Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/trn4-4.0-test77/EXTERN.h
Examining data/trn4-4.0-test77/INTERN.h
Examining data/trn4-4.0-test77/addng.c
Examining data/trn4-4.0-test77/addng.h
Examining data/trn4-4.0-test77/art.h
Examining data/trn4-4.0-test77/artio.c
Examining data/trn4-4.0-test77/artio.h
Examining data/trn4-4.0-test77/artsrch.c
Examining data/trn4-4.0-test77/artsrch.h
Examining data/trn4-4.0-test77/artstate.h
Examining data/trn4-4.0-test77/autosub.c
Examining data/trn4-4.0-test77/autosub.h
Examining data/trn4-4.0-test77/backpage.c
Examining data/trn4-4.0-test77/backpage.h
Examining data/trn4-4.0-test77/bits.c
Examining data/trn4-4.0-test77/bits.h
Examining data/trn4-4.0-test77/cache.h
Examining data/trn4-4.0-test77/charsubst.c
Examining data/trn4-4.0-test77/charsubst.h
Examining data/trn4-4.0-test77/color.c
Examining data/trn4-4.0-test77/color.h
Examining data/trn4-4.0-test77/config2.h
Examining data/trn4-4.0-test77/datasrc.c
Examining data/trn4-4.0-test77/datasrc.h
Examining data/trn4-4.0-test77/decode.c
Examining data/trn4-4.0-test77/decode.h
Examining data/trn4-4.0-test77/edit_dist.c
Examining data/trn4-4.0-test77/edit_dist.h
Examining data/trn4-4.0-test77/env.c
Examining data/trn4-4.0-test77/env.h
Examining data/trn4-4.0-test77/filter.c
Examining data/trn4-4.0-test77/filter.h
Examining data/trn4-4.0-test77/final.c
Examining data/trn4-4.0-test77/final.h
Examining data/trn4-4.0-test77/hash.c
Examining data/trn4-4.0-test77/hash.h
Examining data/trn4-4.0-test77/head.c
Examining data/trn4-4.0-test77/head.h
Examining data/trn4-4.0-test77/help.c
Examining data/trn4-4.0-test77/help.h
Examining data/trn4-4.0-test77/inews.c
Examining data/trn4-4.0-test77/init.h
Examining data/trn4-4.0-test77/intrp.c
Examining data/trn4-4.0-test77/intrp.h
Examining data/trn4-4.0-test77/kfile.c
Examining data/trn4-4.0-test77/kfile.h
Examining data/trn4-4.0-test77/last.c
Examining data/trn4-4.0-test77/last.h
Examining data/trn4-4.0-test77/list.c
Examining data/trn4-4.0-test77/list.h
Examining data/trn4-4.0-test77/mempool.c
Examining data/trn4-4.0-test77/mempool.h
Examining data/trn4-4.0-test77/mime.c
Examining data/trn4-4.0-test77/mime.h
Examining data/trn4-4.0-test77/msdos.h
Examining data/trn4-4.0-test77/ndir.c
Examining data/trn4-4.0-test77/ndir.h
Examining data/trn4-4.0-test77/ng.c
Examining data/trn4-4.0-test77/ng.h
Examining data/trn4-4.0-test77/ngdata.c
Examining data/trn4-4.0-test77/ngdata.h
Examining data/trn4-4.0-test77/ngsrch.c
Examining data/trn4-4.0-test77/ngsrch.h
Examining data/trn4-4.0-test77/ngstuff.c
Examining data/trn4-4.0-test77/ngstuff.h
Examining data/trn4-4.0-test77/nntp.c
Examining data/trn4-4.0-test77/nntp.h
Examining data/trn4-4.0-test77/nntpauth.c
Examining data/trn4-4.0-test77/nntpauth.h
Examining data/trn4-4.0-test77/nntpclient.c
Examining data/trn4-4.0-test77/nntpclient.h
Examining data/trn4-4.0-test77/nntpinit.c
Examining data/trn4-4.0-test77/nntpinit.h
Examining data/trn4-4.0-test77/nntplist.c
Examining data/trn4-4.0-test77/only.c
Examining data/trn4-4.0-test77/only.h
Examining data/trn4-4.0-test77/opt.c
Examining data/trn4-4.0-test77/opt.h
Examining data/trn4-4.0-test77/os2.h
Examining data/trn4-4.0-test77/parsedate.h
Examining data/trn4-4.0-test77/patchlevel.h
Examining data/trn4-4.0-test77/popen.c
Examining data/trn4-4.0-test77/rcln.c
Examining data/trn4-4.0-test77/rcln.h
Examining data/trn4-4.0-test77/rcstuff.h
Examining data/trn4-4.0-test77/respond.c
Examining data/trn4-4.0-test77/respond.h
Examining data/trn4-4.0-test77/rt-mt.c
Examining data/trn4-4.0-test77/rt-mt.h
Examining data/trn4-4.0-test77/rt-ov.c
Examining data/trn4-4.0-test77/rt-ov.h
Examining data/trn4-4.0-test77/rt-page.c
Examining data/trn4-4.0-test77/rt-page.h
Examining data/trn4-4.0-test77/rt-process.h
Examining data/trn4-4.0-test77/rt-select.c
Examining data/trn4-4.0-test77/rt-select.h
Examining data/trn4-4.0-test77/rt-util.c
Examining data/trn4-4.0-test77/rt-util.h
Examining data/trn4-4.0-test77/rt-wumpus.c
