which the JVM uses to authorize connections. (16 digits + \0) */
data/service-wrapper-java-3.5.30/src/c/wrapper_file.c:71:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR drive[4];
data/service-wrapper-java-3.5.30/src/c/wrapper_file.c:113:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufferMB[MAX_PROPERTY_NAME_VALUE_LENGTH];
data/service-wrapper-java-3.5.30/src/c/wrapper_file.c:114:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR expBuffer[MAX_PROPERTY_NAME_VALUE_LENGTH];
data/service-wrapper-java-3.5.30/src/c/wrapper_hashmap.c:44:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
cA = ((unsigned char *)vA)[i];
data/service-wrapper-java-3.5.30/src/c/wrapper_hashmap.c:45:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
cB = ((unsigned char *)vB)[i];
data/service-wrapper-java-3.5.30/src/c/wrapper_hashmap.c:208:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(keyCopy, key, keySize);
data/service-wrapper-java-3.5.30/src/c/wrapper_hashmap.c:215:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(valueCopy, value, valueSize);
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:53:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char iconvLibNameMB[128];
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:54:8: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static TCHAR iconvLibNameW[128];
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:82:11: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
req = MultiByteToWideChar(encoding, MB_ERR_INVALID_CHARS, multiByteChars, -1, NULL, 0);
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:113:5: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(encoding, MB_ERR_INVALID_CHARS, multiByteChars, -1, *outputBufferW, req + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:703:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(cFile, cMode);
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:994:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
r = open(cPath, oflag, mode);
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:1109:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resolved[FILENAME_MAX + 1];
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:1111:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resolved[PATH_MAX + 1];
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:64:23: [2] (integer) _wtoi64:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define _tstoi64 _wtoi64
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:65:23: [2] (integer) _wtoi64:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define _ttoi64 _wtoi64
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:173:23: [2] (integer) _wtoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define _tstoi _wtoi
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:306:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define _topen open
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:371:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define _tstoi atoi
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:372:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define _ttoi atoi
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:373:23: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define _tstol atol
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:374:23: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define _ttol atol
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:378:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define _tfopen fopen
data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:438:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR uName[MAX_USER_NAME_LENGTH + 1];
data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:1218:13: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR *javaVersionArgv[3];
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:98:8: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static TCHAR *systemPath[SYSTEM_PATH_MAX_LEN];
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:275:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(systemPath[i], lc, sizeof(TCHAR) * len);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:691:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR hexPosi[9];
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:1392:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR titleBuffer[80];
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:1932:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szPath[_MAX_PATH];
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:1935:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR titleBuffer[80];
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:2628:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR buffer[11];
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3433:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR drive[4];
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4025:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR regPath[ 1024 ];
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4026:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR domain[ 1024 ];
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4027:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR account[ 1024 ];
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4519:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR subKey[512]; /* Registry subkey that jvm creates when is installed */
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4521:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR jreversion[10]; /* Will receive a registry value that has jvm version */
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4725:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR wrapperFullPath[FILEPATHSIZE] = TEXT("");
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4726:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR logFileFullPath[FILEPATHSIZE] = TEXT("");
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4727:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR defaultLogFileFullPath[FILEPATHSIZE] = TEXT("");
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:5794:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR curDir[MAX_PATH];
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:5795:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR dumpFile[MAX_PATH];
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6436:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR pwszSourceFile[_MAX_PATH];
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7092:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR inbuf[1024], outbuf[512], errbuf[512], *secret;
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7486:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szPath[_MAX_PATH];
data/service-wrapper-java-3.5.30/src/c/wrappereventloop.c:454:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR buffer[MAX_COMMAND_LENGTH];
data/service-wrapper-java-3.5.30/src/c/wrappereventloop.c:954:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR onExitParamBuffer[16 + 10 + 1];
data/service-wrapper-java-3.5.30/src/c/wrappereventloop.c:1514:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR protocolMessage[JSTATESTARTED_MESSAGE_MAXLEN];
data/service-wrapper-java-3.5.30/src/c/wrapperjni.c:309:12: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
size = MultiByteToWideChar(CP_OEMCP, 0, result, -1, NULL, 0);
data/service-wrapper-java-3.5.30/src/c/wrapperjni.c:316:5: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_OEMCP, 0, result,-1, tresult, size);
data/service-wrapper-java-3.5.30/src/c/wrapperjni.c:394:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(utf8Chars, stringChars, jlen);
data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:168:1: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR explorerExe[1024];
data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:247:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR userKeyName[MAX_PATH];
data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:607:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szPath[_MAX_PATH];
data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:906:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR buffer[512];
data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:1027:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR buffer[2048];
data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:1201:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char localAddr[128];
data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:1204:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remoteAddr[128];
data/service-wrapper-java-3.5.30/src/c/logger.c:348:21: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t oldLen = _tcslen(oldToken);
data/service-wrapper-java-3.5.30/src/c/logger.c:354:18: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newLen = _tcslen(newToken);
data/service-wrapper-java-3.5.30/src/c/logger.c:368:17: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(out, newToken, newLen);
data/service-wrapper-java-3.5.30/src/c/logger.c:671:18: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = _tcslen(log_file_path);
data/service-wrapper-java-3.5.30/src/c/logger.c:692:5: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(logFilePath, log_file_path, len + 1);
data/service-wrapper-java-3.5.30/src/c/logger.c:757:43: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
logFileCopy = malloc(sizeof(TCHAR) * (_tcslen(currentLogFileName) + 1));
data/service-wrapper-java-3.5.30/src/c/logger.c:761:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(logFileCopy, currentLogFileName, _tcslen(currentLogFileName) + 1);
data/service-wrapper-java-3.5.30/src/c/logger.c:761:51: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tcsncpy(logFileCopy, currentLogFileName, _tcslen(currentLogFileName) + 1);
data/service-wrapper-java-3.5.30/src/c/logger.c:789:11: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = _tcslen(logFilePath) + 1;
data/service-wrapper-java-3.5.30/src/c/logger.c:795:5: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(logFileDir, logFilePath, len);
data/service-wrapper-java-3.5.30/src/c/logger.c:806:15: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = _tcslen(logFileDir) + 23 + 1 + 1000;
data/service-wrapper-java-3.5.30/src/c/logger.c:874:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(ms * 1000); /* microseconds */
data/service-wrapper-java-3.5.30/src/c/logger.c:933:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy( logfileFormat, log_file_format, 32 );
data/service-wrapper-java-3.5.30/src/c/logger.c:961:51: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmpFileSizeBuff = malloc(sizeof(TCHAR) * (_tcslen( max_file_size ) + 1));
data/service-wrapper-java-3.5.30/src/c/logger.c:970:30: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i = 0; i < (int)_tcslen(max_file_size); i++ ) {
data/service-wrapper-java-3.5.30/src/c/logger.c:1022:11: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = _tcslen(pattern);
data/service-wrapper-java-3.5.30/src/c/logger.c:1029:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(logFilePurgePattern, pattern, len + 1);
data/service-wrapper-java-3.5.30/src/c/logger.c:1165:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy( consoleFormat, console_log_format, 32 );
data/service-wrapper-java-3.5.30/src/c/logger.c:1258:33: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = sizeof(TCHAR) * (_tcslen(event_source_name) + 1);
data/service-wrapper-java-3.5.30/src/c/logger.c:1273:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(loginfoSourceName, event_source_name, _tcslen(event_source_name) + 1);
data/service-wrapper-java-3.5.30/src/c/logger.c:1273:56: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tcsncpy(loginfoSourceName, event_source_name, _tcslen(event_source_name) + 1);
data/service-wrapper-java-3.5.30/src/c/logger.c:1274:13: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (_tcslen(loginfoSourceName) > 32) {
data/service-wrapper-java-3.5.30/src/c/logger.c:1279:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(loginfoSourceName) > 32) {
data/service-wrapper-java-3.5.30/src/c/logger.c:1350:42: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i = 0, numColumns = 0; i < (int)_tcslen( format ); i++ ) {
data/service-wrapper-java-3.5.30/src/c/logger.c:1408:25: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*reqSize += _tcslen( message ) + 3;
data/service-wrapper-java-3.5.30/src/c/logger.c:1457:64: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i = 0, currentColumn = 0, len = 0, temp = 0; i < (int)_tcslen( format ); i++ ) {
data/service-wrapper-java-3.5.30/src/c/logger.c:1622:5: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(buffer, template, _tcslen(logFilePath) + 11);
data/service-wrapper-java-3.5.30/src/c/logger.c:1622:32: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tcsncpy(buffer, template, _tcslen(logFilePath) + 11);
data/service-wrapper-java-3.5.30/src/c/logger.c:1654:25: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferLen = _tcslen(buffer);
data/service-wrapper-java-3.5.30/src/c/logger.c:1726:25: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (logFilePath && (_tcslen(logFilePath) > 0)) {
data/service-wrapper-java-3.5.30/src/c/logger.c:1739:31: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
messageMBMaxLen = _tcslen(message) * sizeof(TCHAR);
data/service-wrapper-java-3.5.30/src/c/logger.c:1747:32: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
reqSize -= _tcslen(message);
data/service-wrapper-java-3.5.30/src/c/logger.c:1748:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
reqSize += strlen(messageMB);
data/service-wrapper-java-3.5.30/src/c/logger.c:1761:25: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
old_umask = umask( logFileUmask );
data/service-wrapper-java-3.5.30/src/c/logger.c:1782:33: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempBufferLen = _tcslen(tempBufferFormat) - 2 - 2 - 2 - 2 - 2 + _tcslen(confLogFileName) + _tcslen(confLogFileStopDateStr) + _tcslen(tempConfLogFileResumeDateStr) + _tcslen(defaultLogFile) + _tcslen(syslogName) + 1;
data/service-wrapper-java-3.5.30/src/c/logger.c:1782:81: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempBufferLen = _tcslen(tempBufferFormat) - 2 - 2 - 2 - 2 - 2 + _tcslen(confLogFileName) + _tcslen(confLogFileStopDateStr) + _tcslen(tempConfLogFileResumeDateStr) + _tcslen(defaultLogFile) + _tcslen(syslogName) + 1;
