Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/tnftp-20200705/tnftp.h
Examining data/tnftp-20200705/src/extern.h
Examining data/tnftp-20200705/src/util.c
Examining data/tnftp-20200705/src/domacro.c
Examining data/tnftp-20200705/src/ftp.c
Examining data/tnftp-20200705/src/ruserpass.c
Examining data/tnftp-20200705/src/version.h
Examining data/tnftp-20200705/src/ssl.c
Examining data/tnftp-20200705/src/fetch.c
Examining data/tnftp-20200705/src/progressbar.c
Examining data/tnftp-20200705/src/ssl.h
Examining data/tnftp-20200705/src/progressbar.h
Examining data/tnftp-20200705/src/cmds.c
Examining data/tnftp-20200705/src/cmdtab.c
Examining data/tnftp-20200705/src/ftp_var.h
Examining data/tnftp-20200705/src/main.c
Examining data/tnftp-20200705/src/complete.c
Examining data/tnftp-20200705/libnetbsd/strerror.c
Examining data/tnftp-20200705/libnetbsd/fseeko.c
Examining data/tnftp-20200705/libnetbsd/inet_ntop.c
Examining data/tnftp-20200705/libnetbsd/strlcpy.c
Examining data/tnftp-20200705/libnetbsd/timegm.c
Examining data/tnftp-20200705/libnetbsd/inet_pton.c
Examining data/tnftp-20200705/libnetbsd/strvis.c
Examining data/tnftp-20200705/libnetbsd/strdup.c
Examining data/tnftp-20200705/libnetbsd/strunvis.c
Examining data/tnftp-20200705/libnetbsd/snprintf.c
Examining data/tnftp-20200705/libnetbsd/err.c
Examining data/tnftp-20200705/libnetbsd/strptime.c
Examining data/tnftp-20200705/libnetbsd/utimes.c
Examining data/tnftp-20200705/libnetbsd/getnameinfo.c
Examining data/tnftp-20200705/libnetbsd/getaddrinfo.c
Examining data/tnftp-20200705/libnetbsd/sl_init.c
Examining data/tnftp-20200705/libnetbsd/ftpvis.h
Examining data/tnftp-20200705/libnetbsd/setprogname.c
Examining data/tnftp-20200705/libnetbsd/glob.c
Examining data/tnftp-20200705/libnetbsd/dirname.c
Examining data/tnftp-20200705/libnetbsd/mkstemp.c
Examining data/tnftp-20200705/libnetbsd/strtoll.c
Examining data/tnftp-20200705/libnetbsd/ftpglob.h
Examining data/tnftp-20200705/libnetbsd/strlcat.c
Examining data/tnftp-20200705/libnetbsd/usleep.c
Examining data/tnftp-20200705/libnetbsd/strsep.c
Examining data/tnftp-20200705/libnetbsd/libnetbsd.c
Examining data/tnftp-20200705/libnetbsd/fgetln.c
Examining data/tnftp-20200705/libnetbsd/vasprintf.c
Examining data/tnftp-20200705/libedit/keymacro.h
Examining data/tnftp-20200705/libedit/terminal.h
Examining data/tnftp-20200705/libedit/historyn.c
Examining data/tnftp-20200705/libedit/hist.h
Examining data/tnftp-20200705/libedit/refresh.c
Examining data/tnftp-20200705/libedit/chared.c
Examining data/tnftp-20200705/libedit/hist.c
Examining data/tnftp-20200705/libedit/chartype.c
Examining data/tnftp-20200705/libedit/tokenizer.c
Examining data/tnftp-20200705/libedit/sys.h
Examining data/tnftp-20200705/libedit/tokenizern.c
Examining data/tnftp-20200705/libedit/literal.h
Examining data/tnftp-20200705/libedit/el.c
Examining data/tnftp-20200705/libedit/literal.c
Examining data/tnftp-20200705/libedit/prompt.h
Examining data/tnftp-20200705/libedit/filecomplete.h
Examining data/tnftp-20200705/libedit/keymacro.c
Examining data/tnftp-20200705/libedit/search.h
Examining data/tnftp-20200705/libedit/sig.c
Examining data/tnftp-20200705/libedit/search.c
Examining data/tnftp-20200705/libedit/terminal.c
Examining data/tnftp-20200705/libedit/chared.h
Examining data/tnftp-20200705/libedit/config.h
Examining data/tnftp-20200705/libedit/filecomplete.c
Examining data/tnftp-20200705/libedit/TEST/wtc1.c
Examining data/tnftp-20200705/libedit/TEST/tc1.c
Examining data/tnftp-20200705/libedit/TEST/test_filecompletion.c
Examining data/tnftp-20200705/libedit/TEST/rl1.c
Examining data/tnftp-20200705/libedit/sig.h
Examining data/tnftp-20200705/libedit/readline.c
Examining data/tnftp-20200705/libedit/parse.c
Examining data/tnftp-20200705/libedit/common.c
Examining data/tnftp-20200705/libedit/chartype.h
Examining data/tnftp-20200705/libedit/parse.h
Examining data/tnftp-20200705/libedit/prompt.c
Examining data/tnftp-20200705/libedit/emacs.c
Examining data/tnftp-20200705/libedit/el.h
Examining data/tnftp-20200705/libedit/history.c
Examining data/tnftp-20200705/libedit/eln.c
Examining data/tnftp-20200705/libedit/tty.h
Examining data/tnftp-20200705/libedit/map.h
Examining data/tnftp-20200705/libedit/refresh.h
Examining data/tnftp-20200705/libedit/vi.c
Examining data/tnftp-20200705/libedit/map.c
Examining data/tnftp-20200705/libedit/tty.c
Examining data/tnftp-20200705/libedit/readline/readline.h
Examining data/tnftp-20200705/libedit/histedit.h
Examining data/tnftp-20200705/libedit/read.h
Examining data/tnftp-20200705/libedit/read.c
FINAL RESULTS:
data/tnftp-20200705/src/ftp.c:978:8: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(local, (S_IRUSR|S_IWUSR)) < 0) {
data/tnftp-20200705/libedit/TEST/tc1.c:279:5: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(av[0], (char *const *)__UNCONST(av));
data/tnftp-20200705/libedit/TEST/wtc1.c:249:5: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(nav[0],(char **)nav);
data/tnftp-20200705/libedit/el.h:153:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf a; \
data/tnftp-20200705/libedit/filecomplete.c:349:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(filename, temp);
data/tnftp-20200705/libedit/keymacro.c:602:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf(el->el_outfile, fmt,
data/tnftp-20200705/libedit/keymacro.c:610:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf(el->el_outfile, fmt,
data/tnftp-20200705/libedit/keymacro.c:626:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf(el->el_outfile, fmt, ct_encode_string(key,
data/tnftp-20200705/libedit/readline.c:532:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(r, s);
data/tnftp-20200705/libedit/readline.c:890:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(&with[len], from);
data/tnftp-20200705/libedit/readline.c:944:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy((*output) + 4, str);
data/tnftp-20200705/libedit/readline.c:1090:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(result + len, arr[i]);
data/tnftp-20200705/libedit/readline.c:1233:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(template, _history_tmp_template);
data/tnftp-20200705/libedit/refresh.c:75:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf b; \
data/tnftp-20200705/libedit/terminal.c:365:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(*str, cap); /* XXX strcpy is safe */
data/tnftp-20200705/libedit/terminal.c:373:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(*str = &el->el_terminal.t_buf[
data/tnftp-20200705/libedit/terminal.c:399:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(*str = &el->el_terminal.t_buf[el->el_terminal.t_loc],
data/tnftp-20200705/libedit/terminal.c:1485:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf(el->el_outfile, fmts, EL_CAN_TAB ? "yes" : "no");
data/tnftp-20200705/libedit/terminal.c:1488:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf(el->el_outfile, fmts, Val(T_km) ? "yes" : "no");
data/tnftp-20200705/libedit/terminal.c:1491:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf(el->el_outfile, fmts, EL_HAS_MAGIC_MARGINS ?
