Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/sylfilter-0.8/libsylph/procheader.c
Examining data/sylfilter-0.8/libsylph/procheader.h
Examining data/sylfilter-0.8/libsylph/procmsg.c
Examining data/sylfilter-0.8/libsylph/procmsg.h
Examining data/sylfilter-0.8/libsylph/procmime.c
Examining data/sylfilter-0.8/libsylph/procmime.h
Examining data/sylfilter-0.8/libsylph/codeconv.c
Examining data/sylfilter-0.8/libsylph/codeconv.h
Examining data/sylfilter-0.8/libsylph/base64.c
Examining data/sylfilter-0.8/libsylph/base64.h
Examining data/sylfilter-0.8/libsylph/quoted-printable.c
Examining data/sylfilter-0.8/libsylph/quoted-printable.h
Examining data/sylfilter-0.8/libsylph/unmime.c
Examining data/sylfilter-0.8/libsylph/unmime.h
Examining data/sylfilter-0.8/libsylph/uuencode.c
Examining data/sylfilter-0.8/libsylph/uuencode.h
Examining data/sylfilter-0.8/libsylph/html.c
Examining data/sylfilter-0.8/libsylph/html.h
Examining data/sylfilter-0.8/libsylph/utils.c
Examining data/sylfilter-0.8/libsylph/utils.h
Examining data/sylfilter-0.8/libsylph/defs.h
Examining data/sylfilter-0.8/lib/filter.h
Examining data/sylfilter-0.8/lib/filter-manager.h
Examining data/sylfilter-0.8/lib/filter-utils.h
Examining data/sylfilter-0.8/lib/filter-kvs.h
Examining data/sylfilter-0.8/lib/filter-kvs-qdbm.h
Examining data/sylfilter-0.8/lib/filter-kvs-sqlite.h
Examining data/sylfilter-0.8/lib/filter-kvs-gdbm.h
Examining data/sylfilter-0.8/lib/filter.c
Examining data/sylfilter-0.8/lib/filter-manager.c
Examining data/sylfilter-0.8/lib/filter-utils.c
Examining data/sylfilter-0.8/lib/filter-kvs.c
Examining data/sylfilter-0.8/lib/filter-kvs-qdbm.c
Examining data/sylfilter-0.8/lib/filter-kvs-sqlite.c
Examining data/sylfilter-0.8/lib/filter-kvs-gdbm.c
Examining data/sylfilter-0.8/lib/filter-private.h
Examining data/sylfilter-0.8/lib/filters/textcontent-filter.h
Examining data/sylfilter-0.8/lib/filters/blacklist-filter.h
Examining data/sylfilter-0.8/lib/filters/whitelist-filter.h
Examining data/sylfilter-0.8/lib/filters/wordsep-filter.h
Examining data/sylfilter-0.8/lib/filters/ngram-filter.h
Examining data/sylfilter-0.8/lib/filters/bayes-filter.h
Examining data/sylfilter-0.8/lib/filters/textcontent-filter.c
Examining data/sylfilter-0.8/lib/filters/blacklist-filter.c
Examining data/sylfilter-0.8/lib/filters/whitelist-filter.c
Examining data/sylfilter-0.8/lib/filters/wordsep-filter.c
Examining data/sylfilter-0.8/lib/filters/ngram-filter.c
Examining data/sylfilter-0.8/lib/filters/bayes-filter.c
Examining data/sylfilter-0.8/src/sylfilter.c
FINAL RESULTS:
data/sylfilter-0.8/libsylph/utils.c:126:12: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
retval = chmod(cp_path, mode);
data/sylfilter-0.8/libsylph/utils.c:135:9: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
return chmod(path, mode);
data/sylfilter-0.8/libsylph/utils.h:47:18: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
#define g_chmod chmod
data/sylfilter-0.8/lib/filter.c:163:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(d + len + 1, s); \
data/sylfilter-0.8/libsylph/procheader.c:698:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, str);
data/sylfilter-0.8/libsylph/procmime.c:933:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prev_empty_line, buf);
data/sylfilter-0.8/libsylph/procmime.c:1059:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prev_empty_line, buf);
data/sylfilter-0.8/libsylph/utils.c:1731:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ap, p);
data/sylfilter-0.8/libsylph/utils.h:116:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(__tmp, str); \
data/sylfilter-0.8/lib/filter-utils.c:129:11: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
return g_get_home_dir();
data/sylfilter-0.8/lib/filter-utils.c:134:9: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
return g_get_home_dir();
data/sylfilter-0.8/libsylph/utils.c:2174:14: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
home_dir = g_get_home_dir();
data/sylfilter-0.8/libsylph/utils.c:2181:9: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
return g_get_home_dir();
data/sylfilter-0.8/libsylph/utils.c:2984:21: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
buf_uniq[i] = tbl[g_random_int_range(0, sizeof(tbl) - 1)];
data/sylfilter-0.8/lib/filter-kvs-gdbm.c:129:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vbuf, dvalue.dptr, MIN(vsize, dvalue.dsize));
data/sylfilter-0.8/lib/filter-kvs-gdbm.c:156:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[1024];