Examining data/trn4-4.0-test77/rt-wumpus.h
Examining data/trn4-4.0-test77/rthread.c
Examining data/trn4-4.0-test77/rthread.h
Examining data/trn4-4.0-test77/sacmd.c
Examining data/trn4-4.0-test77/sacmd.h
Examining data/trn4-4.0-test77/sadesc.c
Examining data/trn4-4.0-test77/sadesc.h
Examining data/trn4-4.0-test77/sadisp.c
Examining data/trn4-4.0-test77/sadisp.h
Examining data/trn4-4.0-test77/samain.c
Examining data/trn4-4.0-test77/samain.h
Examining data/trn4-4.0-test77/samisc.c
Examining data/trn4-4.0-test77/samisc.h
Examining data/trn4-4.0-test77/sathread.c
Examining data/trn4-4.0-test77/sathread.h
Examining data/trn4-4.0-test77/scan.c
Examining data/trn4-4.0-test77/scanart.c
Examining data/trn4-4.0-test77/scanart.h
Examining data/trn4-4.0-test77/scmd.c
Examining data/trn4-4.0-test77/scmd.h
Examining data/trn4-4.0-test77/score-easy.c
Examining data/trn4-4.0-test77/score-easy.h
Examining data/trn4-4.0-test77/score.c
Examining data/trn4-4.0-test77/score.h
Examining data/trn4-4.0-test77/scorefile.c
Examining data/trn4-4.0-test77/scorefile.h
Examining data/trn4-4.0-test77/scoresave.c
Examining data/trn4-4.0-test77/scoresave.h
Examining data/trn4-4.0-test77/sdisp.c
Examining data/trn4-4.0-test77/sdisp.h
Examining data/trn4-4.0-test77/search.c
Examining data/trn4-4.0-test77/search.h
Examining data/trn4-4.0-test77/smisc.c
Examining data/trn4-4.0-test77/smisc.h
Examining data/trn4-4.0-test77/sorder.c
Examining data/trn4-4.0-test77/sorder.h
Examining data/trn4-4.0-test77/spage.c
Examining data/trn4-4.0-test77/spage.h
Examining data/trn4-4.0-test77/strftime.c
Examining data/trn4-4.0-test77/sw.c
Examining data/trn4-4.0-test77/sw.h
Examining data/trn4-4.0-test77/term.c
Examining data/trn4-4.0-test77/term.h
Examining data/trn4-4.0-test77/tkstuff.c
Examining data/trn4-4.0-test77/tkstuff.h
Examining data/trn4-4.0-test77/tktree.c
Examining data/trn4-4.0-test77/tktree.h
Examining data/trn4-4.0-test77/trn-artchk.c
Examining data/trn4-4.0-test77/trn.c
Examining data/trn4-4.0-test77/trn.h
Examining data/trn4-4.0-test77/typedef.h
Examining data/trn4-4.0-test77/univ.c
Examining data/trn4-4.0-test77/univ.h
Examining data/trn4-4.0-test77/url.c
Examining data/trn4-4.0-test77/url.h
Examining data/trn4-4.0-test77/util.c
Examining data/trn4-4.0-test77/util.h
Examining data/trn4-4.0-test77/util2.c
Examining data/trn4-4.0-test77/util2.h
Examining data/trn4-4.0-test77/util3.c
Examining data/trn4-4.0-test77/util3.h
Examining data/trn4-4.0-test77/uudecode.c
Examining data/trn4-4.0-test77/uudecode.h
Examining data/trn4-4.0-test77/wildmat.c
Examining data/trn4-4.0-test77/wildmat.h
Examining data/trn4-4.0-test77/support/unipatch.c
Examining data/trn4-4.0-test77/art.c
Examining data/trn4-4.0-test77/cache.c
Examining data/trn4-4.0-test77/rcstuff.c
Examining data/trn4-4.0-test77/init.c
Examining data/trn4-4.0-test77/rt-process.c
Examining data/trn4-4.0-test77/common.h
Examining data/trn4-4.0-test77/scan.h
FINAL RESULTS:
data/trn4-4.0-test77/nntp.c:204:5: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(artname, 0600);
data/trn4-4.0-test77/rcstuff.c:1463:6: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(rp->newname,filestat.st_mode&0666);
data/trn4-4.0-test77/rcstuff.c:1464:6: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
chown(rp->newname,filestat.st_uid,filestat.st_gid);
data/trn4-4.0-test77/wildmat.c:141:18: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
extern char* gets();
data/trn4-4.0-test77/wildmat.c:152:6: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
if (gets(p) == NULL || p[0] == '\0')
data/trn4-4.0-test77/wildmat.c:157:10: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
if (gets(text) == NULL)
data/trn4-4.0-test77/addng.c:98:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_buf,"\nUnsubscribed but mentioned in your current newsrc%s:\n",
data/trn4-4.0-test77/addng.c:106:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_buf, "%s\n", node->name);
data/trn4-4.0-test77/addng.c:215:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(cantopen,dp->extra_name) FLUSH;