data/tnftp-20200705/libedit/terminal.c:1495:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf(el->el_outfile, fmts, EL_HAS_AUTO_MARGINS ?
data/tnftp-20200705/libedit/terminal.c:1499:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf(el->el_outfile, fmtd, (int)el->el_tty.t_speed);
data/tnftp-20200705/libedit/terminal.c:1503:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf(el->el_outfile, fmtd, Val(T_li));
data/tnftp-20200705/libedit/terminal.c:1506:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf(el->el_outfile, fmtd, Val(T_co));
data/tnftp-20200705/libedit/vi.c:1047:3: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp("vi", "vi", tempfile, (char *)NULL);
data/tnftp-20200705/libnetbsd/err.c:40:9: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void)vfprintf(stderr, fmt, ap);
data/tnftp-20200705/libnetbsd/err.c:56:9: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void)vfprintf(stderr, fmt, ap);
data/tnftp-20200705/libnetbsd/err.c:72:9: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void)vfprintf(stderr, fmt, ap);
data/tnftp-20200705/libnetbsd/err.c:87:9: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void)vfprintf(stderr, fmt, ap);
data/tnftp-20200705/libnetbsd/getaddrinfo.c:903:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ai->ai_canonname, str);
data/tnftp-20200705/libnetbsd/getnameinfo.c:144:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(serv, sp->s_name);
data/tnftp-20200705/libnetbsd/getnameinfo.c:149:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(serv, numserv);
data/tnftp-20200705/libnetbsd/getnameinfo.c:222:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(host, numaddr);
data/tnftp-20200705/libnetbsd/getnameinfo.c:244:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(host, hp->h_name);
data/tnftp-20200705/libnetbsd/getnameinfo.c:287:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(host, numaddr);
data/tnftp-20200705/libnetbsd/snprintf.c:670:1: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(char *str, size_t count, const char *fmt, va_list args)
data/tnftp-20200705/libnetbsd/snprintf.c:681:1: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(char *str, size_t count, const char *fmt, ...)
data/tnftp-20200705/libnetbsd/snprintf.c:687:7: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
rv = vsnprintf(str, count, fmt, ap);
data/tnftp-20200705/libnetbsd/snprintf.c:755:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf1, sizeof(buf1), fp_fmt[x], fp_nums[y]);
data/tnftp-20200705/libnetbsd/snprintf.c:756:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf2, fp_fmt[x], fp_nums[y]);
data/tnftp-20200705/libnetbsd/snprintf.c:771:10: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = snprintf(buf1, sizeof(buf1), int_fmt[x], int_nums[y]);
data/tnftp-20200705/libnetbsd/snprintf.c:773:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf2, int_fmt[x], int_nums[y]);
data/tnftp-20200705/libnetbsd/vasprintf.c:60:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
retval = vsnprintf(buf, len, fmt, ap);
data/tnftp-20200705/libnetbsd/vasprintf.c:86:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
retval = vsnprintf(buf, len, fmt, ap2);
data/tnftp-20200705/src/cmds.c:1464:4: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl(shellp, shellnam, "-c", altarg, (char *)0);
data/tnftp-20200705/src/cmds.c:1467:4: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl(shellp, shellnam, (char *)0);
data/tnftp-20200705/src/cmds.c:1508:15: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
password = getpass("Password: ");
data/tnftp-20200705/src/cmds.c:1520:15: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
password = getpass("Account: ");
data/tnftp-20200705/src/cmds.c:1832:8: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
ap = getpass("Account:");
data/tnftp-20200705/src/cmds.c:2603:2: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(pager);
data/tnftp-20200705/src/fetch.c:288:13: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
gotpass = getpass("Password: ");
data/tnftp-20200705/src/fetch.c:783:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(ttyout, "restarting at " LLF, (LLT)restart_point);
data/tnftp-20200705/src/fetch.c:951:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(ttyout, LLF "-" LLF, (LLT)pi->rangestart,
data/tnftp-20200705/src/fetch.c:1531:11: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fout = popen(savefile + 1, "w");
data/tnftp-20200705/src/ftp.c:348:4: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(ttyout, fmt, ap);
data/tnftp-20200705/src/ftp.c:364:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(cout, fmt, ap);
data/tnftp-20200705/src/ftp.c:724:9: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fin = popen(local + 1, "r");
data/tnftp-20200705/src/ftp.c:958:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(local, W_OK) < 0) {
data/tnftp-20200705/src/ftp.c:968:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
d = access(dir == local ? "/" :
data/tnftp-20200705/src/ftp.c:1029:10: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fout = popen(local + 1, "w");
data/tnftp-20200705/src/ftp.c:2015:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
d = access(cp == local ? "/" : cp ? local : ".", W_OK);
data/tnftp-20200705/src/ftp.c:2037:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((d = access(new, F_OK)) < 0)
data/tnftp-20200705/src/ftp_var.h:350:49: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DPRINTF(...) DWFTP(if (ftp_debug) (void)fprintf(ttyout, __VA_ARGS__))
data/tnftp-20200705/src/ftp_var.h:360:28: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define UPRINTF(...) (void)fprintf(ttyout, __VA_ARGS__)
data/tnftp-20200705/src/main.c:467:7: [4] (misc) getlogin:
It's often easy to fool getlogin. Sometimes it does not work at all,
because some program messed up the utmp file. Often, it gives only the
first 8 characters of the login name. The user currently logged in on the
controlling tty of our program need not be the user who started it. Avoid
getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid())
and extract the desired information instead.