data/sylfilter-0.8/lib/filter-kvs-gdbm.c:171:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, dkey.dptr, ksize);
data/sylfilter-0.8/lib/filter-kvs-qdbm.c:121:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vbuf[1024];
data/sylfilter-0.8/lib/filter-kvs-sqlite.c:78:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/sylfilter-0.8/lib/filter-kvs-sqlite.c:100:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/sylfilter-0.8/lib/filter-kvs-sqlite.c:116:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/sylfilter-0.8/lib/filter-kvs-sqlite.c:140:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*((gint32 *)data) = atoi(val);
data/sylfilter-0.8/lib/filter-kvs-sqlite.c:147:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/sylfilter-0.8/lib/filter-kvs-sqlite.c:203:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*((int *)data) = atoi(val);
data/sylfilter-0.8/lib/filter-kvs-sqlite.c:210:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/sylfilter-0.8/lib/filter-kvs-sqlite.c:242:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ival = atoi(val);
data/sylfilter-0.8/lib/filter-kvs-sqlite.c:252:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/sylfilter-0.8/lib/filter-kvs.c:54:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
g_return_val_if_fail(ke.open != NULL, NULL);
data/sylfilter-0.8/lib/filter-kvs.c:55:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return ke.open(dbfile);
data/sylfilter-0.8/lib/filter-kvs.c:122:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vbuf[4];
data/sylfilter-0.8/lib/filter-kvs.c:139:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vbuf[4];
data/sylfilter-0.8/lib/filter-kvs.c:161:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vbuf[4];
data/sylfilter-0.8/lib/filter-kvs.c:182:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vbuf[4];
data/sylfilter-0.8/lib/filter-kvs.h:16:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
XFilterKVS * (*open) (const char *dbfile);
data/sylfilter-0.8/lib/filter-private.h:25:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *input_mime_types[8];
data/sylfilter-0.8/lib/filter-utils.c:123:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t path[MAX_PATH + 1];
data/sylfilter-0.8/lib/filter.c:388:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/sylfilter-0.8/lib/filters/bayes-filter.c:861:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/sylfilter-0.8/lib/filters/textcontent-filter.c:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/sylfilter-0.8/lib/filters/textcontent-filter.c:135:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p + 1, " ", 2);
data/sylfilter-0.8/lib/filters/textcontent-filter.c:137:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p + 1, " ", 4);
data/sylfilter-0.8/lib/filters/textcontent-filter.c:139:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p + 1, " ", 3);
data/sylfilter-0.8/lib/filters/textcontent-filter.c:141:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p + 1, " ", 2);
data/sylfilter-0.8/libsylph/base64.c:142:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(decoder->buf, buf, sizeof(buf));
data/sylfilter-0.8/libsylph/html.c:616:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ch = atoi(symbol_name + 2);
data/sylfilter-0.8/libsylph/procmime.c:521:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
count = atoi(next);
data/sylfilter-0.8/libsylph/procmime.c:746:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
t = atoi(param->value);
data/sylfilter-0.8/libsylph/procmime.c:750:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(param->value);
data/sylfilter-0.8/libsylph/procmime.c:1043:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(prev_empty_line, "\r\n");
data/sylfilter-0.8/libsylph/unmime.c:81:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(charset, eword_begin_p + 2, len);
data/sylfilter-0.8/libsylph/utils.c:299:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(nstr);
data/sylfilter-0.8/libsylph/utils.c:2153:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t path[MAX_PATH + 1];
data/sylfilter-0.8/libsylph/utils.c:3161:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fname, tmpdir, tmplen);
data/sylfilter-0.8/libsylph/utils.c:3163:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fname + tmplen + 1, progname, proglen);
data/sylfilter-0.8/libsylph/utils.c:3164:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fname + tmplen + 1 + proglen, suffix, sizeof(suffix));