data/trn4-4.0-test77/addng.c:271:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(node->name, name);
data/trn4-4.0-test77/addng.c:305:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(node->name, name);
data/trn4-4.0-test77/addng.c:338:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"%s*", &ngtodo[0][1]);
data/trn4-4.0-test77/addng.c:340:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"*%s*", ngtodo[0]);
data/trn4-4.0-test77/art.c:125:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(prompt_buf, mousebar_cnt>3? "%%sEnd of art %ld (of %ld) %%s[%%s]"
data/trn4-4.0-test77/art.c:182:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(art_line,"%s%s #%ld",ngname,moderated,(long)art);
data/trn4-4.0-test77/art.c:290:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(art_line+6,s);
data/trn4-4.0-test77/art.c:599:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"%s--MORE--(%s%%)",current_charsubst(),cmd_buf);
data/trn4-4.0-test77/art.c:601:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"--MORE--(%s%%)",cmd_buf);
data/trn4-4.0-test77/art.c:1030:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(prompt,cmd_buf,
data/trn4-4.0-test77/artio.c:326:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bp = artbuf + artbuf_pos, art_line);
data/trn4-4.0-test77/artio.c:388:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bp+o,"\002%s\n",multipart_separator);
data/trn4-4.0-test77/artio.c:401:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bp,"[Alternative: %s]\n", mime_section->type_name);
data/trn4-4.0-test77/artsrch.c:210:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "Current article has no %s.", finding_str);
data/trn4-4.0-test77/artsrch.c:214:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "Null %s.", finding_str);
data/trn4-4.0-test77/artsrch.c:400:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s: %s", htype[art_srchhdr].name,
data/trn4-4.0-test77/backpage.c:26:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(cantopen,varyname) FLUSH;
data/trn4-4.0-test77/bits.c:71:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mybuf,s); /* make scratch copy of line */
data/trn4-4.0-test77/bits.c:192:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf,ngptr->rcline); /* start with the newsgroup name */
data/trn4-4.0-test77/bits.c:207:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mybuf,buf); /* so we must copy it */
data/trn4-4.0-test77/bits.c:251:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ngptr->rcline, buf); /* and load it */
data/trn4-4.0-test77/bits.c:543:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "Returned %ld Marked article%s.",(long)dmcount,
data/trn4-4.0-test77/cache.c:260:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cmd_buf,realName);
data/trn4-4.0-test77/cache.c:271:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s,ap->from);
data/trn4-4.0-test77/color.c:167:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "fg %s", s);
data/trn4-4.0-test77/color.c:196:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "bg %s", s);
data/trn4-4.0-test77/color.c:260:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msg, str);
data/trn4-4.0-test77/common.h:320:20: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
# define eaccess access
data/trn4-4.0-test77/config2.h:132:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
char* strcat();
data/trn4-4.0-test77/config2.h:133:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
char* strcpy();
data/trn4-4.0-test77/config2.h:145:7: [4] (misc) getlogin:
It's often easy to fool getlogin. Sometimes it does not work at all,
because some program messed up the utmp file. Often, it gives only the
first 8 characters of the login name. The user currently logged in on the
controlling tty of our program need not be the user who started it. Avoid
getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid())
and extract the desired information instead.