cp = getlogin();
data/tnftp-20200705/src/progressbar.c:340:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len += snprintf(buf + len, BUFLEFT, LLF " byte%s %s in ",
data/tnftp-20200705/src/ssl.h:52:22: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define fetch_printf fprintf
data/tnftp-20200705/src/util.c:446:8: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
p = getpass("Password: ");
data/tnftp-20200705/src/util.c:458:8: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
p = getpass("Account: ");
data/tnftp-20200705/tnftp.h:347:7: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
char *getpass(const char *);
data/tnftp-20200705/tnftp.h:399:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int snprintf(char *, size_t, const char *, ...);
data/tnftp-20200705/tnftp.h:458:10: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
# define getpass getpassphrase
data/tnftp-20200705/libedit/el.c:534:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((fname = getenv("EDITRC")) == NULL) {
data/tnftp-20200705/libedit/el.c:538:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((ptr = getenv("HOME")) == NULL)
data/tnftp-20200705/libedit/terminal.c:861:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
term = getenv("TERM");
data/tnftp-20200705/libnetbsd/glob.c:440:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((h = getenv("HOME")) == NULL) {
data/tnftp-20200705/src/cmds.c:1450:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
shellp = getenv("SHELL");
data/tnftp-20200705/src/fetch.c:741:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((useragent = getenv("FTPUSERAGENT")) != NULL) {
data/tnftp-20200705/src/main.c:167:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cp = getenv("FTPSERVERPORT");
data/tnftp-20200705/src/main.c:215:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cp = getenv("NETRC");
data/tnftp-20200705/src/main.c:220:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((tmpdir = getenv("TMPDIR")) == NULL)
data/tnftp-20200705/src/main.c:224:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cp = getenv("FTPMODE")) != NULL) {
data/tnftp-20200705/src/main.c:246:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
gateserver = getenv("FTPSERVER");
data/tnftp-20200705/src/main.c:257:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cp = getenv("TERM");
data/tnftp-20200705/src/main.c:278:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "46AadefginN:o:pP:q:r:Rs:tT:u:vVx:")) != -1) {
data/tnftp-20200705/src/main.c:463:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cp = getenv("HOME");
data/tnftp-20200705/src/main.c:504:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
setupoption("anonpass", getenv("FTPANONPASS"), anonpass);
data/tnftp-20200705/src/main.c:505:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
setupoption("ftp_proxy", getenv(FTP_PROXY), "");
data/tnftp-20200705/src/main.c:506:28: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
setupoption("http_proxy", getenv(HTTP_PROXY), "");
data/tnftp-20200705/src/main.c:507:29: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
setupoption("https_proxy", getenv(HTTPS_PROXY), "");
data/tnftp-20200705/src/main.c:508:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
setupoption("no_proxy", getenv(NO_PROXY), "");
data/tnftp-20200705/src/main.c:509:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
setupoption("pager", getenv("PAGER"), DEFAULTPAGER);
data/tnftp-20200705/src/main.c:510:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
setupoption("prompt", getenv("FTPPROMPT"), DEFAULTPROMPT);
data/tnftp-20200705/src/main.c:511:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
setupoption("rprompt", getenv("FTPRPROMPT"), DEFAULTRPROMPT);
data/tnftp-20200705/src/util.c:902:6: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (realpath(parentdir, realdir) == NULL) {
data/tnftp-20200705/libedit/TEST/test_filecompletion.c:49:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *expanded_text[2]; /* the value to which completion_function_input should be expanded */
data/tnftp-20200705/libedit/TEST/wtc1.c:66:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t dir[1024];
data/tnftp-20200705/libedit/chared.c:78:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(vu->buf, el->el_line.buffer, size * sizeof(*vu->buf));
data/tnftp-20200705/libedit/chared.c:96:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(k->buf, ptr, (size_t)size * sizeof(*k->buf));
data/tnftp-20200705/libedit/chared.c:663:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(cp, prompt, (size_t)len * sizeof(*cp));
data/tnftp-20200705/libedit/chartype.c:192:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MB_LEN_MAX];
data/tnftp-20200705/libedit/common.c:829:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t tmpbuf[EL_BUFSIZ];
data/tnftp-20200705/libedit/el.c:247:9: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const wchar_t *argv[20];
data/tnftp-20200705/libedit/el.c:446:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[3];
data/tnftp-20200705/libedit/el.c:560:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(fname, "r");
data/tnftp-20200705/libedit/eln.c:170:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *argv[20];
data/tnftp-20200705/libedit/eln.c:217:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *args[2];
data/tnftp-20200705/libedit/eln.c:328:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[3];
data/tnftp-20200705/libedit/filecomplete.c:73:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pwbuf[1024];
data/tnftp-20200705/libedit/filecomplete.c:529:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *s1 = ((const char * const *)i1)[0];
data/tnftp-20200705/libedit/filecomplete.c:530:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *s2 = ((const char * const *)i2)[0];
data/tnftp-20200705/libedit/hist.c:145:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(el->el_line.buffer, hp, hlen * sizeof(*hp));
data/tnftp-20200705/libedit/history.c:434:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, evp->str, elen * sizeof(*s));
data/tnftp-20200705/libedit/history.c:435:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s + elen, str, slen * sizeof(*s));
data/tnftp-20200705/libedit/history.c:791:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fname, "r")) == NULL)
data/tnftp-20200705/libedit/history.c:900:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fname, "w")) == NULL)
data/tnftp-20200705/libedit/keymacro.c:593:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unparsbuf[EL_BUFSIZ];
data/tnftp-20200705/libedit/keymacro.c:656:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t dbuf[VISUAL_WIDTH_MAX];
data/tnftp-20200705/libedit/map.c:934:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy(el->el_map.help, el_func_help,
data/tnftp-20200705/libedit/map.c:939:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(el->el_map.func, el_func, sizeof(*el->el_map.func)
data/tnftp-20200705/libedit/map.c:995:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t buf[3];
data/tnftp-20200705/libedit/map.c:1067:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t buf[3];
data/tnftp-20200705/libedit/map.c:1140:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outbuf[EL_BUFSIZ];
data/tnftp-20200705/libedit/map.c:1164:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t firstbuf[2], lastbuf[2];
data/tnftp-20200705/libedit/map.c:1165:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unparsbuf[EL_BUFSIZ], extrabuf[EL_BUFSIZ];
data/tnftp-20200705/libedit/map.c:1265:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t inbuf[EL_BUFSIZ];
data/tnftp-20200705/libedit/map.c:1266:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t outbuf[EL_BUFSIZ];
data/tnftp-20200705/libedit/prompt.c:67:9: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static wchar_t a[3] = L"? ";
data/tnftp-20200705/libedit/prompt.c:80:9: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static wchar_t a[1] = L"";
data/tnftp-20200705/libedit/read.c:287:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cbuf[MB_LEN_MAX];
data/tnftp-20200705/libedit/readline.c:528:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r, with, with_len);
data/tnftp-20200705/libedit/readline.c:691:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[4];