data/sylfilter-0.8/libsylph/utils.c:3169:10: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
return tmpfile();
data/sylfilter-0.8/libsylph/utils.h:30:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define g_open open
data/sylfilter-0.8/libsylph/utils.h:38:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define g_fopen fopen
data/sylfilter-0.8/libsylph/utils.h:147:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(__tmp, str1, len1); \
data/sylfilter-0.8/libsylph/utils.h:148:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(__tmp + len1, str2, len2 + 1); \
data/sylfilter-0.8/libsylph/uuencode.c:11:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char uudigit[64] =
data/sylfilter-0.8/lib/filter-kvs-gdbm.c:75:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dkey.dsize = strlen(key);
data/sylfilter-0.8/lib/filter-kvs-gdbm.c:92:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dkey.dsize = strlen(key);
data/sylfilter-0.8/lib/filter-kvs-gdbm.c:107:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dkey.dsize = strlen(key);
data/sylfilter-0.8/lib/filter-kvs-gdbm.c:124:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dkey.dsize = strlen(key);
data/sylfilter-0.8/lib/filter.c:160:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(d); \
data/sylfilter-0.8/lib/filter.c:161:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d = g_realloc(d, len + strlen(s) + 2); \
data/sylfilter-0.8/libsylph/codeconv.c:179:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outbuf = g_malloc(strlen(inbuf) * 2 + 1);
data/sylfilter-0.8/libsylph/codeconv.c:264:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outbuf = g_malloc(strlen(inbuf) * 2 + 1);
data/sylfilter-0.8/libsylph/codeconv.c:444:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outbuf = g_malloc(strlen(inbuf) * 3 + 4);
data/sylfilter-0.8/libsylph/codeconv.c:581:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outbuf = g_malloc(strlen(inbuf) * 5 + 4);
data/sylfilter-0.8/libsylph/codeconv.c:679:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outbuf = g_malloc(strlen(inbuf) * 2 + 1);
data/sylfilter-0.8/libsylph/codeconv.c:1053:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p, p + 1, strlen(p));
data/sylfilter-0.8/libsylph/codeconv.c:1096:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p, p + 1, strlen(p));
data/sylfilter-0.8/libsylph/codeconv.c:1110:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p, p + 1, strlen(p));
data/sylfilter-0.8/libsylph/codeconv.c:1143:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/sylfilter-0.8/libsylph/codeconv.c:1535:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
in_size = strlen(inbuf);
data/sylfilter-0.8/libsylph/codeconv.c:1976:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(locale_table[i].locale))) {
data/sylfilter-0.8/libsylph/codeconv.c:1982:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cur_locale) == 2 &&
data/sylfilter-0.8/libsylph/codeconv.c:2067:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(locale_table[i].locale))) {
data/sylfilter-0.8/libsylph/codeconv.c:2072:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cur_locale) == 2 &&
data/sylfilter-0.8/libsylph/codeconv.c:2276:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mimestr_len = strlen(MIMESEP_BEGIN) + strlen(mimesep_enc) +
data/sylfilter-0.8/libsylph/codeconv.c:2276:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mimestr_len = strlen(MIMESEP_BEGIN) + strlen(mimesep_enc) +
data/sylfilter-0.8/libsylph/codeconv.c:2277:3: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(MIMESEP_END);
data/sylfilter-0.8/libsylph/codeconv.c:2354:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out_str_len = strlen(out_str);
data/sylfilter-0.8/libsylph/codeconv.c:2366:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (mimestr_len + strlen(block_encoding) + out_enc_str_len <= left) {
data/sylfilter-0.8/libsylph/codeconv.c:2393:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out_str_len = strlen(out_str);
data/sylfilter-0.8/libsylph/codeconv.c:2412:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(block_encoding) +
data/sylfilter-0.8/libsylph/codeconv.c:2413:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(enc_str);
data/sylfilter-0.8/libsylph/codeconv.c:2458:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outp = out = g_malloc(strlen(str) * 3 + 1);