data/service-wrapper-java-3.5.30/src/c/logger.c:1782:108: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempBufferLen = _tcslen(tempBufferFormat) - 2 - 2 - 2 - 2 - 2 + _tcslen(confLogFileName) + _tcslen(confLogFileStopDateStr) + _tcslen(tempConfLogFileResumeDateStr) + _tcslen(defaultLogFile) + _tcslen(syslogName) + 1;
data/service-wrapper-java-3.5.30/src/c/logger.c:1782:142: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempBufferLen = _tcslen(tempBufferFormat) - 2 - 2 - 2 - 2 - 2 + _tcslen(confLogFileName) + _tcslen(confLogFileStopDateStr) + _tcslen(tempConfLogFileResumeDateStr) + _tcslen(defaultLogFile) + _tcslen(syslogName) + 1;
data/service-wrapper-java-3.5.30/src/c/logger.c:1782:182: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempBufferLen = _tcslen(tempBufferFormat) - 2 - 2 - 2 - 2 - 2 + _tcslen(confLogFileName) + _tcslen(confLogFileStopDateStr) + _tcslen(tempConfLogFileResumeDateStr) + _tcslen(defaultLogFile) + _tcslen(syslogName) + 1;
data/service-wrapper-java-3.5.30/src/c/logger.c:1782:208: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempBufferLen = _tcslen(tempBufferFormat) - 2 - 2 - 2 - 2 - 2 + _tcslen(confLogFileName) + _tcslen(confLogFileStopDateStr) + _tcslen(tempConfLogFileResumeDateStr) + _tcslen(defaultLogFile) + _tcslen(syslogName) + 1;
data/service-wrapper-java-3.5.30/src/c/logger.c:1806:13: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(old_umask);
data/service-wrapper-java-3.5.30/src/c/logger.c:1811:25: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
old_umask = umask( logFileUmask );
data/service-wrapper-java-3.5.30/src/c/logger.c:1846:29: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(confLogFileName, currentLogFileName, confLogFileNameSize);
data/service-wrapper-java-3.5.30/src/c/logger.c:1859:37: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempBufferLen = _tcslen(tempBufferFormat) - 2 - 2 - 2 + _tcslen(currentLogFileName) + _tcslen(tempBufferLastErrorText) + _tcslen(defaultLogFile) + 1;
data/service-wrapper-java-3.5.30/src/c/logger.c:1859:77: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempBufferLen = _tcslen(tempBufferFormat) - 2 - 2 - 2 + _tcslen(currentLogFileName) + _tcslen(tempBufferLastErrorText) + _tcslen(defaultLogFile) + 1;
data/service-wrapper-java-3.5.30/src/c/logger.c:1859:107: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempBufferLen = _tcslen(tempBufferFormat) - 2 - 2 - 2 + _tcslen(currentLogFileName) + _tcslen(tempBufferLastErrorText) + _tcslen(defaultLogFile) + 1;
data/service-wrapper-java-3.5.30/src/c/logger.c:1859:142: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempBufferLen = _tcslen(tempBufferFormat) - 2 - 2 - 2 + _tcslen(currentLogFileName) + _tcslen(tempBufferLastErrorText) + _tcslen(defaultLogFile) + 1;
data/service-wrapper-java-3.5.30/src/c/logger.c:1890:37: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempBufferLen = _tcslen(tempBufferFormat) - 2 - 2 + _tcslen(currentLogFileName) + _tcslen(tempBufferLastErrorText) + 1;
data/service-wrapper-java-3.5.30/src/c/logger.c:1890:73: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempBufferLen = _tcslen(tempBufferFormat) - 2 - 2 + _tcslen(currentLogFileName) + _tcslen(tempBufferLastErrorText) + 1;
data/service-wrapper-java-3.5.30/src/c/logger.c:1890:103: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempBufferLen = _tcslen(tempBufferFormat) - 2 - 2 + _tcslen(currentLogFileName) + _tcslen(tempBufferLastErrorText) + 1;
data/service-wrapper-java-3.5.30/src/c/logger.c:1911:13: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(old_umask);
data/service-wrapper-java-3.5.30/src/c/logger.c:1925:13: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(logFileLastNowDate, nowDate, 9);
data/service-wrapper-java-3.5.30/src/c/logger.c:2106:63: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((_tcsstr(message, LOG_SPECIAL_MARKER) == message) && (_tcslen(message) >= _tcslen(LOG_SPECIAL_MARKER) + 10)) {
data/service-wrapper-java-3.5.30/src/c/logger.c:2106:83: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((_tcsstr(message, LOG_SPECIAL_MARKER) == message) && (_tcslen(message) >= _tcslen(LOG_SPECIAL_MARKER) + 10)) {
data/service-wrapper-java-3.5.30/src/c/logger.c:2111:35: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos = (TCHAR *)(message + _tcslen(LOG_SPECIAL_MARKER) + 1);
data/service-wrapper-java-3.5.30/src/c/logger.c:2114:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(intBuffer, pos, 2);
data/service-wrapper-java-3.5.30/src/c/logger.c:2120:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(intBuffer, pos, 2);
data/service-wrapper-java-3.5.30/src/c/logger.c:2126:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(intBuffer, pos, 2);
data/service-wrapper-java-3.5.30/src/c/logger.c:2213:19: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
reqSize = _tcslen(LOG_SPECIAL_MARKER) + 1 + 2 + 1 + 2 + 1 + 2 + 1 + _tcslen(message) - _tcslen(LOG_FORK_MARKER) + 1;
data/service-wrapper-java-3.5.30/src/c/logger.c:2213:77: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
reqSize = _tcslen(LOG_SPECIAL_MARKER) + 1 + 2 + 1 + 2 + 1 + 2 + 1 + _tcslen(message) - _tcslen(LOG_FORK_MARKER) + 1;
data/service-wrapper-java-3.5.30/src/c/logger.c:2213:96: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
reqSize = _tcslen(LOG_SPECIAL_MARKER) + 1 + 2 + 1 + 2 + 1 + 2 + 1 + _tcslen(message) - _tcslen(LOG_FORK_MARKER) + 1;
data/service-wrapper-java-3.5.30/src/c/logger.c:2217:130: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(printBuffer, reqSize, TEXT("%s|%02d|%02d|%02d|%s"), LOG_SPECIAL_MARKER, source_id, level, threadId, message + _tcslen(LOG_FORK_MARKER));
data/service-wrapper-java-3.5.30/src/c/logger.c:2357:41: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg = malloc(sizeof(wchar_t) * (wcslen(lpszFmt) + 1));
data/service-wrapper-java-3.5.30/src/c/logger.c:2360:17: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (wcslen(lpszFmt) > 0) {
data/service-wrapper-java-3.5.30/src/c/logger.c:2361:33: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < _tcslen(lpszFmt); i++){
data/service-wrapper-java-3.5.30/src/c/logger.c:2363:60: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((lpszFmt[i] == TEXT('%')) && (i < _tcslen(lpszFmt)) && (lpszFmt[i + 1] == TEXT('s')) && ((i == 0) || (lpszFmt[i - 1] != TEXT('%')))){
data/service-wrapper-java-3.5.30/src/c/logger.c:2368:17: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg[wcslen(lpszFmt)] = TEXT('\0');
data/service-wrapper-java-3.5.30/src/c/logger.c:2476:47: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
logFileCopy = malloc(sizeof(TCHAR) * (_tcslen(currentLogFileName) + 1));
data/service-wrapper-java-3.5.30/src/c/logger.c:2480:13: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(logFileCopy, currentLogFileName, _tcslen(currentLogFileName) + 1);
data/service-wrapper-java-3.5.30/src/c/logger.c:2480:55: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tcsncpy(logFileCopy, currentLogFileName, _tcslen(currentLogFileName) + 1);
data/service-wrapper-java-3.5.30/src/c/logger.c:2723:137: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( RegSetValueEx( hKey, TEXT("EventMessageFile"), (DWORD) 0, (DWORD) REG_SZ, (LPBYTE) buffer, (DWORD)(sizeof(TCHAR) * (_tcslen(buffer) + 1))) != ERROR_SUCCESS ) {
data/service-wrapper-java-3.5.30/src/c/logger.c:2729:140: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( RegSetValueEx( hKey, TEXT("CategoryMessageFile"), (DWORD) 0, (DWORD) REG_SZ, (LPBYTE) buffer, (DWORD)(sizeof(TCHAR) * (_tcslen(buffer) + 1))) != ERROR_SUCCESS ) {
data/service-wrapper-java-3.5.30/src/c/logger.c:3077:110: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tprintf(TEXT("writeToConsole BufferSize=%d, MessageLen=%d, Message=[%s]\n"), vWriteToConsoleBufferSize, _tcslen(vWriteToConsoleBuffer), vWriteToConsoleBuffer);
data/service-wrapper-java-3.5.30/src/c/logger.c:3087:15: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fullLen = _tcslen(vWriteToConsoleBuffer);
data/service-wrapper-java-3.5.30/src/c/logger.c:3287:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(currentLogFileName, workLogFileName, _tcslen(logFilePath) + 11);
data/service-wrapper-java-3.5.30/src/c/logger.c:3287:55: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tcsncpy(currentLogFileName, workLogFileName, _tcslen(logFilePath) + 11);
data/service-wrapper-java-3.5.30/src/c/logger.c:3472:13: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(distroDescription, centosPattern, 100);
data/service-wrapper-java-3.5.30/src/c/logger.c:3475:13: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(distroDescription, rhelPattern, 100);
data/service-wrapper-java-3.5.30/src/c/logger.c:3478:13: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(distroDescription, fedoraPattern, 100);
data/service-wrapper-java-3.5.30/src/c/logger.c:3480:13: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(distroDescription, amiPattern, 100);
data/service-wrapper-java-3.5.30/src/c/logger.c:3482:13: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(distroDescription, linuxPattern, 100);
data/service-wrapper-java-3.5.30/src/c/logger.c:3670:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(formatMessages[threadId], lpszFmt, QUEUED_BUFFER_SIZE);
data/service-wrapper-java-3.5.30/src/c/logger.c:3681:15: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = wcslen(format);
data/service-wrapper-java-3.5.30/src/c/logger.c:3856:59: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
logFileCopy = malloc(sizeof(TCHAR) * (_tcslen(currentLogFileName) + 1));
data/service-wrapper-java-3.5.30/src/c/logger.c:3860:25: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(logFileCopy, currentLogFileName, _tcslen(currentLogFileName) + 1);
data/service-wrapper-java-3.5.30/src/c/logger.c:3860:67: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tcsncpy(logFileCopy, currentLogFileName, _tcslen(currentLogFileName) + 1);
data/service-wrapper-java-3.5.30/src/c/logger_file.c:305:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(dirPart, pattern, dirLen);
data/service-wrapper-java-3.5.30/src/c/logger_file.c:321:23: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fileLen = _tcslen(fblock.name);
data/service-wrapper-java-3.5.30/src/c/logger_file.c:322:34: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
files[cnt] = malloc((_tcslen(dirPart) + _tcslen(fblock.name) + 1) * sizeof(TCHAR));
data/service-wrapper-java-3.5.30/src/c/logger_file.c:322:53: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
files[cnt] = malloc((_tcslen(dirPart) + _tcslen(fblock.name) + 1) * sizeof(TCHAR));
data/service-wrapper-java-3.5.30/src/c/logger_file.c:330:36: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(files[cnt], _tcslen(dirPart) + _tcslen(fblock.name) + 1, TEXT("%s%s"), dirPart, fblock.name);
data/service-wrapper-java-3.5.30/src/c/logger_file.c:330:55: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(files[cnt], _tcslen(dirPart) + _tcslen(fblock.name) + 1, TEXT("%s%s"), dirPart, fblock.name);
data/service-wrapper-java-3.5.30/src/c/logger_file.c:378:27: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fileLen = _tcslen(fblock.name);
data/service-wrapper-java-3.5.30/src/c/logger_file.c:379:38: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
files[cnt] = malloc((_tcslen(dirPart) + _tcslen(fblock.name) + 1) * sizeof(TCHAR));
data/service-wrapper-java-3.5.30/src/c/logger_file.c:379:57: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
files[cnt] = malloc((_tcslen(dirPart) + _tcslen(fblock.name) + 1) * sizeof(TCHAR));
data/service-wrapper-java-3.5.30/src/c/logger_file.c:387:40: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(files[cnt], _tcslen(dirPart) + _tcslen(fblock.name) + 1, TEXT("%s%s"), dirPart, fblock.name);
data/service-wrapper-java-3.5.30/src/c/logger_file.c:387:59: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(files[cnt], _tcslen(dirPart) + _tcslen(fblock.name) + 1, TEXT("%s%s"), dirPart, fblock.name);
data/service-wrapper-java-3.5.30/src/c/logger_file.c:469:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
files[cnt] = malloc((strlen(g.gl_pathv[findex]) + 1));
data/service-wrapper-java-3.5.30/src/c/logger_file.c:477:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(files[cnt], g.gl_pathv[findex], strlen(g.gl_pathv[findex]) + 1);
data/service-wrapper-java-3.5.30/src/c/logger_file.c:477:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(files[cnt], g.gl_pathv[findex], strlen(g.gl_pathv[findex]) + 1);
data/service-wrapper-java-3.5.30/src/c/property.c:86:44: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oldValue = malloc(sizeof(TCHAR) * (_tcslen(property->value) + 1));
data/service-wrapper-java-3.5.30/src/c/property.c:90:13: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(oldValue, property->value, _tcslen(property->value) + 1);
data/service-wrapper-java-3.5.30/src/c/property.c:90:49: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tcsncpy(oldValue, property->value, _tcslen(property->value) + 1);
data/service-wrapper-java-3.5.30/src/c/property.c:306:17: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(envName, start + 1, len);
data/service-wrapper-java-3.5.30/src/c/property.c:333:25: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(out, in, outLen);
data/service-wrapper-java-3.5.30/src/c/property.c:339:30: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outLen = _tcslen(envValue);
data/service-wrapper-java-3.5.30/src/c/property.c:344:25: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(out, envValue, outLen);
data/service-wrapper-java-3.5.30/src/c/property.c:367:25: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(out, in, outLen);
data/service-wrapper-java-3.5.30/src/c/property.c:388:32: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outLen = len = _tcslen(in);
data/service-wrapper-java-3.5.30/src/c/property.c:393:21: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(out, in, outLen);
data/service-wrapper-java-3.5.30/src/c/property.c:404:28: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outLen = len = _tcslen(in);
data/service-wrapper-java-3.5.30/src/c/property.c:409:14: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(out, in, outLen);
data/service-wrapper-java-3.5.30/src/c/property.c:448:55: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
property->value = malloc(sizeof(TCHAR) * (_tcslen(buffer) + 1));
data/service-wrapper-java-3.5.30/src/c/property.c:454:49: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0, count = 0; i < (int)_tcslen(buffer); i++) {
data/service-wrapper-java-3.5.30/src/c/property.c:721:19: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = _tcslen(name) + 1 + 1;