data/tnftp-20200705/libedit/readline.c:1221:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char template[sizeof(_history_tmp_template)];
data/tnftp-20200705/libedit/readline.c:1222:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/tnftp-20200705/libedit/readline.c:1231:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "r+")) == NULL)
data/tnftp-20200705/libedit/readline.c:1234:12: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if ((fd = mkstemp(template)) == -1) {
data/tnftp-20200705/libedit/readline.c:1402:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "a")) == NULL)
data/tnftp-20200705/libedit/readline.c:1821:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pwbuf[1024];
data/tnftp-20200705/libedit/readline.c:1868:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[2];
data/tnftp-20200705/libedit/readline.c:1902:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arr[2];
data/tnftp-20200705/libedit/readline.c:1969:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fooarr[2 * sizeof(int)];
data/tnftp-20200705/libedit/readline.c:1999:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arr[2];
data/tnftp-20200705/libedit/readline.c:2060:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dest[8];
data/tnftp-20200705/libedit/readline.c:2118:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[2];
data/tnftp-20200705/libedit/readline.c:2127:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[2];
data/tnftp-20200705/libedit/readline.c:2181:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2];
data/tnftp-20200705/libedit/readline.c:2257:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/tnftp-20200705/libedit/readline.c:2309:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(list[0], list[1], min);
data/tnftp-20200705/libedit/refresh.c:155:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t visbuf[VISUAL_WIDTH_MAX];
data/tnftp-20200705/libedit/refresh.c:1181:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t visbuf[VISUAL_WIDTH_MAX];
data/tnftp-20200705/libedit/search.c:216:9: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static wchar_t endcmd[2] = {'\0', '\0'};
data/tnftp-20200705/libedit/search.c:462:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t tmpbuf[EL_BUFSIZ];
data/tnftp-20200705/libedit/terminal.c:346:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char termbuf[TC_BUFSIZE];
data/tnftp-20200705/libedit/terminal.c:391:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(el->el_terminal.t_buf, termbuf, TC_BUFSIZE);
data/tnftp-20200705/libedit/terminal.c:847:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[TC_BUFSIZE];
data/tnftp-20200705/libedit/terminal.c:1159:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wt_str[VISUAL_WIDTH_MAX];
data/tnftp-20200705/libedit/terminal.c:1232:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MB_LEN_MAX +1];
data/tnftp-20200705/libedit/terminal.c:1261:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t visbuf[VISUAL_WIDTH_MAX +1];
data/tnftp-20200705/libedit/terminal.c:1323:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char what[8], how[8];
data/tnftp-20200705/libedit/terminal.c:1459:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[TC_BUFSIZE];
data/tnftp-20200705/libedit/tty.c:584:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy(el->el_tty.t_t, ttyperm, sizeof(ttyperm_t));
data/tnftp-20200705/libedit/tty.c:585:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy(el->el_tty.t_c, ttychar, sizeof(ttychar_t));
data/tnftp-20200705/libedit/tty.c:907:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t new[2], old[2];
data/tnftp-20200705/libedit/tty.c:1166:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[EL_BUFSIZ];
data/tnftp-20200705/libedit/tty.h:460:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char ttychar_t[NN_IO][C_NCC];
data/tnftp-20200705/libedit/vi.c:125:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy(el->el_line.cursor, k->buf, len *
data/tnftp-20200705/libedit/vi.c:938:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alias_name[3];
data/tnftp-20200705/libedit/vi.c:1023:7: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
fd = mkstemp(tempfile);
data/tnftp-20200705/libnetbsd/dirname.c:40:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char result[PATH_MAX];
data/tnftp-20200705/libnetbsd/dirname.c:68:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, path, len);
data/tnftp-20200705/libnetbsd/getaddrinfo.c:311:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pai, hints, sizeof(*pai));
data/tnftp-20200705/libnetbsd/getaddrinfo.c:627:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
aplist = (char **)malloc(sizeof(aplist[0]) * naddrs);
data/tnftp-20200705/libnetbsd/getaddrinfo.c:639:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&apbuf[i * hp->h_length], hp->h_addr_list[i],
data/tnftp-20200705/libnetbsd/getaddrinfo.c:762:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pton[PTON_MAX];
data/tnftp-20200705/libnetbsd/getaddrinfo.c:919:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ai, pai, sizeof(struct addrinfo));
data/tnftp-20200705/libnetbsd/getaddrinfo.c:928:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p + afd->a_off, addr, (size_t)afd->a_addrlen);
data/tnftp-20200705/libnetbsd/getaddrinfo.c:978:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = htons(atoi(servname));
data/tnftp-20200705/libnetbsd/getnameinfo.c:100:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numserv[512];
data/tnftp-20200705/libnetbsd/getnameinfo.c:101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numaddr[512];
data/tnftp-20200705/libnetbsd/getnameinfo.c:278:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numaddr[512];
data/tnftp-20200705/libnetbsd/getnameinfo.c:293:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scopebuf[MAXHOSTNAMELEN];
data/tnftp-20200705/libnetbsd/getnameinfo.c:305:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(host + numaddrlen + 1, scopebuf,
data/tnftp-20200705/libnetbsd/glob.c:411:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pwbuf[1024];
data/tnftp-20200705/libnetbsd/glob.c:709:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/tnftp-20200705/libnetbsd/glob.c:1083:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/tnftp-20200705/libnetbsd/glob.c:1104:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/tnftp-20200705/libnetbsd/glob.c:1120:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/tnftp-20200705/libnetbsd/inet_ntop.c:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[sizeof "255.255.255.255"];
data/tnftp-20200705/libnetbsd/inet_ntop.c:116:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[sizeof "ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255"];
data/tnftp-20200705/libnetbsd/inet_pton.c:188:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, &val, NS_INADDRSZ);
data/tnftp-20200705/libnetbsd/inet_pton.c:212:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[NS_IN6ADDRSZ], *tp, *endp, *colonp;
data/tnftp-20200705/libnetbsd/inet_pton.c:289:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, tmp, NS_IN6ADDRSZ);
data/tnftp-20200705/libnetbsd/mkstemp.c:36:1: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
mkstemp(char *path)
data/tnftp-20200705/libnetbsd/mkstemp.c:46:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char xtra[2] = "aa";
data/tnftp-20200705/libnetbsd/mkstemp.c:102:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(path, O_CREAT | O_EXCL | O_RDWR, 0600)) >= 0)
data/tnftp-20200705/libnetbsd/snprintf.c:412:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char convert[20];
data/tnftp-20200705/libnetbsd/snprintf.c:534:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iconvert[20];
data/tnftp-20200705/libnetbsd/snprintf.c:535:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fconvert[20];
data/tnftp-20200705/libnetbsd/snprintf.c:701:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[LONG_STRING];
data/tnftp-20200705/libnetbsd/snprintf.c:702:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[LONG_STRING];
data/tnftp-20200705/libnetbsd/strdup.c:44:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy, str, len);
data/tnftp-20200705/libnetbsd/strptime.c:45:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *day[7] = {
data/tnftp-20200705/libnetbsd/strptime.c:49:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *abday[7] = {
data/tnftp-20200705/libnetbsd/strptime.c:52:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *mon[12] = {