char* getlogin();
data/trn4-4.0-test77/datasrc.c:265:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp,"%s.times",dp->newsid);
data/trn4-4.0-test77/datasrc.c:275:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cp,dp->newsid);
data/trn4-4.0-test77/datasrc.c:324:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, ser_line);
data/trn4-4.0-test77/datasrc.c:517:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outbuf, "%s\n", ser_line);
data/trn4-4.0-test77/datasrc.c:655:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ser_line, "XGTITLE %s", groupname);
data/trn4-4.0-test77/datasrc.c:659:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s \n", groupname);
data/trn4-4.0-test77/datasrc.c:747:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(cantopen, filename) FLUSH;
data/trn4-4.0-test77/datasrc.c:802:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf+keylen+1, s);
data/trn4-4.0-test77/datasrc.c:878:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bp+keylen+1, s);
data/trn4-4.0-test77/decode.c:265:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(nocd,dir) FLUSH;
data/trn4-4.0-test77/decode.c:274:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, filename);
data/trn4-4.0-test77/decode.c:281:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%d", dir, part);
data/trn4-4.0-test77/decode.c:295:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%sCT", dir);
data/trn4-4.0-test77/decode.c:309:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%sCT", dir);
data/trn4-4.0-test77/decode.c:326:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%d", dir, part);
data/trn4-4.0-test77/decode.c:358:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%d", dir, part);
data/trn4-4.0-test77/decode.c:386:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%d", dir, part);
data/trn4-4.0-test77/decode.c:389:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%sCT", dir);
data/trn4-4.0-test77/decode.c:436:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dir, filename);
data/trn4-4.0-test77/env.c:43:14: [4] (misc) getlogin:
It's often easy to fool getlogin. Sometimes it does not work at all,
because some program messed up the utmp file. Often, it gives only the
first 8 characters of the login name. The user currently logged in on the
controlling tty of our program need not be the user who started it. Avoid
getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid())
and extract the desired information instead.
loginName = getlogin();
data/trn4-4.0-test77/env.c:121:9: [4] (buffer) getpw:
This function is dangerous; it may overflow the provided buffer. It
extracts data from a 'protected' area, but most systems have many commands
to let users modify the protected area, and it's not always clear what
their limits are. Best to avoid using this function altogether (CWE-676,
CWE-120). Use getpwuid() instead.