data/service-wrapper-java-3.5.30/src/c/property.c:737:19: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = _tcslen(name) + 1 + 1;
data/service-wrapper-java-3.5.30/src/c/property.c:768:19: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = _tcslen(name) + 1 + _tcslen(value) + 1;
data/service-wrapper-java-3.5.30/src/c/property.c:768:39: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = _tcslen(name) + 1 + _tcslen(value) + 1;
data/service-wrapper-java-3.5.30/src/c/property.c:789:19: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = _tcslen(name) + 1 + _tcslen(value) + 1;
data/service-wrapper-java-3.5.30/src/c/property.c:789:39: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = _tcslen(name) + 1 + _tcslen(value) + 1;
data/service-wrapper-java-3.5.30/src/c/property.c:855:11: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = _tcslen(name) + 1;
data/service-wrapper-java-3.5.30/src/c/property.c:946:19: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nameLen = _tcslen(propertyName);
data/service-wrapper-java-3.5.30/src/c/property.c:977:39: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tailLen = _tcslen(pattern) - headLen - 1;
data/service-wrapper-java-3.5.30/src/c/property.c:1133:48: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
propertyNameTrim = malloc(sizeof(TCHAR) * (_tcslen(propertyName) + 1));
data/service-wrapper-java-3.5.30/src/c/property.c:1139:50: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
propertyValueTrim = malloc(sizeof(TCHAR) * ( _tcslen(propertyValue) + 1));
data/service-wrapper-java-3.5.30/src/c/property.c:1165:50: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
property->name = malloc(sizeof(TCHAR) * (_tcslen(propertyNameTrim) + 1));
data/service-wrapper-java-3.5.30/src/c/property.c:1173:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(property->name, propertyNameTrim, _tcslen(propertyNameTrim) + 1);
data/service-wrapper-java-3.5.30/src/c/property.c:1173:52: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tcsncpy(property->name, propertyNameTrim, _tcslen(propertyNameTrim) + 1);
data/service-wrapper-java-3.5.30/src/c/property.c:1263:14: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((_tcslen(property->name) > 12) && (_tcsstr(property->name, TEXT("set.default.")) == property->name)) {
data/service-wrapper-java-3.5.30/src/c/property.c:1285:21: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if ((_tcslen(property->name) > 4) && (_tcsstr(property->name, TEXT("set.")) == property->name)) {
data/service-wrapper-java-3.5.30/src/c/property.c:1320:9: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (_tcslen(propertyNameValue) + 1 >= MAX_PROPERTY_NAME_VALUE_LENGTH) {
data/service-wrapper-java-3.5.30/src/c/property.c:1325:5: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(buffer, propertyNameValue, MAX_PROPERTY_NAME_VALUE_LENGTH);
data/service-wrapper-java-3.5.30/src/c/property.c:1482:15: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
headLen = _tcslen(propertyNameHead);
data/service-wrapper-java-3.5.30/src/c/property.c:1483:15: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tailLen = _tcslen(propertyNameTail);
data/service-wrapper-java-3.5.30/src/c/property.c:1489:23: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
thisLen = _tcslen(property->name);
data/service-wrapper-java-3.5.30/src/c/property.c:1499:21: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(thisHead, property->name, headLen);
data/service-wrapper-java-3.5.30/src/c/property.c:1509:29: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(thisTail, property->name + thisLen - tailLen, tailLen + 1);
data/service-wrapper-java-3.5.30/src/c/property.c:1519:37: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(indexS, property->name + headLen, indexLen);
data/service-wrapper-java-3.5.30/src/c/property.c:1824:11: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = _tcslen(value);
data/service-wrapper-java-3.5.30/src/c/property.c:1865:67: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (_tcsstr(propName, TEXT(".password")) == (propName + ((int)_tcslen(propName) - 9))) {
data/service-wrapper-java-3.5.30/src/c/property.c:1951:17: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += _tcslen(property->name);
data/service-wrapper-java-3.5.30/src/c/property.c:1953:17: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += _tcslen(property->value);
data/service-wrapper-java-3.5.30/src/c/property.c:1986:13: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(buffer, work, c - work + 1);
data/service-wrapper-java-3.5.30/src/c/property.c:1992:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(buffer, work, size - _tcslen(fullBuffer));
data/service-wrapper-java-3.5.30/src/c/property.c:1992:39: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tcsncpy(buffer, work, size - _tcslen(fullBuffer));
data/service-wrapper-java-3.5.30/src/c/property.c:1993:19: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer += _tcslen(work);
data/service-wrapper-java-3.5.30/src/c/property.c:2002:13: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(buffer, work, c - work + 1);
data/service-wrapper-java-3.5.30/src/c/property.c:2008:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(buffer, work, size - _tcslen(fullBuffer));
data/service-wrapper-java-3.5.30/src/c/property.c:2008:39: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tcsncpy(buffer, work, size - _tcslen(fullBuffer));
data/service-wrapper-java-3.5.30/src/c/property.c:2009:19: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer += _tcslen(work);
data/service-wrapper-java-3.5.30/src/c/test_hashmap.c:61:11: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
num = _tcslen(tsHASH_randomChars);
data/service-wrapper-java-3.5.30/src/c/test_hashmap.c:97:11: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
num = _tcslen(tsHASH_randomChars);
data/service-wrapper-java-3.5.30/src/c/test_hashmap.c:101:20: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strLen = len + _tcslen(tailStr) + 1;
data/service-wrapper-java-3.5.30/src/c/test_hashmap.c:111:5: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(str, tailStr, strLen);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:187:5: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy( temp, date, 4 );
data/service-wrapper-java-3.5.30/src/c/wrapper.c:192:5: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy( temp, date + 4, 2 );
data/service-wrapper-java-3.5.30/src/c/wrapper.c:197:5: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy( temp, date + 6, 2 );
data/service-wrapper-java-3.5.30/src/c/wrapper.c:202:5: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy( temp, time, 2 );
data/service-wrapper-java-3.5.30/src/c/wrapper.c:207:5: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy( temp, time + 2, 2 );
data/service-wrapper-java-3.5.30/src/c/wrapper.c:242:34: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferLen = __max(bufferLen, _tcslen(TEXT("set.WRAPPER_LANG=")) + 3 + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:243:34: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferLen = __max(bufferLen, _tcslen(TEXT("set.WRAPPER_PID=")) + 10 + 1); /* 32-bit PID would be max of 10 characters */
data/service-wrapper-java-3.5.30/src/c/wrapper.c:244:34: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferLen = __max(bufferLen, _tcslen(TEXT("set.WRAPPER_BITS=")) + _tcslen(wrapperBits) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:244:71: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferLen = __max(bufferLen, _tcslen(TEXT("set.WRAPPER_BITS=")) + _tcslen(wrapperBits) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:245:34: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferLen = __max(bufferLen, _tcslen(TEXT("set.WRAPPER_ARCH=")) + _tcslen(wrapperArch) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:245:71: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferLen = __max(bufferLen, _tcslen(TEXT("set.WRAPPER_ARCH=")) + _tcslen(wrapperArch) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:246:34: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferLen = __max(bufferLen, _tcslen(TEXT("set.WRAPPER_OS=")) + _tcslen(wrapperOS) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:246:69: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferLen = __max(bufferLen, _tcslen(TEXT("set.WRAPPER_OS=")) + _tcslen(wrapperOS) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:247:34: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferLen = __max(bufferLen, _tcslen(TEXT("set.WRAPPER_HOSTNAME=")) + _tcslen(wrapperData->hostName) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:247:75: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferLen = __max(bufferLen, _tcslen(TEXT("set.WRAPPER_HOSTNAME=")) + _tcslen(wrapperData->hostName) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:248:34: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferLen = __max(bufferLen, _tcslen(TEXT("set.WRAPPER_HOST_NAME=")) + _tcslen(wrapperData->hostName) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:248:76: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferLen = __max(bufferLen, _tcslen(TEXT("set.WRAPPER_HOST_NAME=")) + _tcslen(wrapperData->hostName) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:270:13: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(confDirTemp, TEXT("."), 2);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:284:13: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(confDirTemp, wrapperData->argConfFile, pos);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:335:32: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((langTemp == NULL) || (_tcslen(langTemp) == 0)) {
data/service-wrapper-java-3.5.30/src/c/wrapper.c:405:12: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
TCHAR *equal;
data/service-wrapper-java-3.5.30/src/c/wrapper.c:447:19: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = _tcslen(sourcePair);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:461:17: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal) {
data/service-wrapper-java-3.5.30/src/c/wrapper.c:463:27: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
value = &(equal[1]);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:464:17: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
equal[0] = TEXT('\0');
data/service-wrapper-java-3.5.30/src/c/wrapper.c:466:21: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (_tcslen(name) <= 0) {
data/service-wrapper-java-3.5.30/src/c/wrapper.c:469:21: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (_tcslen(value) <= 0) {
data/service-wrapper-java-3.5.30/src/c/wrapper.c:507:40: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*ptr = malloc(sizeof(TCHAR) * (_tcslen(value) + 1));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:512:13: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(*ptr, value, _tcslen(value) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:512:35: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tcsncpy(*ptr, value, _tcslen(value) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:985:22: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (prop && (_tcslen(prop) > 0)) {
data/service-wrapper-java-3.5.30/src/c/wrapper.c:1040:28: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
defaultUMask = umask((mode_t)0);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:1041:13: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(defaultUMask);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:1045:102: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
wrapperData->javaUmask = getIntProperty(properties, TEXT("wrapper.java.umask"), wrapperData->umask);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:1046:108: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
wrapperData->pidFileUmask = getIntProperty(properties, TEXT("wrapper.pidfile.umask"), wrapperData->umask);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:1047:110: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
wrapperData->lockFileUmask = getIntProperty(properties, TEXT("wrapper.lockfile.umask"), wrapperData->umask);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:1048:117: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
wrapperData->javaPidFileUmask = getIntProperty(properties, TEXT("wrapper.java.pidfile.umask"), wrapperData->umask);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:1049:115: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
wrapperData->javaIdFileUmask = getIntProperty(properties, TEXT("wrapper.java.idfile.umask"), wrapperData->umask);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:1050:114: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
wrapperData->statusFileUmask = getIntProperty(properties, TEXT("wrapper.statusfile.umask"), wrapperData->umask);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:1051:123: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
wrapperData->javaStatusFileUmask = getIntProperty(properties, TEXT("wrapper.java.statusfile.umask"), wrapperData->umask);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:1052:114: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
wrapperData->anchorFileUmask = getIntProperty(properties, TEXT("wrapper.anchorfile.umask"), wrapperData->umask);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:1053:96: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
setLogfileUmask(getIntProperty(properties, TEXT("wrapper.logfile.umask"), wrapperData->umask));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:2178:17: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(messageMB, messageW, len);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:2189:15: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = _tcslen(messageTemplate) + 16 + 1;
data/service-wrapper-java-3.5.30/src/c/wrapper.c:2197:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(logMsgW, len, messageTemplate, (messageMB ? strlen(messageMB) : 0));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:2206:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = 1 + strlen(messageMB) + 1;
data/service-wrapper-java-3.5.30/src/c/wrapper.c:2223:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&(protocolSendBuffer[1]), messageMB, len - 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:2585:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(protocolActiveServerPipeIn, (void*) &c, 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:2605:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(protocolActiveServerPipeIn, (void*) &c, 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3222:21: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = &fileName[_tcslen(fileName)];