data/tnftp-20200705/libnetbsd/strptime.c:56:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *abmon[12] = {
data/tnftp-20200705/libnetbsd/strptime.c:60:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *am_pm[2] = {
data/tnftp-20200705/src/cmds.c:170:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cline[BUFSIZ];
data/tnftp-20200705/src/cmds.c:413:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/tnftp-20200705/src/cmds.c:489:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/tnftp-20200705/src/cmds.c:513:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/tnftp-20200705/src/cmds.c:540:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/tnftp-20200705/src/cmds.c:588:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/tnftp-20200705/src/cmds.c:719:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/tnftp-20200705/src/cmds.c:765:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN], cmdbuf[MAX_C_NAME];
data/tnftp-20200705/src/cmds.c:773:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(argv[1], "r");
data/tnftp-20200705/src/cmds.c:1051:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char gsbuf[MAXHOSTNAMELEN];
data/tnftp-20200705/src/cmds.c:1436:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shellnam[MAXPATHLEN];
data/tnftp-20200705/src/cmds.c:1679:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ]; /* must be >= sizeof(line) */
data/tnftp-20200705/src/cmds.c:1867:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdbuf[MAX_C_NAME];
data/tnftp-20200705/src/cmds.c:2052:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *tp[9], *te[9];
data/tnftp-20200705/src/complete.c:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char insertstr[MAXPATHLEN];
data/tnftp-20200705/src/complete.c:171:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[MAXPATHLEN];
data/tnftp-20200705/src/complete.c:228:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/tnftp-20200705/src/complete.c:235:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suffix[2] = " ";
data/tnftp-20200705/src/complete.c:283:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lastdir[MAXPATHLEN];
data/tnftp-20200705/src/complete.c:285:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[MAXPATHLEN];
data/tnftp-20200705/src/complete.c:289:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdbuf[MAX_C_NAME];
data/tnftp-20200705/src/complete.c:290:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *dummyargv[3] = { NULL, NULL, NULL };
data/tnftp-20200705/src/complete.c:361:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char word[FTPBUFLEN];
data/tnftp-20200705/src/domacro.c:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp1, *cp2, line2[FTPBUFLEN];
data/tnftp-20200705/src/domacro.c:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdbuf[MAX_C_NAME];
data/tnftp-20200705/src/fetch.c:235:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuser[BUFSIZ], *gotpass;
data/tnftp-20200705/src/fetch.c:584:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hname[NI_MAXHOST], sname[NI_MAXSERV];
data/tnftp-20200705/src/fetch.c:840:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hname[NI_MAXHOST], *p;
data/tnftp-20200705/src/fetch.c:982:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reply[10];
data/tnftp-20200705/src/fetch.c:1012:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[FTPBUFLEN], *ep;
data/tnftp-20200705/src/fetch.c:1174:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[FTPBUFLEN], *ep;
data/tnftp-20200705/src/fetch.c:1558:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(savefile, "a");
data/tnftp-20200705/src/fetch.c:1560:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(savefile, "w");
data/tnftp-20200705/src/fetch.c:1779:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuf[100];
data/tnftp-20200705/src/fetch.c:1796:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuf[100];
data/tnftp-20200705/src/fetch.c:1817:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, *xargv[5], rempath[MAXPATHLEN];
data/tnftp-20200705/src/fetch.c:1819:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdbuf[MAXPATHLEN];
data/tnftp-20200705/src/fetch.c:1820:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirbuf[4];
data/tnftp-20200705/src/fetch.c:2291:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *uargv[4], *path, *pathsep;
data/tnftp-20200705/src/fetch.c:2294:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdbuf[MAX_C_NAME];
data/tnftp-20200705/src/ftp.c:140:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pasv[BUFSIZ]; /* passive port for proxy data connection */
data/tnftp-20200705/src/ftp.c:172:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hostnamebuf[MAXHOSTNAMELEN];
data/tnftp-20200705/src/ftp.c:200:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hname[NI_MAXHOST], sname[NI_MAXSERV];
data/tnftp-20200705/src/ftp.c:245:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&hisctladdr.si_su, res->ai_addr, res->ai_addrlen);
data/tnftp-20200705/src/ftp.c:385:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_line[BUFSIZ]; /* last line of previous reply */
data/tnftp-20200705/src/ftp.c:564:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuf[100];
data/tnftp-20200705/src/ftp.c:733:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(local, "r");
data/tnftp-20200705/src/ftp.c:1038:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(local, lmode);
data/tnftp-20200705/src/ftp.c:1462:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char delim[4];
data/tnftp-20200705/src/ftp.c:1555:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hname[NI_MAXHOST], sname[NI_MAXSERV];
data/tnftp-20200705/src/ftp.c:1764:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXHOSTNAMELEN];
data/tnftp-20200705/src/ftp.c:1776:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nti[17];
data/tnftp-20200705/src/ftp.c:1777:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nto[17];
data/tnftp-20200705/src/ftp.c:1779:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi[MAXPATHLEN];
data/tnftp-20200705/src/ftp.c:1780:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mo[MAXPATHLEN];
data/tnftp-20200705/src/ftp.c:2008:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char new[MAXPATHLEN];
data/tnftp-20200705/src/ftp.c:2060:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuf[100];
data/tnftp-20200705/src/ftp.c:2075:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[BUFSIZ];
data/tnftp-20200705/src/ftp.c:2160:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ai->ai_addr, &sin, len);
data/tnftp-20200705/src/ftp_var.h:146:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mac_name[9]; /* macro name */
data/tnftp-20200705/src/ftp_var.h:233:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GLOBAL char ntin[17]; /* input translation table */
data/tnftp-20200705/src/ftp_var.h:234:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GLOBAL char ntout[17]; /* output translation table */
data/tnftp-20200705/src/ftp_var.h:235:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GLOBAL char mapin[MAXPATHLEN]; /* input map template */
data/tnftp-20200705/src/ftp_var.h:236:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GLOBAL char mapout[MAXPATHLEN]; /* output map template */
data/tnftp-20200705/src/ftp_var.h:237:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GLOBAL char typename[32]; /* name of file transfer type */
data/tnftp-20200705/src/ftp_var.h:240:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GLOBAL char structname[32]; /* name of file transfer structure */
data/tnftp-20200705/src/ftp_var.h:242:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GLOBAL char formname[32]; /* name of file transfer format */
data/tnftp-20200705/src/ftp_var.h:244:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GLOBAL char modename[32]; /* name of file transfer mode */
data/tnftp-20200705/src/ftp_var.h:246:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GLOBAL char bytename[32]; /* local byte size in ascii */
data/tnftp-20200705/src/ftp_var.h:275:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GLOBAL char localcwd[MAXPATHLEN]; /* local dir */
data/tnftp-20200705/src/ftp_var.h:276:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GLOBAL char remotecwd[MAXPATHLEN]; /* remote dir */