data/sylfilter-0.8/libsylph/codeconv.c:2494:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen(param_name);
data/sylfilter-0.8/libsylph/codeconv.c:2508:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(enc_str) <= max_linelen) {
data/sylfilter-0.8/libsylph/procheader.c:44:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(hp->name)))
data/sylfilter-0.8/libsylph/procheader.c:56:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gchar *bufp = buf + strlen(buf);
data/sylfilter-0.8/libsylph/procheader.c:64:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nexthead = fgetc(fp);
data/sylfilter-0.8/libsylph/procheader.c:88:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufp += strlen(bufp);
data/sylfilter-0.8/libsylph/procheader.c:106:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nexthead = fgetc(fp);
data/sylfilter-0.8/libsylph/procheader.c:108:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t buflen = strlen(buf);
data/sylfilter-0.8/libsylph/procheader.c:142:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufp = buf + strlen(buf);
data/sylfilter-0.8/libsylph/procheader.c:150:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nexthead = fgetc(fp);
data/sylfilter-0.8/libsylph/procheader.c:174:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufp += strlen(bufp);
data/sylfilter-0.8/libsylph/procheader.c:442:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = buf + strlen(hp->name);
data/sylfilter-0.8/libsylph/procheader.c:566:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hp = buf + strlen(hentry[hnum].name);
data/sylfilter-0.8/libsylph/procheader.c:749:11: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
result = sscanf(str, "%10s %d %9s %d %2d:%2d:%2d %5s",
data/sylfilter-0.8/libsylph/procheader.c:753:11: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
result = sscanf(str, "%3s,%d %9s %d %2d:%2d:%2d %5s",
data/sylfilter-0.8/libsylph/procheader.c:757:11: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
result = sscanf(str, "%d %9s %d %2d:%2d:%2d %5s",
data/sylfilter-0.8/libsylph/procheader.c:762:11: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
result = sscanf(str, "%10s %d %9s %d %2d:%2d:%2d",
data/sylfilter-0.8/libsylph/procheader.c:766:11: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
result = sscanf(str, "%d %9s %d %2d:%2d:%2d",
data/sylfilter-0.8/libsylph/procheader.c:771:11: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
result = sscanf(str, "%10s %d %9s %d %2d:%2d %5s",
data/sylfilter-0.8/libsylph/procheader.c:775:11: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
result = sscanf(str, "%d %9s %d %2d:%2d %5s",
data/sylfilter-0.8/libsylph/procheader.c:780:11: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
result = sscanf(str, "%10s %d %9s %d %2d:%2d",
data/sylfilter-0.8/libsylph/procheader.c:784:11: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
result = sscanf(str, "%d %9s %d %2d:%2d",
data/sylfilter-0.8/libsylph/procmime.c:213:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
boundary_len = strlen(boundary);
data/sylfilter-0.8/libsylph/procmime.c:224:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
boundary_len = strlen(boundary);
data/sylfilter-0.8/libsylph/procmime.c:307:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/sylfilter-0.8/libsylph/procmime.c:320:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fpos - partinfo->sub->fpos - strlen(buf);
data/sylfilter-0.8/libsylph/procmime.c:594:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dec_value = g_malloc(strlen(begin) + 1);
data/sylfilter-0.8/libsylph/procmime.c:620:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dec_value = g_malloc(strlen(begin) + 1);
data/sylfilter-0.8/libsylph/procmime.c:819:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(mimeinfo, buf + strlen(hp->name));
data/sylfilter-0.8/libsylph/procmime.c:822:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(mimeinfo, buf + strlen(hp->name));
data/sylfilter-0.8/libsylph/procmime.c:825:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(mimeinfo, buf + strlen(hp->name));
data/sylfilter-0.8/libsylph/procmime.c:854:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/sylfilter-0.8/libsylph/procmime.c:899:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
boundary_len = strlen(boundary);
data/sylfilter-0.8/libsylph/procmime.c:1027:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/sylfilter-0.8/libsylph/procmime.c:1051:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(prev_empty_line, "\n");