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3241:5: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(baseName, start, end - start);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3256:11: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = _tcslen(banner) + _tcslen(product) + _tcslen(wrapperBits) + _tcslen(wrapperVersionRoot) + _tcslen(copyright) + 1;
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3256:29: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = _tcslen(banner) + _tcslen(product) + _tcslen(wrapperBits) + _tcslen(wrapperVersionRoot) + _tcslen(copyright) + 1;
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3256:48: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = _tcslen(banner) + _tcslen(product) + _tcslen(wrapperBits) + _tcslen(wrapperVersionRoot) + _tcslen(copyright) + 1;
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3256:71: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = _tcslen(banner) + _tcslen(product) + _tcslen(wrapperBits) + _tcslen(wrapperVersionRoot) + _tcslen(copyright) + 1;
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3256:101: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = _tcslen(banner) + _tcslen(product) + _tcslen(wrapperBits) + _tcslen(wrapperVersionRoot) + _tcslen(copyright) + 1;
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3286:44: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
confFileBase = malloc(sizeof(TCHAR) * (_tcslen(appName) + 1));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3416:63: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
argConfFileBase = malloc(sizeof(TCHAR) * (_tcslen(argv[0]) + 1));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3424:56: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wrapperData->argConfFile = malloc((_tcslen(argConfFileBase) + 5 + 1) * sizeof(TCHAR));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3430:58: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(wrapperData->argConfFile, _tcslen(argConfFileBase) + 5 + 1, TEXT("%s.conf"), argConfFileBase);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3452:55: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
argConfFileBase = malloc(sizeof(TCHAR) * (_tcslen(argv[0]) + 1));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3460:48: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wrapperData->argConfFile = malloc((_tcslen(argConfFileBase) + 5 + 1) * sizeof(TCHAR));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3466:50: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(wrapperData->argConfFile, _tcslen(argConfFileBase) + 5 + 1, TEXT("%s.conf"), argConfFileBase);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3706:18: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
commandLen = _tcslen(command);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3729:22: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fillerLen -= _tcslen(&tempCommand[index]);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3730:18: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
index += _tcslen(&tempCommand[index]);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3742:61: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(&(tempCommand[index]), pos2 + 1, sizeof(TCHAR) * _tcslen(pos2 + 1));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3793:15: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
textLen = _tcslen(text);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3798:18: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
patternLen = _tcslen(pattern);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3829:18: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
patternLen = _tcslen(pattern);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3853:11: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = _tcslen(in);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3870:13: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(out, in + first, len);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3884:13: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (_tcslen(wrapperData->outputFilters[i]) > 0) {
data/service-wrapper-java-3.5.30/src/c/wrapper.c:3904:42: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((!filterMessage) || (_tcslen(filterMessage) <= 0)) {
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4527:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(*pszOS, TEXT("Microsoft "), OSBUFSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:4729:13: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (_tcslen(osvi.szCSDVersion) > 0) {
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5302:41: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = wrapperStripQuotesInner(prop, _tcslen(prop), propStripped);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5312:18: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = _tcslen(value);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5377:18: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = _tcslen(value);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5520:13: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(pth, resolvedPath, PATH_MAX + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5522:31: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = malloc((_tcslen(pth) + 1) * sizeof(TCHAR));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5527:17: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(ret, pth, _tcslen(pth) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5527:36: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tcsncpy(ret, pth, _tcslen(pth) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5545:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(pth, resolvedPath, PATH_MAX + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5547:27: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = malloc((_tcslen(pth) + 1) * sizeof(TCHAR));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5552:13: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(ret, pth, _tcslen(pth) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5552:32: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tcsncpy(ret, pth, _tcslen(pth) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5570:28: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (searchPath && (_tcslen(searchPath) <= 0)) {
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5588:21: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(pth, beg, PATH_MAX + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5591:21: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(pth, beg, end - beg);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5594:25: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pth[_tcslen(pth) - 1] != TEXT('/')) {
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5595:21: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(pth, TEXT("/"), PATH_MAX + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5597:17: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(pth, exe, PATH_MAX + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5607:21: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(pth, resolvedPath, PATH_MAX + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5621:31: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = malloc((_tcslen(pth) + 1) * sizeof(TCHAR));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5626:17: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(ret, pth, _tcslen(pth) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5626:36: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tcsncpy(ret, pth, _tcslen(pth) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5659:20: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)_tcslen(*para) - 2;
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5662:20: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)_tcslen(*para);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5668:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(path, (*para) + start, len);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5679:29: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*para = malloc((_tcslen(path) + 1) * sizeof(TCHAR));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5685:13: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(*para, path, _tcslen(path) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5685:35: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tcsncpy(*para, path, _tcslen(path) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5727:17: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(cpPath, TEXT("\\bin\\java.exe"), 512);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5770:54: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strings[index] = malloc(sizeof(TCHAR) * (_tcslen(cpPath) + 2 + 1));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5776:44: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(strings[index], _tcslen(cpPath) + 2 + 1, TEXT("\"%s\""), cpPath);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5778:44: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(strings[index], _tcslen(cpPath) + 2 + 1, TEXT("%s"), cpPath);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5781:54: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strings[index] = malloc(sizeof(TCHAR) * (_tcslen(prop) + 2 + 1));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5787:44: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(strings[index], _tcslen(prop) + 2 + 1, TEXT("\"%s\""), prop);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5789:44: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(strings[index], _tcslen(prop) + 2 + 1, TEXT("%s"), prop);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5799:50: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strings[index] = malloc(sizeof(TCHAR) * (_tcslen(prop) + 2 + 1));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5805:40: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(strings[index], _tcslen(prop) + 2 + 1, TEXT("\"%s\""), prop);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5807:40: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(strings[index], _tcslen(prop) + 2 + 1, TEXT("%s"), prop);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5813:61: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (c && ((unsigned int)(c - strings[index]) == _tcslen(strings[index]) - 3 - 1)) {
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5818:65: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (c && ((unsigned int)(c - strings[index]) == _tcslen(strings[index]) - 7 - 1)) {
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5859:17: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (_tcslen(prop) > 0) {
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5887:68: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
propStripped = malloc(sizeof(TCHAR) * (_tcslen(prop) + 1));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5911:70: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strings[index] = malloc(sizeof(TCHAR) * (_tcslen(propStripped) + 1));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5920:56: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(strings[index], _tcslen(propStripped) + 1, TEXT("%s"), propStripped);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5988:15: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = _tcslen(argTerm);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:5997:13: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(argStripped, argTerm, len + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6013:15: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = _tcslen(argExpanded);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6018:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(param->strings[param->index], argExpanded, len + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6048:22: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(config && _tcslen(config) > 0);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6049:45: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(config[0] != TEXT(' ') && config[_tcslen(config) - 1] != TEXT(' '));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6051:27: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tail_bound = config + _tcslen(config) + 1;
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6116:9: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (_tcslen(parameterFilePath) == 0) {
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6196:63: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strings[index] = malloc(sizeof(TCHAR) * (22 + _tcslen(prop) + 1 + _tcslen(systemPath) + 1 + 1));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6196:83: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strings[index] = malloc(sizeof(TCHAR) * (22 + _tcslen(prop) + 1 + _tcslen(systemPath) + 1 + 1));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6205:26: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((_tcslen(systemPath) > 1) && (systemPath[_tcslen(systemPath) - 1] == TEXT('\\'))) {
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6205:66: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((_tcslen(systemPath) > 1) && (systemPath[_tcslen(systemPath) - 1] == TEXT('\\'))) {
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6206:57: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(strings[index], 22 + _tcslen(prop) + 1 + _tcslen(systemPath) + 1 + 1, TEXT("-Djava.library.path=\"%s%c%s\\\""), prop, wrapperClasspathSeparator, systemPath);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6206:77: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(strings[index], 22 + _tcslen(prop) + 1 + _tcslen(systemPath) + 1 + 1, TEXT("-Djava.library.path=\"%s%c%s\\\""), prop, wrapperClasspathSeparator, systemPath);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6208:57: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(strings[index], 22 + _tcslen(prop) + 1 + _tcslen(systemPath) + 1 + 1, TEXT("-Djava.library.path=\"%s%c%s\""), prop, wrapperClasspathSeparator, systemPath);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6208:77: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(strings[index], 22 + _tcslen(prop) + 1 + _tcslen(systemPath) + 1 + 1, TEXT("-Djava.library.path=\"%s%c%s\""), prop, wrapperClasspathSeparator, systemPath);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6211:53: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(strings[index], 22 + _tcslen(prop) + 1 + _tcslen(systemPath) + 1 + 1, TEXT("-Djava.library.path=%s%c%s"), prop, wrapperClasspathSeparator, systemPath);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6211:73: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(strings[index], 22 + _tcslen(prop) + 1 + _tcslen(systemPath) + 1 + 1, TEXT("-Djava.library.path=%s%c%s"), prop, wrapperClasspathSeparator, systemPath);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6214:63: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strings[index] = malloc(sizeof(TCHAR) * (22 + _tcslen(prop) + 1 + 1));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6220:26: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((_tcslen(prop) > 1) && (prop[_tcslen(prop) - 1] == TEXT('\\'))) {