data/tnftp-20200705/src/ftp_var.h:292:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GLOBAL char line[FTPBUFLEN]; /* input line buffer */
data/tnftp-20200705/src/ftp_var.h:294:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GLOBAL char argbuf[FTPBUFLEN]; /* argument storage buffer */
data/tnftp-20200705/src/ftp_var.h:309:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GLOBAL char macbuf[4096];
data/tnftp-20200705/src/ftp_var.h:313:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GLOBAL char netrc[MAXPATHLEN]; /* path to .netrc file */
data/tnftp-20200705/src/ftp_var.h:314:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GLOBAL char reply_string[BUFSIZ]; /* first line of previous reply */
data/tnftp-20200705/src/main.c:377:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *targv[6], *oac;
data/tnftp-20200705/src/main.c:378:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdbuf[MAX_C_NAME];
data/tnftp-20200705/src/main.c:539:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *xargv[4], *uuser, *host;
data/tnftp-20200705/src/main.c:540:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdbuf[MAXPATHLEN];
data/tnftp-20200705/src/main.c:605:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MAXPATHLEN];
data/tnftp-20200705/src/main.c:626:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MAXPATHLEN];
data/tnftp-20200705/src/main.c:653:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdbuf[MAX_C_NAME];
data/tnftp-20200705/src/main.c:701:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(line, buf, num);
data/tnftp-20200705/src/main.c:835:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bangstr[2] = { '!', '\0' };
data/tnftp-20200705/src/main.c:836:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dollarstr[2] = { '$', '\0' };
data/tnftp-20200705/src/main.c:970:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *nargv[1], *cmd;
data/tnftp-20200705/src/main.c:999:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdbuf[MAX_C_NAME];
data/tnftp-20200705/src/progressbar.c:157:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256]; /* workspace for progress bar */
data/tnftp-20200705/src/progressbar.c:325:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256]; /* Work variable for transfer status. */
data/tnftp-20200705/src/ruserpass.c:73:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tokval[100];
data/tnftp-20200705/src/ruserpass.c:94:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char myname[MAXHOSTNAMELEN + 1];
data/tnftp-20200705/src/ruserpass.c:100:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cfile = fopen(netrc, "r");
data/tnftp-20200705/src/ssl.c:240:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(fname, O_RDONLY); /* XXX: fmode */
data/tnftp-20200705/src/ssl.c:347:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(conn->cache.buf, src, nbytes);
data/tnftp-20200705/src/ssl.c:410:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, conn->cache.buf, total);
data/tnftp-20200705/src/ssl.c:524:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, conn->buf + conn->bufpos, tmpsize);
data/tnftp-20200705/src/ssl.h:56:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define fetch_open fopen
data/tnftp-20200705/src/util.c:381:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[80];
data/tnftp-20200705/src/util.c:548:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MAXPATHLEN];
data/tnftp-20200705/src/util.c:551:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[MAXPATHLEN];
data/tnftp-20200705/src/util.c:580:13: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if ((fd = mkstemp(temp)) < 0) {
data/tnftp-20200705/src/util.c:604:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ftemp = fopen(temp, "r");
data/tnftp-20200705/src/util.c:794:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char result[50];
data/tnftp-20200705/src/util.c:891:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char parentdirbuf[PATH_MAX+1], *parentdir;
data/tnftp-20200705/src/util.c:892:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char realdir[PATH_MAX+1];
data/tnftp-20200705/src/util.c:1374:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hname[NI_MAXHOST];
data/tnftp-20200705/src/util.c:1375:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sname[NI_MAXSERV];
data/tnftp-20200705/src/util.c:1395:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bname[NI_MAXHOST];
data/tnftp-20200705/tnftp.h:390:5: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
int mkstemp(char *);
data/tnftp-20200705/tnftp.h:453:25: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define memmove(a,b,c) bcopy((b),(a),(c))
data/tnftp-20200705/libedit/TEST/tc1.c:107:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len > strlen(dp->d_name))
data/tnftp-20200705/libedit/TEST/test_filecompletion.c:533:15: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
input_len = wcslen(inputs[i].user_typed_text);
data/tnftp-20200705/libedit/TEST/wtc1.c:88:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (mblen > strlen(dp->d_name))
data/tnftp-20200705/libedit/chared.c:601:26: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s == NULL || (len = wcslen(s)) == 0)
data/tnftp-20200705/libedit/chared.c:662:18: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (ssize_t)wcslen(prompt);
data/tnftp-20200705/libedit/chartype.c:159:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufspace += argv[i] ? strlen(argv[i]) + 1 : 0;
data/tnftp-20200705/libedit/common.c:574:10: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) wcsncpy(el->el_history.buf, el->el_line.buffer,
data/tnftp-20200705/libedit/common.c:646:10: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) wcsncpy(el->el_history.buf, el->el_line.buffer,
data/tnftp-20200705/libedit/el.c:540:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen += strlen(ptr);
data/tnftp-20200705/libedit/filecomplete.c:123:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(pass->pw_dir) + 1 + strlen(txt) + 1;
data/tnftp-20200705/libedit/filecomplete.c:123:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(pass->pw_dir) + 1 + strlen(txt) + 1;
data/tnftp-20200705/libedit/filecomplete.c:341:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nptr = el_realloc(filename, (strlen(temp) + 1) *
data/tnftp-20200705/libedit/filecomplete.c:400:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename_len = filename ? strlen(filename) : 0;
data/tnftp-20200705/libedit/filecomplete.c:417:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(entry->d_name) >= filename_len
data/tnftp-20200705/libedit/filecomplete.c:429:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(entry->d_name);
data/tnftp-20200705/libedit/filecomplete.c:432:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(dirname) + len + 1;
data/tnftp-20200705/libedit/filecomplete.c:501:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max_equal = strlen(prevstr);
data/tnftp-20200705/libedit/filecomplete.c:582:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int) (width - strlen(matches[thisguy])), "");
data/tnftp-20200705/libedit/filecomplete.c:641:9: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) wcsncpy(temp, ctemp, len);
data/tnftp-20200705/libedit/filecomplete.c:763:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
match_len = strlen(matches[i]);
data/tnftp-20200705/libedit/filecomplete.c:782:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (getc(stdin) != 'y')
data/tnftp-20200705/libedit/hist.c:114:10: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) wcsncpy(el->el_line.buffer, el->el_history.buf,
data/tnftp-20200705/libedit/hist.c:140:9: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hlen = wcslen(hp) + 1;
data/tnftp-20200705/libedit/hist.c:191:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(ptr);
data/tnftp-20200705/libedit/history.c:72:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define Strlen(s) strlen(s)
data/tnftp-20200705/libedit/history.c:76:26: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define Strncpy(d, s, n) strncpy(d, s, n)
data/tnftp-20200705/libedit/history.c:77:26: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
#define Strncat(d, s, n) strncat(d, s, n)
data/tnftp-20200705/libedit/history.c:90:20: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define Strlen(s) wcslen(s)
data/tnftp-20200705/libedit/history.c:94:26: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define Strncpy(d, s, n) wcsncpy(d, s, n)