data/sylfilter-0.8/libsylph/procmime.c:1688:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
total_len = strlen(str);
data/sylfilter-0.8/libsylph/unmime.c:35:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outbuf = g_string_sized_new(strlen(encoded_str) * 2);
data/sylfilter-0.8/libsylph/utils.c:383:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len1 = strlen(s1);
data/sylfilter-0.8/libsylph/utils.c:384:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen(s2);
data/sylfilter-0.8/libsylph/utils.c:412:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen = strlen(parent);
data/sylfilter-0.8/libsylph/utils.c:437:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (s = str + strlen(str) - 1;
data/sylfilter-0.8/libsylph/utils.c:453:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (s = str + strlen(str) - 1; s >= str && *s == tail_char; s--)
data/sylfilter-0.8/libsylph/utils.c:466:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = str + strlen(str) - 1;
data/sylfilter-0.8/libsylph/utils.c:480:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
haystack_len = strlen(haystack);
data/sylfilter-0.8/libsylph/utils.c:481:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
needle_len = strlen(needle);
data/sylfilter-0.8/libsylph/utils.c:545:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/sylfilter-0.8/libsylph/utils.c:546:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s_len = strlen(suffix);
data/sylfilter-0.8/libsylph/utils.c:656:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(str, srcp, strlen(srcp) + 1);
data/sylfilter-0.8/libsylph/utils.c:669:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(str, srcp, strlen(srcp) + 1);
data/sylfilter-0.8/libsylph/utils.c:706:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(destp, srcp, strlen(srcp) + 1);
data/sylfilter-0.8/libsylph/utils.c:729:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(destp, srcp, strlen(srcp) + 1);
data/sylfilter-0.8/libsylph/utils.c:743:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(destp, srcp + 1, strlen(srcp));
data/sylfilter-0.8/libsylph/utils.c:802:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(destp, srcp + 1, strlen(srcp));
data/sylfilter-0.8/libsylph/utils.c:831:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(destp, srcp, strlen(srcp) + 1);
data/sylfilter-0.8/libsylph/utils.c:884:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(destp, srcp, strlen(srcp) + 1);
data/sylfilter-0.8/libsylph/utils.c:907:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(destp, srcp, strlen(srcp) + 1);
data/sylfilter-0.8/libsylph/utils.c:931:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = str + strlen(str) - 1;
data/sylfilter-0.8/libsylph/utils.c:1216:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p, p + 1, strlen(p));
data/sylfilter-0.8/libsylph/utils.c:1232:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p, p + spc, strlen(p + spc) + 1);
data/sylfilter-0.8/libsylph/utils.c:1250:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p, p + spc, strlen(p + spc) + 1);
data/sylfilter-0.8/libsylph/utils.c:1411:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(p);
data/sylfilter-0.8/libsylph/utils.c:1426:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
haystack_len = strlen(haystack);
data/sylfilter-0.8/libsylph/utils.c:1427:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
needle_len = strlen(needle);
data/sylfilter-0.8/libsylph/utils.c:1463:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
haystack_len = strlen(haystack);
data/sylfilter-0.8/libsylph/utils.c:1464:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
needle_len = strlen(needle);
data/sylfilter-0.8/libsylph/utils.c:1550:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_string, str, len);
data/sylfilter-0.8/libsylph/utils.c:1597:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
guint delimiter_len = strlen(delim);
data/sylfilter-0.8/libsylph/utils.c:1619:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/sylfilter-0.8/libsylph/utils.c:1681:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/sylfilter-0.8/libsylph/utils.c:1721:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
last = group + strlen(group);
data/sylfilter-0.8/libsylph/utils.c:1722:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
abbrev_group = ap = g_malloc(strlen(group) + 1);