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6220:54: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((_tcslen(prop) > 1) && (prop[_tcslen(prop) - 1] == TEXT('\\'))) {
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6221:57: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(strings[index], 22 + _tcslen(prop) + 1 + 1, TEXT("-Djava.library.path=\"%s\\\""), prop);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6223:57: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(strings[index], 22 + _tcslen(prop) + 1 + 1, TEXT("-Djava.library.path=\"%s\""), prop);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6226:53: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(strings[index], 22 + _tcslen(prop) + 1 + 1, TEXT("-Djava.library.path=%s"), prop);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6274:28: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = _tcslen(prop);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6310:24: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = _tcslen(systemPath);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6423:52: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
propStripped = malloc(sizeof(TCHAR) * (_tcslen(prop) + 1));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6436:16: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = _tcslen(propStripped);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6454:28: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = _tcslen(files[cnt]);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6492:35: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((propStripped[_tcslen(propStripped) - 1] == TEXT('/')) || (propStripped[_tcslen(propStripped) - 1] == TEXT('\\'))) {
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6492:93: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((propStripped[_tcslen(propStripped) - 1] == TEXT('/')) || (propStripped[_tcslen(propStripped) - 1] == TEXT('\\'))) {
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6493:58: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
propBaseDir = malloc(sizeof(TCHAR) * _tcslen(propStripped));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6502:21: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(propBaseDir, propStripped, _tcslen(propStripped) - 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6502:57: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tcsncpy(propBaseDir, propStripped, _tcslen(propStripped) - 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6503:33: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
propBaseDir[_tcslen(propStripped) - 1] = TEXT('\0');
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6598:15: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = _tcslen(classpath);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6664:13: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (_tcslen(prop) > 0) {
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6677:64: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
propStripped = malloc(sizeof(TCHAR) * (_tcslen(prop) + 1));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6701:66: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strings[index] = malloc(sizeof(TCHAR) * (_tcslen(propStripped) + 1));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6710:52: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(strings[index], _tcslen(propStripped) + 1, TEXT("%s"), propStripped);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6742:62: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strings[index] = malloc(sizeof(TCHAR) * (_tcslen(wrapperData->javaArgValues[i]) + 1));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6747:48: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(strings[index], _tcslen(wrapperData->javaArgValues[i]) + 1, TEXT("%s"), wrapperData->javaArgValues[i]);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6875:55: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strings[index] = malloc(sizeof(TCHAR) * (16 + _tcslen(wrapperData->key) + 1));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6881:45: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(strings[index], 16 + _tcslen(wrapperData->key) + 1, TEXT("-Dwrapper.key=\"%s\""), wrapperData->key);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6883:45: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(strings[index], 16 + _tcslen(wrapperData->key) + 1, TEXT("-Dwrapper.key=%s"), wrapperData->key);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6941:58: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strings[index] = malloc(sizeof(TCHAR) * (_tcslen(TEXT("-Dwrapper.port.address=")) + _tcslen(wrapperData->portAddress) + 1));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6941:101: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strings[index] = malloc(sizeof(TCHAR) * (_tcslen(TEXT("-Dwrapper.port.address=")) + _tcslen(wrapperData->portAddress) + 1));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6946:44: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(strings[index], _tcslen(TEXT("-Dwrapper.port.address=")) + _tcslen(wrapperData->portAddress) + 1, TEXT("-Dwrapper.port.address=%s"), wrapperData->portAddress);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:6946:87: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(strings[index], _tcslen(TEXT("-Dwrapper.port.address=")) + _tcslen(wrapperData->portAddress) + 1, TEXT("-Dwrapper.port.address=%s"), wrapperData->portAddress);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7108:55: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strings[index] = malloc(sizeof(TCHAR) * (20 + _tcslen(wrapperVersion) + 1));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7114:45: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(strings[index], 20 + _tcslen(wrapperVersion) + 1, TEXT("-Dwrapper.version=\"%s\""), wrapperVersion);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7116:45: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(strings[index], 20 + _tcslen(wrapperVersion) + 1, TEXT("-Dwrapper.version=%s"), wrapperVersion);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7123:55: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strings[index] = malloc(sizeof(TCHAR) * (27 + _tcslen(wrapperData->nativeLibrary) + 1));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7129:45: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(strings[index], 27 + _tcslen(wrapperData->nativeLibrary) + 1, TEXT("-Dwrapper.native_library=\"%s\""), wrapperData->nativeLibrary);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7131:45: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(strings[index], 27 + _tcslen(wrapperData->nativeLibrary) + 1, TEXT("-Dwrapper.native_library=%s"), wrapperData->nativeLibrary);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7138:55: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strings[index] = malloc(sizeof(TCHAR) * (17 + _tcslen(wrapperArch) + 1));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7144:45: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(strings[index], 17 + _tcslen(wrapperArch) + 1, TEXT("-Dwrapper.arch=\"%s\""), wrapperArch);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7146:45: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(strings[index], 17 + _tcslen(wrapperArch) + 1, TEXT("-Dwrapper.arch=%s"), wrapperArch);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7237:59: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strings[index] = malloc(sizeof(TCHAR) * (25 + _tcslen(prop) + 1));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7243:49: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(strings[index], 25 + _tcslen(prop) + 1, TEXT("-Dwrapper.java.outfile=\"%s\""), prop);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7245:49: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(strings[index], 25 + _tcslen(prop) + 1, TEXT("-Dwrapper.java.outfile=%s"), prop);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7253:59: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strings[index] = malloc(sizeof(TCHAR) * (25 + _tcslen(prop) + 1));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7259:50: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(strings[index], 25 + _tcslen(prop) + 1, TEXT("-Dwrapper.java.errfile=\"%s\""), prop);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7261:49: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(strings[index], 25 + _tcslen(prop) + 1, TEXT("-Dwrapper.java.errfile=%s"), prop);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7304:50: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strings[index] = malloc(sizeof(TCHAR) * (_tcslen(prop) + 1));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7309:36: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(strings[index], _tcslen(prop) + 1, TEXT("%s"), prop);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7573:11: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
num = _tcslen(keyChars);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7636:22: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
valLen = _tcslen(propertyValues[i]);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7661:22: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
valLen = _tcslen(propertyValues[i]);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7663:17: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(work, propertyValues[i], workLen);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7703:47: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (wrapperData->ntServiceAccount && (_tcslen(wrapperData->ntServiceAccount) <= 0)) {
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7716:50: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( wrapperData->ntServicePassword && ( _tcslen( wrapperData->ntServicePassword ) <= 0 ) ) {
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7877:15: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = _tcslen(hostName);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7883:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(hostName2, hostName, len + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7886:57: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wrapperData->hostName = malloc(sizeof(TCHAR) * (_tcslen(hostName2) + 1));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7892:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(wrapperData->hostName, hostName2, _tcslen(hostName2) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7892:52: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tcsncpy(wrapperData->hostName, hostName2, _tcslen(hostName2) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7913:11: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = _tcslen(actionName);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7981:11: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = _tcslen(actionNameList);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:7987:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(workBuffer, actionNameList, len + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:8019:13: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(workBuffer, actionNameList, len + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:8154:69: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wrapperData->outputFilters[i] = malloc(sizeof(TCHAR) * (_tcslen(prop) + 1));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:8159:13: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(wrapperData->outputFilters[i], prop, _tcslen(prop) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:8159:59: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tcsncpy(wrapperData->outputFilters[i], prop, _tcslen(prop) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:8197:65: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wrapperData->outputFilters[i] = malloc(sizeof(TCHAR) * (_tcslen(TRIGGER_ADVICE_NIL_SERVER) + 1));
data/service-wrapper-java-3.5.30/src/c/wrapper.c:8202:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(wrapperData->outputFilters[i], TRIGGER_ADVICE_NIL_SERVER, _tcslen(TRIGGER_ADVICE_NIL_SERVER) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.c:8202:76: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tcsncpy(wrapperData->outputFilters[i], TRIGGER_ADVICE_NIL_SERVER, _tcslen(TRIGGER_ADVICE_NIL_SERVER) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper.h:388:13: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
int umask; /* Default umask for all files. */
data/service-wrapper-java-3.5.30/src/c/wrapper_file.c:75:28: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((path != NULL) && (_tcslen(path) >= 3) && (path[1] == TEXT(':')) && ((path[2] == TEXT('\\')) || (path[2] == TEXT('/')))) {
data/service-wrapper-java-3.5.30/src/c/wrapper_file.c:76:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(drive, path, 2);
data/service-wrapper-java-3.5.30/src/c/wrapper_file.c:215:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(encoding) == 0) {
data/service-wrapper-java-3.5.30/src/c/wrapper_file.c:228:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(encoding) == 0) {
data/service-wrapper-java-3.5.30/src/c/wrapper_file.c:270:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(interumEncoding) == 0) {
data/service-wrapper-java-3.5.30/src/c/wrapper_file.c:329:23: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = _tcslen(trimmedBuffer);
data/service-wrapper-java-3.5.30/src/c/wrapper_file.c:357:32: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
trimmedBufferLen = _tcslen(trimmedBuffer);