data/tnftp-20200705/libedit/history.c:95:26: [1] (buffer) wcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
#define Strncat(d, s, n) wcsncat(d, s, n)
data/tnftp-20200705/libedit/history.c:870:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str) * 4 + 1;
data/tnftp-20200705/libedit/parse.c:124:10: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) wcsncpy(tprog, argv[0], l);
data/tnftp-20200705/libedit/read.c:293:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((num_read = read(el->el_infd, cbuf + cbp, (size_t)1)) == -1) {
data/tnftp-20200705/libedit/readline.c:235:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(p->pw_dir) + sizeof("/.history");
data/tnftp-20200705/libedit/readline.c:268:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p, p + 2, 1 + strlen(p + 2));
data/tnftp-20200705/libedit/readline.c:507:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tnftp-20200705/libedit/readline.c:508:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
with_len = strlen(with);
data/tnftp-20200705/libedit/readline.c:509:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
what_len = strlen(what);
data/tnftp-20200705/libedit/readline.c:874:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
from_len = strlen(from);
data/tnftp-20200705/libedit/readline.c:938:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*output = el_calloc(strlen(str) + 4 + 1, sizeof(**output));
data/tnftp-20200705/libedit/readline.c:983:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(&str[j + 1]) + 1;
data/tnftp-20200705/libedit/readline.c:1023:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(tmp);
data/tnftp-20200705/libedit/readline.c:1083:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(arr[i]) + 1;
data/tnftp-20200705/libedit/readline.c:1091:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(arr[i]);
data/tnftp-20200705/libedit/readline.c:1656:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += strlen(ev.str) * sizeof(*ev.str);
data/tnftp-20200705/libedit/readline.c:2025:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (int)strlen(text);
data/tnftp-20200705/libedit/readline.c:2206:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
num_read = read(el->el_infd, &ch, (size_t)1);
data/tnftp-20200705/libedit/readline.c:2214:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
num_read = read(el->el_infd, &ch, 1);
data/tnftp-20200705/libedit/readline.c:2219:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
num_read = read(el->el_infd, &ch, 1);
data/tnftp-20200705/libedit/refresh.c:364:33: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
terminal_clear_EOL(el, (int) wcslen(el->el_display[i]));
data/tnftp-20200705/libedit/search.c:191:10: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) wcsncpy(el->el_search.patbuf, el->el_line.buffer,
data/tnftp-20200705/libedit/search.c:493:11: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) wcsncpy(tmpbuf, el->el_search.patbuf,
data/tnftp-20200705/libedit/search.c:497:11: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) wcsncpy(&el->el_search.patbuf[2], tmpbuf,
data/tnftp-20200705/libedit/search.c:511:10: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) wcsncpy(el->el_search.patbuf, tmpbuf, EL_BUFSIZ - 1);
data/tnftp-20200705/libedit/terminal.c:356:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
clen = strlen(cap);
data/tnftp-20200705/libedit/terminal.c:358:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tlen = *str == NULL ? 0 : strlen(*str);
data/tnftp-20200705/libedit/tty.c:1212:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(el->el_tty.t_t[z][m->m_type].t_name);
data/tnftp-20200705/libedit/tty.c:1226:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cu = strlen(m->m_name) + (x != '\0') + 1;
data/tnftp-20200705/libedit/vi.c:969:11: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) wcsncpy(el->el_history.buf, el->el_line.buffer,
data/tnftp-20200705/libedit/vi.c:1034:2: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
wcsncpy(line, el->el_line.buffer, len);
data/tnftp-20200705/libedit/vi.c:1038:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(cp);
data/tnftp-20200705/libedit/vi.c:1054:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
st = read(fd, cp, TMP_BUFSIZ - 1);
data/tnftp-20200705/libnetbsd/dirname.c:52:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lastp = path + strlen(path) - 1;
data/tnftp-20200705/libnetbsd/getaddrinfo.c:900:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ai->ai_canonname = (char *)malloc(strlen(str) + 1);
data/tnftp-20200705/libnetbsd/getnameinfo.c:142:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(sp->s_name) > servlen)
data/tnftp-20200705/libnetbsd/getnameinfo.c:147:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(numserv) > servlen)
data/tnftp-20200705/libnetbsd/getnameinfo.c:219:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
numaddrlen = strlen(numaddr);
data/tnftp-20200705/libnetbsd/getnameinfo.c:241:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(hp->h_name) > hostlen) {
data/tnftp-20200705/libnetbsd/getnameinfo.c:284:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
numaddrlen = strlen(numaddr);
data/tnftp-20200705/libnetbsd/getnameinfo.c:339:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return(strlen(p));
data/tnftp-20200705/libnetbsd/inet_ntop.c:182:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp += strlen(tp);
data/tnftp-20200705/libnetbsd/snprintf.c:772:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("got %d >%s< (%d)\n", len, buf1, (int)strlen(buf1));
data/tnftp-20200705/libnetbsd/strdup.c:41:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str) + 1;
data/tnftp-20200705/libnetbsd/strlcat.c:45:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return(dlen + strlen(s));
data/tnftp-20200705/libnetbsd/strptime.c:166:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(day[i]);
data/tnftp-20200705/libnetbsd/strptime.c:171:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(abday[i]);
data/tnftp-20200705/libnetbsd/strptime.c:190:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(mon[i]);
data/tnftp-20200705/libnetbsd/strptime.c:195:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(abmon[i]);
data/tnftp-20200705/libnetbsd/strptime.c:271:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(am_pm[0]);
data/tnftp-20200705/libnetbsd/strptime.c:281:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(am_pm[1]);
data/tnftp-20200705/libnetbsd/usleep.c:35:1: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(unsigned int usec)
data/tnftp-20200705/libnetbsd/usleep.c:46:29: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
# error no way to implement usleep
data/tnftp-20200705/src/cmds.c:1354:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(p) + 2;
data/tnftp-20200705/src/cmds.c:1515:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(password, 0, strlen(password));
data/tnftp-20200705/src/cmds.c:1527:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(password, 0, strlen(password));
data/tnftp-20200705/src/cmds.c:1536:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(password, 0, strlen(password));
data/tnftp-20200705/src/cmds.c:1837:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(ap, 0, strlen(ap));
data/tnftp-20200705/src/cmds.c:1905:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(line, line + cmdpos + 1, strlen(line) - cmdpos + 1);
data/tnftp-20200705/src/cmds.c:2473:12: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = getchar()) == EOF) {
data/tnftp-20200705/src/cmds.c:2494:15: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getchar()) != '\n' && c != EOF)
data/tnftp-20200705/src/cmds.c:2496:19: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (c == EOF || getchar() == '\n') {
data/tnftp-20200705/src/cmds.c:2598:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(p) + strlen(locfile) + 2;
data/tnftp-20200705/src/cmds.c:2598:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(p) + strlen(locfile) + 2;
data/tnftp-20200705/src/cmds.c:2629:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(p) + 2;
data/tnftp-20200705/src/complete.c:93:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wordlen = strlen(word);
data/tnftp-20200705/src/complete.c:101:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ftpvis(insertstr, sizeof(insertstr), p, strlen(p));