data/sylfilter-0.8/libsylph/utils.c:1748:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) <= len)
data/sylfilter-0.8/libsylph/utils.c:1775:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((new_len = strlen(str)) <= len)
data/sylfilter-0.8/libsylph/utils.c:1835:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(file, p, q - p + 1);
data/sylfilter-0.8/libsylph/utils.c:1998:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outp = enc = g_malloc(strlen(filename) * 3 + 1);
data/sylfilter-0.8/libsylph/utils.c:2018:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outp = enc = g_malloc(strlen(mailto) * 3 + 1);
data/sylfilter-0.8/libsylph/utils.c:2051:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*to = g_malloc(strlen(tmp_mailto) + 1);
data/sylfilter-0.8/libsylph/utils.c:2076:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*cc = g_malloc(strlen(value) + 1);
data/sylfilter-0.8/libsylph/utils.c:2079:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*bcc = g_malloc(strlen(value) + 1);
data/sylfilter-0.8/libsylph/utils.c:2083:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*subject = g_malloc(strlen(value) + 1);
data/sylfilter-0.8/libsylph/utils.c:2087:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*inreplyto = g_malloc(strlen(value) + 1);
data/sylfilter-0.8/libsylph/utils.c:2091:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*body = g_malloc(strlen(value) + 1);
data/sylfilter-0.8/libsylph/utils.c:2357:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += strlen(buf) + 2;
data/sylfilter-0.8/libsylph/utils.c:2603:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/sylfilter-0.8/libsylph/utils.c:2669:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/sylfilter-0.8/libsylph/utils.c:2785:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out = outp = g_malloc(strlen(str) + 1);
data/sylfilter-0.8/libsylph/utils.c:2805:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out = outp = g_malloc(strlen(str) + 1);
data/sylfilter-0.8/libsylph/utils.c:2812:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(outp, p, last - p);
data/sylfilter-0.8/libsylph/utils.c:2816:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(outp, newline - 1, 2);
data/sylfilter-0.8/libsylph/utils.c:2824:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (last = p + strlen(p);
data/sylfilter-0.8/libsylph/utils.c:2827:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(outp, p, last - p);
data/sylfilter-0.8/libsylph/utils.c:2856:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
next = fgetc(fp);
data/sylfilter-0.8/libsylph/utils.c:2918:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
next = fgetc(fp);
data/sylfilter-0.8/libsylph/utils.c:3154:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmplen = strlen(tmpdir);
data/sylfilter-0.8/libsylph/utils.c:3158:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
proglen = strlen(progname);
data/sylfilter-0.8/libsylph/utils.c:3199:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/sylfilter-0.8/libsylph/utils.c:3230:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/sylfilter-0.8/libsylph/utils.c:3312:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(zone3, zone, 3);
data/sylfilter-0.8/libsylph/utils.c:3324:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen(zone3) == 3) {
data/sylfilter-0.8/libsylph/utils.c:3334:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen(zone3) == 1) {
data/sylfilter-0.8/libsylph/utils.c:3455:2: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(asctime(lt), "%3s %3s %d %d:%d:%d %d\n",
data/sylfilter-0.8/libsylph/utils.h:112:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((__tmp = alloca(strlen(str) + 1)) == NULL) { \
data/sylfilter-0.8/libsylph/utils.h:129:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(__tmp, str, len); \
data/sylfilter-0.8/libsylph/utils.h:141:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len1 = strlen(str1); \
data/sylfilter-0.8/libsylph/utils.h:142:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen(str2); \
ANALYSIS SUMMARY:
Hits = 195
Lines analyzed = 15878 in approximately 0.34 seconds (46229 lines/second)
Physical Source Lines of Code (SLOC) = 12806
Hits@level = [0] 100 [1] 134 [2] 47 [3] 5 [4] 6 [5] 3
Hits@level+ = [0+] 295 [1+] 195 [2+] 61 [3+] 14 [4+] 9 [5+] 3
Hits/KSLOC@level+ = [0+] 23.0361 [1+] 15.2272 [2+] 4.76339 [3+] 1.09324 [4+] 0.702796 [5+] 0.234265
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.