data/service-wrapper-java-3.5.30/src/c/wrapper_file.c:366:17: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (_tcslen(trimmedBuffer) > 0) {
data/service-wrapper-java-3.5.30/src/c/wrapper_hashmap.c:165:18: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = _tcslen(key);
data/service-wrapper-java-3.5.30/src/c/wrapper_hashmap.c:299:39: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t keySize = sizeof(TCHAR) * (_tcslen(key) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper_hashmap.c:300:41: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t valueSize = sizeof(TCHAR) * (_tcslen(value) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper_hashmap.c:322:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t keySize = sizeof(char) * (strlen(key) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper_hashmap.c:323:41: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t valueSize = sizeof(TCHAR) * (_tcslen(value) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper_hashmap.c:385:39: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t keySize = sizeof(TCHAR) * (_tcslen(key) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper_hashmap.c:399:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t keySize = sizeof(char) * (strlen(key) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:86:32: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
errorTemplateLen = _tcslen(errorTemplate) + 1;
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:96:32: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
errorTemplateLen = _tcslen(errorTemplate) + 10 + 1;
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:172:36: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
errorTemplateLen = _tcslen(errorTemplate) + strlen(multiByteEncoding) + strlen(interumEncoding) + 1;
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:172:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
errorTemplateLen = _tcslen(errorTemplate) + strlen(multiByteEncoding) + strlen(interumEncoding) + 1;
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:172:89: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
errorTemplateLen = _tcslen(errorTemplate) + strlen(multiByteEncoding) + strlen(interumEncoding) + 1;
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:182:36: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
errorTemplateLen = _tcslen(errorTemplate) + 10 + 1;
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:192:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
multiByteCharsLen = strlen(multiByteChars);
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:240:40: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
errorTemplateLen = _tcslen(errorTemplate) + 1;
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:252:40: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
errorTemplateLen = _tcslen(errorTemplate) + 1;
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:270:40: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
errorTemplateLen = _tcslen(errorTemplate) + 10 + 1;
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:286:32: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
errorTemplateLen = _tcslen(errorTemplate) + 10 + 1;
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:309:32: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
errorTemplateLen = _tcslen(errorTemplate) + 1;
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:312:32: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
errorTemplateLen = _tcslen(errorTemplate) + 10 + 1;
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:474:41: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg = malloc(sizeof(wchar_t) * (wcslen(fmt) + 1));
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:476:13: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
wcsncpy(msg, fmt, wcslen(fmt) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:476:31: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcsncpy(msg, fmt, wcslen(fmt) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:477:29: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < wcslen(fmt); i++){
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:478:49: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fmt[i] == TEXT('%') && i < wcslen(fmt) && fmt[i + 1] == TEXT('s') && (i == 0 || fmt[i - 1] != TEXT('%'))) {
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:483:17: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg[wcslen(fmt)] = TEXT('\0');
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:507:41: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg = malloc(sizeof(wchar_t) * (wcslen(fmt) + 1));
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:509:13: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
wcsncpy(msg, fmt, wcslen(fmt) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:509:31: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcsncpy(msg, fmt, wcslen(fmt) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:510:29: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < wcslen(fmt); i++){
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:511:49: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fmt[i] == TEXT('%') && i < wcslen(fmt) && fmt[i + 1] == TEXT('s') && (i == 0 || fmt[i - 1] != TEXT('%'))) {
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:516:17: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg[wcslen(fmt)] = TEXT('\0');
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:540:41: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg = malloc(sizeof(wchar_t) * (wcslen(fmt) + 1));
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:542:13: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
wcsncpy(msg, fmt, wcslen(fmt) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:542:31: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcsncpy(msg, fmt, wcslen(fmt) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:543:29: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < wcslen(fmt); i++){
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:544:49: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fmt[i] == TEXT('%') && i < wcslen(fmt) && fmt[i + 1] == TEXT('s') && (i == 0 || fmt[i - 1] != TEXT('%'))) {
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:549:17: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg[wcslen(fmt)] = TEXT('\0');
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:1354:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(*encoding) == 0) {
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:1464:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(iconvLibNameMB, "/usr/local/lib/libiconv.so", 128);
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:1469:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(iconvLibNameMB, "/usr/local/lib/libbiconv.so", 128);
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:1479:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(iconvLibNameMB, "/usr/lib32/libkiconv.so.4", 128);
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.c:1484:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(iconvLibNameMB, "/lib/libkiconv.so.4", 128);
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:185:9: [1] (buffer) _gettc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define _gettc getwc
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:233:23: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define _tcsclen wcslen
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:234:9: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define _tcslen wcslen
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:234:23: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define _tcslen wcslen
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:235:9: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
#define _tcsncat wcsncat
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:235:23: [1] (buffer) wcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
#define _tcsncat wcsncat
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:236:23: [1] (buffer) wcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
#define _tcsnccat wcsncat
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:239:23: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define _tcsnccpy wcsncpy
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:240:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define _tcsncpy wcsncpy
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:240:23: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define _tcsncpy wcsncpy
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:376:23: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define _fgettc fgetc
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:384:9: [1] (buffer) _gettc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define _gettc getc
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:384:23: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define _gettc getc
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:385:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define _gettchar getchar
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:423:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define _tcsclen strlen
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:424:9: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define _tcslen strlen
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:424:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define _tcslen strlen
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:425:9: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
#define _tcsncat strncat
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:425:23: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
#define _tcsncat strncat
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:426:23: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
#define _tcsnccat strncat
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:429:23: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define _tcsnccpy strncpy
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:430:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define _tcsncpy strncpy
data/service-wrapper-java-3.5.30/src/c/wrapper_i18n.h:430:23: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define _tcsncpy strncpy
data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:187:17: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
old_umask = umask(newUmask);
data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:189:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(old_umask);
data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:1009:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(ms * 1000); /* microseconds */
data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:1120:65: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wrapperData->jvmVersionCommand[0] = malloc(sizeof(TCHAR) * (_tcslen(strings[0]) + 1));
data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:1125:5: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(wrapperData->jvmVersionCommand[0], strings[0], _tcslen(strings[0]) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:1125:61: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tcsncpy(wrapperData->jvmVersionCommand[0], strings[0], _tcslen(strings[0]) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:1132:5: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(wrapperData->jvmVersionCommand[1], TEXT("-version"), 8 + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:1146:66: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wrapperData->jvmCommand[i] = malloc(sizeof(TCHAR) * (_tcslen(strings[i]) + 1));
data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:1151:13: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(wrapperData->jvmCommand[i], strings[i], _tcslen(strings[i]) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:1151:62: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tcsncpy(wrapperData->jvmCommand[i], strings[i], _tcslen(strings[i]) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:1352:13: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(wrapperData->javaUmask);
data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:1403:31: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenCmd += _tcslen(wrapperData->jvmCommand[i]) + 1;
data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:1710:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
*readCount = read(pipedes[PIPE_READ_END], blockBuffer, blockSize);
data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:2009:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(wrapperData->umask);
data/service-wrapper-java-3.5.30/src/c/wrapper_unix.c:2009:24: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(wrapperData->umask);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:284:11: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = _tcslen(lc);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:290:5: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(systemPath[i], lc, len + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:319:50: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mutexName = malloc(sizeof(TCHAR) * (30 + _tcslen(wrapperData->serviceName) + 1));
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:325:36: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(mutexName, 30 + _tcslen(wrapperData->serviceName) + 1, TEXT("Global\\Java Service Wrapper - %s"), wrapperData->serviceName);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:630:18: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
commandLen = _tcslen(strings[0]);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:632:19: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
commandLen += _tcslen(TEXT("-version"));
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:649:23: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
commandLen += _tcslen(strings[i]);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:665:23: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
commandLen += _tcslen(strings[i]);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:723:22: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nSubKeyLen = _tcslen(consoleSubKeyBase) + _tcslen(startupTitle) + 1;
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:723:51: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nSubKeyLen = _tcslen(consoleSubKeyBase) + _tcslen(startupTitle) + 1;