data/tnftp-20200705/src/complete.c:110:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
matchlen = strlen(lastmatch);
data/tnftp-20200705/src/complete.c:112:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j = wordlen; j < strlen(words->sl_str[i]); j++)
data/tnftp-20200705/src/complete.c:146:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wordlen = strlen(word);
data/tnftp-20200705/src/complete.c:149:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (wordlen > strlen(c->c_name))
data/tnftp-20200705/src/complete.c:203:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(file);
data/tnftp-20200705/src/complete.c:210:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len > strlen(dp->d_name))
data/tnftp-20200705/src/complete.c:258:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wordlen = strlen(word);
data/tnftp-20200705/src/complete.c:261:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (wordlen > strlen(o->name))
data/tnftp-20200705/src/complete.c:345:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(file) > strlen(cp))
data/tnftp-20200705/src/complete.c:345:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(file) > strlen(cp))
data/tnftp-20200705/src/complete.c:347:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(file, cp, strlen(file)) == 0)
data/tnftp-20200705/src/complete.c:398:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
celems = strlen(c->c_complete);
data/tnftp-20200705/src/domacro.c:98:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp2 += strlen(argv[j+1]);
data/tnftp-20200705/src/domacro.c:108:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp2 += strlen(argv[count]);
data/tnftp-20200705/src/fetch.c:161:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tlen = strlen(token);
data/tnftp-20200705/src/fetch.c:194:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(a->pass, 0, strlen(a->pass));
data/tnftp-20200705/src/fetch.c:296:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
clen = strlen(uuser) + strlen(upass) + 2; /* user + ":" + pass + "\0" */
data/tnftp-20200705/src/fetch.c:296:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
clen = strlen(uuser) + strlen(upass) + 2; /* user + ":" + pass + "\0" */
data/tnftp-20200705/src/fetch.c:302:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(gotpass, 0, strlen(gotpass));
data/tnftp-20200705/src/fetch.c:305:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rlen = strlen(scheme) + 1 + (clen + 2) * 4 / 3 + 1;
data/tnftp-20200705/src/fetch.c:654:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hlen = strlen(host);
data/tnftp-20200705/src/fetch.c:666:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen = strlen(cp);
data/tnftp-20200705/src/fetch.c:999:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(response, 0, strlen(response));
data/tnftp-20200705/src/fetch.c:1684:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000000 - td.tv_usec);
data/tnftp-20200705/src/fetch.c:2307:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(path);
data/tnftp-20200705/src/fetch.c:2313:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(uploadserver) + 2; /* path + "/" + "\0" */
data/tnftp-20200705/src/ftp.c:403:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
((c = getc(cin)) != '\n')) {
data/tnftp-20200705/src/ftp.c:405:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
switch (c = getc(cin)) {
data/tnftp-20200705/src/ftp.c:408:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(cin);
data/tnftp-20200705/src/ftp.c:414:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(cin);
data/tnftp-20200705/src/ftp.c:622:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
inc = read(infd, buf, MIN((off_t)bufsize, bufrem));
data/tnftp-20200705/src/ftp.c:649:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000000 - tvdiff.tv_usec);
data/tnftp-20200705/src/ftp.c:816:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(fin)) != EOF) {
data/tnftp-20200705/src/ftp.c:1089:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ch = getc(fout)) == EOF)
data/tnftp-20200705/src/ftp.c:1100:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(din)) != EOF) {
data/tnftp-20200705/src/ftp.c:1110:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = getc(din)) != '\n' || tcrflag) {
data/tnftp-20200705/src/ftp.c:2104:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read(fileno(din), buf, BUFSIZ) > 0)
data/tnftp-20200705/src/main.c:495:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(anonuser) + 2;
data/tnftp-20200705/src/main.c:810:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cursor_argo = strlen(margv[margc-1]);
data/tnftp-20200705/src/progressbar.c:240:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
barlength -= (int)strlen(prefix);
data/tnftp-20200705/src/ruserpass.c:191:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(cfile)) != EOF)
data/tnftp-20200705/src/ruserpass.c:207:30: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (i = 0; i < 8 && (c = getc(cfile)) != EOF &&
data/tnftp-20200705/src/ruserpass.c:219:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(cfile)) != EOF && c != '\n');
data/tnftp-20200705/src/ruserpass.c:236:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = getc(cfile)) == EOF) {
data/tnftp-20200705/src/ruserpass.c:287:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(cfile)) != EOF &&
data/tnftp-20200705/src/ruserpass.c:294:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(cfile)) != EOF && c != '"') {
data/tnftp-20200705/src/ruserpass.c:296:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = getc(cfile)) == EOF)
data/tnftp-20200705/src/ruserpass.c:306:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(cfile)) != EOF
data/tnftp-20200705/src/ruserpass.c:309:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = getc(cfile)) == EOF)
data/tnftp-20200705/src/ssl.c:321:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rlen = read(sd, buf, len);
data/tnftp-20200705/src/ssl.c:550:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/tnftp-20200705/src/util.c:434:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(fuser) + 1 + strlen(host) + 1;
data/tnftp-20200705/src/util.c:434:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(fuser) + 1 + strlen(host) + 1;
data/tnftp-20200705/src/util.c:450:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(p, 0, strlen(p));
data/tnftp-20200705/src/util.c:453:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(pass, 0, strlen(pass));
data/tnftp-20200705/src/util.c:462:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(p, 0, strlen(p));
data/tnftp-20200705/src/util.c:469:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(facct, 0, strlen(facct));
data/tnftp-20200705/src/util.c:498:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(pass, 0, strlen(pass));
data/tnftp-20200705/src/util.c:501:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(facct, 0, strlen(facct));
data/tnftp-20200705/src/util.c:519:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(line);
data/tnftp-20200705/src/util.c:739:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(timestr) == 15 && strncmp(timestr, "191", 3) == 0) {
data/tnftp-20200705/src/util.c:753:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(timestr) != 14 ||
data/tnftp-20200705/src/util.c:908:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dirlen = strlen(dir);
data/tnftp-20200705/src/util.c:929:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w = strlen(sl->sl_str[i]);
data/tnftp-20200705/src/util.c:949:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w = strlen(p);
data/tnftp-20200705/src/util.c:1341:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/tnftp-20200705/src/util.c:1345:16: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = getchar()) != '\n' && ch != EOF)
data/tnftp-20200705/tnftp.h:506:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define read Rread
ANALYSIS SUMMARY:
Hits = 481
Lines analyzed = 42419 in approximately 1.10 seconds (38529 lines/second)
Physical Source Lines of Code (SLOC) = 30080
Hits@level = [0] 358 [1] 164 [2] 222 [3] 23 [4] 71 [5] 1
Hits@level+ = [0+] 839 [1+] 481 [2+] 317 [3+] 95 [4+] 72 [5+] 1
Hits/KSLOC@level+ = [0+] 27.8923 [1+] 15.9907 [2+] 10.5386 [3+] 3.15824 [4+] 2.39362 [5+] 0.0332447
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.