if (getpw(getuid(), tmpbuf+1) != 0)
data/trn4-4.0-test77/env.c:152:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(c,loginName); /* before the morning after */
data/trn4-4.0-test77/env.c:153:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(c,s+1);
data/trn4-4.0-test77/env.c:200:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpbuf,utsn.nodename);
data/trn4-4.0-test77/env.c:204:8: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
FILE* popen();
data/trn4-4.0-test77/env.c:205:17: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
FILE* pipefp = popen(PHOSTCMD,"r");
data/trn4-4.0-test77/env.c:238:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpbuf,phostname);
data/trn4-4.0-test77/env.c:242:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf,tmpbuf);
data/trn4-4.0-test77/env.c:245:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpbuf,localhost);
data/trn4-4.0-test77/env.c:246:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmpbuf,buf);
data/trn4-4.0-test77/env.c:256:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmpbuf,_res.defdname);
data/trn4-4.0-test77/env.c:261:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmpbuf,buf);
data/trn4-4.0-test77/env.c:322:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(environ[i],"%s=%s",nam,val);/* all that work just for this */
data/trn4-4.0-test77/env.c:374:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ebuf,s);
data/trn4-4.0-test77/filter.c:118:6: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (execl(filter, filter, NULL) < 0) {
data/trn4-4.0-test77/filter.c:145:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "newsgroup %s\n", ngname);
data/trn4-4.0-test77/head.c:350:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bp,bp+1);
data/trn4-4.0-test77/head.c:498:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ser_line,"XHDR %s %ld-%ld",htype[which_line].name,
data/trn4-4.0-test77/head.c:502:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ser_line,"XHDR %s %ld",htype[which_line].name,artnum);
data/trn4-4.0-test77/inews.c:176:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s -h", EXTRAINEWS);
data/trn4-4.0-test77/inews.c:177:19: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
nntplink.wr_fp = popen(buf,"w");
data/trn4-4.0-test77/inews.c:330:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(last_command_save, last_command);
data/trn4-4.0-test77/intrp.c:73:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tildenews, NEWS_ADMIN);
data/trn4-4.0-test77/intrp.c:286:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s,lastpat);
data/trn4-4.0-test77/intrp.c:407:13: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
FILE* popen();
data/trn4-4.0-test77/intrp.c:411:16: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
pipefp = popen(scrbuf,"r");
data/trn4-4.0-test77/intrp.c:497:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s = scrbuf,"%s/%s",datasrc->spool_dir,
data/trn4-4.0-test77/intrp.c:508:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s = scrbuf,"%s/%s/%ld",datasrc->spool_dir,
data/trn4-4.0-test77/intrp.c:531:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s/%s",datasrc->spool_dir,ngdir);
data/trn4-4.0-test77/intrp.c:590:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scrbuf,"<%s>",artid_buf);
data/trn4-4.0-test77/intrp.c:599:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scrbuf,"'%s'",indstr);
data/trn4-4.0-test77/intrp.c:724:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(refs_buf+i, artid_buf);
data/trn4-4.0-test77/intrp.c:726:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(refs_buf+i, "<%s>", artid_buf);
data/trn4-4.0-test77/intrp.c:846:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpbuf,s2);
data/trn4-4.0-test77/intrp.c:869:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(from_buf,tmpbuf);
data/trn4-4.0-test77/intrp.c:870:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(from_buf,s3);
data/trn4-4.0-test77/intrp.c:913:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(scrbuf,spfbuf,s);
data/trn4-4.0-test77/kfile.c:188:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, bp);
data/trn4-4.0-test77/kfile.c:295:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"%ld auto-kill command%s.", (long)thread_kill_cnt,
data/trn4-4.0-test77/kfile.c:301:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"%ld auto-select command%s.", (long)thread_select_cnt,
data/trn4-4.0-test77/kfile.c:486:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(cantcreate,buf) FLUSH;
data/trn4-4.0-test77/kfile.c:679:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf,filexp(getval("KILLLOCAL",killlocal)));
data/trn4-4.0-test77/kfile.c:681:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf,filexp(getval("KILLGLOBAL",killglobal)));
data/trn4-4.0-test77/kfile.c:683:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_buf,"%s %s",
data/trn4-4.0-test77/kfile.c:758:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cmd_buf, filexp(local? getval("KILLLOCAL",killlocal)
data/trn4-4.0-test77/kfile.c:788:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(cantopen,cmd_buf) FLUSH;
data/trn4-4.0-test77/last.c:56:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"%s.%ld", lastfile, our_pid);
data/trn4-4.0-test77/last.c:68:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(cantcreate,buf) FLUSH;
data/trn4-4.0-test77/mime.c:789:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "[Attachment type=%s, name=", mp->type_name);