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:731:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(consoleSubKey, consoleSubKeyBase, nSubKeyLen);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:732:9: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(consoleSubKey, startupTitle, nSubKeyLen - _tcslen(consoleSubKey));
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:732:60: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tcsncat(consoleSubKey, startupTitle, nSubKeyLen - _tcslen(consoleSubKey));
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:735:23: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = (int)_tcslen(consoleSubKeyBase); i < (int)nSubKeyLen; i++) {
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:1956:11: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = _tcslen(wrapperData->jvmCommand);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3483:10: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((_tcslen(moduleFileName) >= 3) && (moduleFileName[1] == TEXT(':')) && (moduleFileName[2] == TEXT('\\'))) {
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3484:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(drive, moduleFileName, 3);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3516:21: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(buffer, unc->lpUniversalName, originalSize);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3518:30: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*reqBufferLen += _tcslen(unc->lpUniversalName);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3521:21: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(buffer, TEXT("\""), originalSize);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3522:21: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(buffer, unc->lpUniversalName, originalSize);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3523:21: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(buffer, TEXT("\""), originalSize);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3525:39: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*reqBufferLen += (1 + _tcslen(unc->lpUniversalName) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3535:17: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(buffer, moduleFileName, originalSize);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3537:30: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*reqBufferLen += _tcslen(moduleFileName);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3540:17: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(buffer, TEXT("\""), originalSize);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3541:17: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(buffer, moduleFileName, originalSize);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3542:17: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(buffer, TEXT("\""), originalSize);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3544:35: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*reqBufferLen += (1 + _tcslen(moduleFileName) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3551:9: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(buffer, TEXT(" -s "), originalSize);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3558:10: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((_tcslen(wrapperData->configFile) >= 3) && (wrapperData->configFile[1] == TEXT(':')) && (wrapperData->configFile[2] == TEXT('\\'))) {
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3559:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(drive, wrapperData->configFile, 3);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3592:21: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(buffer, unc->lpUniversalName, originalSize);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3594:34: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*reqBufferLen += _tcslen(unc->lpUniversalName);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3597:21: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(buffer, TEXT("\""), originalSize);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3598:21: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(buffer, unc->lpUniversalName, originalSize);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3599:21: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(buffer, TEXT("\""), originalSize);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3601:39: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*reqBufferLen += (1 + _tcslen(unc->lpUniversalName) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3611:17: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(buffer, wrapperData->configFile, originalSize);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3613:30: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*reqBufferLen += _tcslen(wrapperData->configFile);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3616:17: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(buffer, TEXT("\""), originalSize);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3617:17: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(buffer, wrapperData->configFile, originalSize);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3618:17: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(buffer, TEXT("\""), originalSize);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3620:35: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*reqBufferLen += (1 + _tcslen(wrapperData->configFile) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3640:17: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(buffer, TEXT(" "), originalSize);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3647:21: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(buffer, wrapperData->argValues[i], originalSize);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3649:34: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*reqBufferLen += _tcslen(wrapperData->argValues[i]);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3652:21: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(buffer, TEXT("\""), originalSize);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3653:21: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(buffer, wrapperData->argValues[i], originalSize);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3654:21: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(buffer, TEXT("\""), originalSize);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3656:38: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*reqBufferLen += 1 + _tcslen(wrapperData->argValues[i]) + 1;
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3664:13: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(buffer, TEXT(" --"), originalSize);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3670:17: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(buffer, TEXT(" "), originalSize);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3677:21: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(buffer, wrapperData->javaArgValues[i], originalSize);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3679:34: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*reqBufferLen += _tcslen(wrapperData->javaArgValues[i]);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3682:21: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(buffer, TEXT("\""), originalSize);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3683:21: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(buffer, wrapperData->javaArgValues[i], originalSize);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3684:21: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(buffer, TEXT("\""), originalSize);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3686:39: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*reqBufferLen += (1 + _tcslen(wrapperData->javaArgValues[i]) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3707:20: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
StringLength = wcslen(String);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3761:110: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ppdiDomainInfo->Name.MaximumLength,ppdiDomainInfo->Name.Length ,ppdiDomainInfo->Name.Buffer, wcslen(ppdiDomainInfo->Name.Buffer));
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3763:35: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ResName = malloc((wcslen(ppdiDomainInfo->Name.Buffer) + 1 ) * sizeof(wchar_t));
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3765:21: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(ResName, ppdiDomainInfo->Name.Buffer, wcslen(ppdiDomainInfo->Name.Buffer) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3765:68: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tcsncpy(ResName, ppdiDomainInfo->Name.Buffer, wcslen(ppdiDomainInfo->Name.Buffer) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:3775:38: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcslen(pwkiWorkstationInfo->wki100_computername))) {
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4068:27: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (domain[_tcslen(domain) - 1] == TEXT('\n')) {
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4069:20: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
domain[_tcslen(domain) - 1] = TEXT('\0');
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4080:28: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (account[_tcslen(account) - 1] == TEXT('\n')) {
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4081:21: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
account[_tcslen(account) - 1] = TEXT('\0');
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4083:31: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempAccount = malloc((_tcslen(domain) + _tcslen(account) + 2) * sizeof(TCHAR));
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4083:49: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempAccount = malloc((_tcslen(domain) + _tcslen(account) + 2) * sizeof(TCHAR));
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4090:33: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(tempAccount, _tcslen(domain) + _tcslen(account) + 2, TEXT("%s\\%s"), domain, account);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4090:51: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(tempAccount, _tcslen(domain) + _tcslen(account) + 2, TEXT("%s\\%s"), domain, account);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4137:45: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ntServicePassword != NULL) && (_tcslen(ntServicePassword) <= 0)) {
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4161:65: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((wrapperData->serviceDescription != NULL && _tcslen(wrapperData->serviceDescription) > 0)
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4167:52: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)(sizeof(TCHAR) * (_tcslen(wrapperData->serviceDescription) + 1)));
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4306:62: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newVal = malloc(sizeof(TCHAR) * (_tcslen(oldVal) + 1 + _tcslen(value) + 1));
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4306:84: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newVal = malloc(sizeof(TCHAR) * (_tcslen(oldVal) + 1 + _tcslen(value) + 1));
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4312:48: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(newVal, _tcslen(oldVal) + 1 + _tcslen(value) + 1, TEXT("%s;%s"), oldVal, value);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4312:70: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(newVal, _tcslen(oldVal) + 1 + _tcslen(value) + 1, TEXT("%s;%s"), oldVal, value);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4533:13: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(subKey, prop + 18, 512);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4536:13: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(subKey, prop + 20, 512);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4539:13: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(subKey, prop + 18, 512);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4542:13: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(subKey, prop + 19, 512);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4545:13: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(subKey, prop + 11, 512);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4614:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(javaHome, value, 512);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4622:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(subKey, TEXT("SOFTWARE\\JavaSoft\\Java Runtime Environment"), 512);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4647:9: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(subKey, TEXT("\\"), 512);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4648:9: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(subKey, jreversion, 512);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4681:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(javaHome, value, 512);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4740:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(wrapperFullPath, path, FILEPATHSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4743:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(wrapperFullPath, path, FILEPATHSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4751:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(logFileFullPath, path, FILEPATHSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4754:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(logFileFullPath, path, FILEPATHSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4762:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(defaultLogFileFullPath, path, FILEPATHSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:4765:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(defaultLogFileFullPath, path, FILEPATHSIZE);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:5901:10: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(wcslen(inputString) + 1) * sizeof(WCHAR));
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6181:16: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = _tcslen(TEXT(" Serial Number: ")) + dwData * 3 + 6 + _tcslen(TEXT(" Issuer Name: ")) + _tcslen(TEXT(" Subject Name: ")) + _tcslen(szName1) + _tcslen(szName2) + 5;
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6181:72: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = _tcslen(TEXT(" Serial Number: ")) + dwData * 3 + 6 + _tcslen(TEXT(" Issuer Name: ")) + _tcslen(TEXT(" Subject Name: ")) + _tcslen(szName1) + _tcslen(szName2) + 5;
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6181:109: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = _tcslen(TEXT(" Serial Number: ")) + dwData * 3 + 6 + _tcslen(TEXT(" Issuer Name: ")) + _tcslen(TEXT(" Subject Name: ")) + _tcslen(szName1) + _tcslen(szName2) + 5;
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6181:147: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = _tcslen(TEXT(" Serial Number: ")) + dwData * 3 + 6 + _tcslen(TEXT(" Issuer Name: ")) + _tcslen(TEXT(" Subject Name: ")) + _tcslen(szName1) + _tcslen(szName2) + 5;
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6181:166: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = _tcslen(TEXT(" Serial Number: ")) + dwData * 3 + 6 + _tcslen(TEXT(" Issuer Name: ")) + _tcslen(TEXT(" Subject Name: ")) + _tcslen(szName1) + _tcslen(szName2) + 5;
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6187:29: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Serial Number: "));
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6187:53: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Serial Number: "));
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6188:29: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT("\n %s\n"), serialNr);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6188:53: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT("\n %s\n"), serialNr);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6189:29: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Issuer Name: %s"), szName1);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6189:53: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Issuer Name: %s"), szName1);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6190:9: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(buffer, TEXT("\n"), size - _tcslen(buffer));
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6190:45: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tcsncat(buffer, TEXT("\n"), size - _tcslen(buffer));
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6191:29: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Subject Name: %s"), szName2);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6191:53: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Subject Name: %s"), szName2);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6280:25: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += _tcslen(TEXT(" Program Name : ")) + _tcslen(ProgPubInfo.lpszProgramName) + 1;
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6280:64: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += _tcslen(TEXT(" Program Name : ")) + _tcslen(ProgPubInfo.lpszProgramName) + 1;
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6287:25: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += _tcslen(TEXT(" Publisher Link : ")) + _tcslen(ProgPubInfo.lpszPublisherLink) + 1;
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6287:66: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += _tcslen(TEXT(" Publisher Link : ")) + _tcslen(ProgPubInfo.lpszPublisherLink) + 1;
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6295:25: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += _tcslen(TEXT(" MoreInfo Link : ")) + _tcslen(ProgPubInfo.lpszMoreInfoLink) + 1;
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6295:65: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += _tcslen(TEXT(" MoreInfo Link : ")) + _tcslen(ProgPubInfo.lpszMoreInfoLink) + 1;
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6318:17: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += _tcslen(TEXT(" Signer Certificate:")) + _tcslen(string1) + 2;
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6318:58: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += _tcslen(TEXT(" Signer Certificate:")) + _tcslen(string1) + 2;
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6345:21: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += _tcslen(TEXT(" TimeStamp Certificate:")) + _tcslen(string2) + 2;
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6345:65: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += _tcslen(TEXT(" TimeStamp Certificate:")) + _tcslen(string2) + 2;
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6349:25: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += _tcslen( TEXT(" Date of TimeStamp : %04d/%02d/%02d %02d:%02d")) - 8 + 1;
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6367:37: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Program Name : %s"),
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6367:61: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Program Name : %s"),
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6369:17: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(buffer, TEXT("\n"), size - _tcslen(buffer));
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6369:53: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tcsncat(buffer, TEXT("\n"), size - _tcslen(buffer));
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6372:37: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Publisher Link : %s"),
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6372:61: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Publisher Link : %s"),
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6374:17: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(buffer, TEXT("\n"), size - _tcslen(buffer));
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6374:53: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tcsncat(buffer, TEXT("\n"), size - _tcslen(buffer));
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6378:37: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" MoreInfo Link : %s"),
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6378:61: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" MoreInfo Link : %s"),
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6380:17: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(buffer, TEXT("\n"), size - _tcslen(buffer));
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6380:53: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tcsncat(buffer, TEXT("\n"), size - _tcslen(buffer));
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6383:29: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Signer Certificate:"));
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6383:53: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Signer Certificate:"));
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6384:29: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT("\n%s\n"), string1);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6384:53: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT("\n%s\n"), string1);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6386:33: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" TimeStamp Certificate:"));
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6386:57: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" TimeStamp Certificate:"));
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6387:33: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT("\n%s\n"), string2);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6387:57: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT("\n%s\n"), string2);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6390:33: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Date of TimeStamp : %04d/%02d/%02d %02d:%02d"),
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6390:57: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_sntprintf(buffer + _tcslen(buffer), size - _tcslen(buffer), TEXT(" Date of TimeStamp : %04d/%02d/%02d %02d:%02d"),
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:6734:29: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
_umask(wrapperData->umask);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7145:32: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (outbuf[_tcslen(outbuf) - 1] != TEXT('\n')) {
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7152:40: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (outbuf[_tcslen(outbuf) - 1] == TEXT('n')) {
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7154:40: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outbuf[_tcslen(outbuf) - 1] = TEXT('\0');
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7159:66: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (WriteFile(in, inbuf, (DWORD)(_tcslen(inbuf)) * sizeof(TCHAR), &inWritten, NULL) == FALSE) {
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7164:47: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (outbuf[_tcslen(outbuf) - 1] == TEXT('p')) {
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7167:40: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outbuf[_tcslen(outbuf) - 1] = TEXT('\0');
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7172:33: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(inbuf, secret, 1024);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7187:66: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (WriteFile(in, inbuf, (DWORD)(_tcslen(inbuf)) * sizeof(TCHAR), &inWritten, NULL) == FALSE) {
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7251:11: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = _tcslen(pipeBaseName) + 13;
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7344:11: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = _tcslen(namedPipeName) + 4 + 9;
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7510:24: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += _tcslen(argv[i]) + 3;
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7514:16: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += _tcslen(strNamedPipeName) + 28 + 27;
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7523:17: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(parameter, TEXT(" "), len);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7527:17: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(parameter, TEXT("wrapper.console.flush=true wrapper.internal.namedpipe="), len);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7528:17: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(parameter, strNamedPipeName, len);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7530:17: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(parameter, TEXT(" --"), len);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7532:17: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(parameter, TEXT("\""), len);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7533:17: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(parameter, argv[i], len);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7534:17: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(parameter, TEXT("\""), len);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7538:13: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(parameter, TEXT(" wrapper.console.flush=true wrapper.internal.namedpipe="), len);
data/service-wrapper-java-3.5.30/src/c/wrapper_win.c:7539:13: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
_tcsncat(parameter, strNamedPipeName, len);
data/service-wrapper-java-3.5.30/src/c/wrappereventloop.c:176:21: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
old_umask = umask(newUmask);
data/service-wrapper-java-3.5.30/src/c/wrappereventloop.c:178:9: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(old_umask);
data/service-wrapper-java-3.5.30/src/c/wrappereventloop.c:180:21: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
old_umask = umask(newUmask);
data/service-wrapper-java-3.5.30/src/c/wrappereventloop.c:182:9: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(old_umask);
data/service-wrapper-java-3.5.30/src/c/wrapperjni.c:120:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(ms * 1000); /* microseconds */
data/service-wrapper-java-3.5.30/src/c/wrapperjni.c:164:11: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = _tcslen(strW);
data/service-wrapper-java-3.5.30/src/c/wrapperjni.c:218:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(msgMB);
data/service-wrapper-java-3.5.30/src/c/wrapperjni.c:355:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/service-wrapper-java-3.5.30/src/c/wrapperjni.c:459:70: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*propertyValue = malloc(sizeof(TCHAR) * (_tcslen(keyChars) + 1));
data/service-wrapper-java-3.5.30/src/c/wrapperjni.c:464:33: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(*propertyValue, keyChars, _tcslen(keyChars) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapperjni.c:464:68: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tcsncpy(*propertyValue, keyChars, _tcslen(keyChars) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapperjni.c:475:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*propertyValue = malloc(strlen((char*)keyChars) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapperjni.c:480:33: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*)*propertyValue, (char*)keyChars, strlen((char*)keyChars) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapperjni.c:480:81: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy((char*)*propertyValue, (char*)keyChars, strlen((char*)keyChars) + 1);
data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:184:57: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
jMessage = (*env)->NewByteArray(env, (jsize)_tcslen(message) * sizeof(TCHAR));
data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:187:62: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
JNU_SetByteArrayRegion(env, &jMessage, 0, (jsize)_tcslen(message) * sizeof(TCHAR), message);
data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:1249:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(localAddr, inet_ntoa(addr), sizeof(localAddr));
data/service-wrapper-java-3.5.30/src/c/wrapperjni_win.c:1254:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(remoteAddr, inet_ntoa(addr), sizeof(remoteAddr));
ANALYSIS SUMMARY:
Hits = 1260
Lines analyzed = 38028 in approximately 1.16 seconds (32695 lines/second)
Physical Source Lines of Code (SLOC) = 26242
Hits@level = [0] 25 [1] 635 [2] 150 [3] 20 [4] 380 [5] 75
Hits@level+ = [0+] 1285 [1+] 1260 [2+] 625 [3+] 475 [4+] 455 [5+] 75
Hits/KSLOC@level+ = [0+] 48.9673 [1+] 48.0146 [2+] 23.8168 [3+] 18.1008 [4+] 17.3386 [5+] 2.85801
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.