data/trn4-4.0-test77/mime.c:792:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s+len, "%s]\n", fn);
data/trn4-4.0-test77/mime.c:797:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s+len, "...%s]\n", fn + flen - (limit-(len+3)));
data/trn4-4.0-test77/msdos.h:12:7: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
FILE* popen(char*,char*);
data/trn4-4.0-test77/ng.c:131:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(nocd,datasrc->spool_dir) FLUSH;
data/trn4-4.0-test77/ng.c:405:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpbuf,"%s: article is not available.",ngname);
data/trn4-4.0-test77/ng.c:409:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpbuf,"%s: article may show up in a moment.",
data/trn4-4.0-test77/ng.c:452:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf,prompt,cmd_buf,
data/trn4-4.0-test77/ng.c:1222:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(unsubto,ngname) FLUSH;
data/trn4-4.0-test77/ng.c:1653:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"Mark everything in %s as read?",ngname);
data/trn4-4.0-test77/ng.c:1657:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"Catchup %s?",ngname);
data/trn4-4.0-test77/ng.c:1740:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(unsubto,ngname);
data/trn4-4.0-test77/ng.c:1858:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_buf,"%sMemorize %s command:", global_save?"Global-" : nullstr,
data/trn4-4.0-test77/ngdata.c:114:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(nocd,ngdir) FLUSH;
data/trn4-4.0-test77/ngdata.c:138:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(nocd,ngdir) FLUSH;
data/trn4-4.0-test77/ngdata.c:171:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,
data/trn4-4.0-test77/ngstuff.c:66:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(nocd,cwd) FLUSH;
data/trn4-4.0-test77/ngstuff.c:79:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(nocd,whereiam) FLUSH;
data/trn4-4.0-test77/ngstuff.c:131:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpbuf,buf+1);
data/trn4-4.0-test77/ngstuff.c:135:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpbuf,"[options]\n%s\n",buf+1);
data/trn4-4.0-test77/ngstuff.c:143:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(nocd,whereami) FLUSH;
data/trn4-4.0-test77/ngstuff.c:524:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf,cmdlst);
data/trn4-4.0-test77/ngstuff.c:557:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg,"Unknown command: %s",cmdlst);
data/trn4-4.0-test77/ngstuff.c:670:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(unsubto,ngptr->rcline) FLUSH;
data/trn4-4.0-test77/ngstuff.c:681:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg,"Unknown command: %s",cmdlst);
data/trn4-4.0-test77/ngstuff.c:777:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg,"Unknown command: %s",cmdlst);
data/trn4-4.0-test77/nntp.c:44:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ser_line, "LIST %s %.*s", type, len, arg);
data/trn4-4.0-test77/nntp.c:48:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ser_line, "LIST %s", type);
data/trn4-4.0-test77/nntp.c:89:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ser_line, "GROUP %s", group);
data/trn4-4.0-test77/nntp.c:145:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ser_line, "STAT %s", msgid);
data/trn4-4.0-test77/nntp.c:550:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(last_command_save, last_command);
data/trn4-4.0-test77/nntp.c:560:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(last_command, last_command_save); /*$$ Is this really needed? */
data/trn4-4.0-test77/nntpauth.c:30:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(last_command_save, last_command);
data/trn4-4.0-test77/nntpauth.c:35:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ser_line, "AUTHINFO GENERIC %s", auth_command);
data/trn4-4.0-test77/nntpauth.c:47:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ser_line, "AUTHINFO USER %s", auth_user);
data/trn4-4.0-test77/nntpauth.c:50:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ser_line, "AUTHINFO PASS %s", auth_pass);
data/trn4-4.0-test77/nntpclient.c:58:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpbuf,"News server \"%s\" is unavailable: %s\n",
data/trn4-4.0-test77/nntpclient.c:69:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ser_line,"News server \"%s\" is unavailable.\n",machine);
data/trn4-4.0-test77/nntpclient.c:78:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ser_line,
data/trn4-4.0-test77/nntpclient.c:99:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ser_line,"\nUnknown response code %d from %s.\n",
data/trn4-4.0-test77/nntpclient.c:145:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(last_command, bp);
data/trn4-4.0-test77/nntpinit.c:114:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(save_line, ser_line);
data/trn4-4.0-test77/nntpinit.c:120:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ser_line, save_line);
data/trn4-4.0-test77/nntpinit.c:227:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(namebuf, machine);
data/trn4-4.0-test77/nntplist.c:79:18: [4] (misc) getlogin:
It's often easy to fool getlogin. Sometimes it does not work at all,
because some program messed up the utmp file. Often, it gives only the
first 8 characters of the login name. The user currently logged in on the
controlling tty of our program need not be the user who started it. Avoid
getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid())
and extract the desired information instead.
loginName = getlogin();
data/trn4-4.0-test77/nntplist.c:119:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command,"LIST %s",action);
data/trn4-4.0-test77/nntplist.c:123:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command+strlen(command)," %s",wildarg);
data/trn4-4.0-test77/only.c:76:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "Restriction %s%s removed.",ngtodo[0],
data/trn4-4.0-test77/opt.c:182:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(cantopen,filename) FLUSH;
data/trn4-4.0-test77/opt.c:291:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sel_grp_dmode, s);
data/trn4-4.0-test77/opt.c:324:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sel_art_dmode, s);
data/trn4-4.0-test77/opt.c:623:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"%s.new",filename);
data/trn4-4.0-test77/opt.c:626:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(cantcreate,buf);
data/trn4-4.0-test77/opt.c:711:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"%s.old",filename);
data/trn4-4.0-test77/opt.c:720:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"%s.new",filename);
data/trn4-4.0-test77/opt.c:999:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf+strlen(buf),",%s%s", user_htype[i].flags? nullstr : "!",
data/trn4-4.0-test77/opt.c:1013:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf+strlen(buf),",%s%s",
data/trn4-4.0-test77/opt.c:1259:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpbuf,cwd);
data/trn4-4.0-test77/opt.c:1265:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpbuf,homedir);
data/trn4-4.0-test77/opt.c:1267:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpbuf,cmd_buf);
data/trn4-4.0-test77/opt.c:1301:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpbuf,homedir);
data/trn4-4.0-test77/os2.h:12:7: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
FILE* popen(char*,char*);
data/trn4-4.0-test77/popen.c:120:7: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
FILE* popen(prg, type)
data/trn4-4.0-test77/popen.c:133:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmpfile, uniquepipe());
data/trn4-4.0-test77/rcln.c:64:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpbuf,"%s: 1-%ld", np->rcline,(long)getngsize(np));
data/trn4-4.0-test77/rcln.c:167:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mbuf,np->rcline); /* make new rc line */
data/trn4-4.0-test77/rcln.c:205:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(t,s); /* copy remainder of line */
data/trn4-4.0-test77/rcln.c:291:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mbuf,np->rcline); /* make new rc line */
data/trn4-4.0-test77/rcln.c:302:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(s,t); /* copy remainder over */
data/trn4-4.0-test77/rcln.c:325:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s,t); /* no need to realloc */
data/trn4-4.0-test77/rcln.c:395:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mybuf,nums);
data/trn4-4.0-test77/rcln.c:480:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mbuf, np->rcline);
data/trn4-4.0-test77/rcln.c:504:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mbuf,np->rcline);
data/trn4-4.0-test77/rcln.c:508:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cp, numbuf);
data/trn4-4.0-test77/rcstuff.c:134:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(tmpbuf, RCNAME_OLD, rp->name);
data/trn4-4.0-test77/rcstuff.c:136:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(tmpbuf, RCNAME_NEW, rp->name);
data/trn4-4.0-test77/rcstuff.c:311:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, RCNAME_INFO, rp->name);
data/trn4-4.0-test77/rcstuff.c:313:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, RCNAME_LOCK, rp->name);
data/trn4-4.0-test77/rcstuff.c:422:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(cantcreate,rp->lockname) FLUSH;
data/trn4-4.0-test77/rcstuff.c:993:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(np->rcline,ngn); /* and copy over the name */
data/trn4-4.0-test77/rcstuff.c:1213:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpbuf,"%3d %7s ",i,status[-np->toread]);
data/trn4-4.0-test77/rcstuff.c:1457:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(cantrecreate,rp->name) FLUSH;
data/trn4-4.0-test77/rcstuff.c:1505:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(cantrecreate,rp->name) FLUSH;
data/trn4-4.0-test77/respond.c:75:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(nocd,cwd) FLUSH;
data/trn4-4.0-test77/respond.c:119:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, extractdest);
data/trn4-4.0-test77/respond.c:131:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c,cwd);
data/trn4-4.0-test77/respond.c:135:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c,s); /* add filename */
data/trn4-4.0-test77/respond.c:141:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(c, "%s/%s", cwd, s);
data/trn4-4.0-test77/respond.c:151:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(nocd,s) FLUSH;
data/trn4-4.0-test77/respond.c:283:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf,cwd);
data/trn4-4.0-test77/respond.c:287:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c,s); /* add filename */
data/trn4-4.0-test77/respond.c:304:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(c, "%s/%s", cwd, s);
data/trn4-4.0-test77/respond.c:319:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_buf,
data/trn4-4.0-test77/respond.c:560:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(cantcreate,headname) FLUSH;
data/trn4-4.0-test77/respond.c:634:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(cantcreate,headname) FLUSH;
data/trn4-4.0-test77/respond.c:707:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(cantcreate,headname) FLUSH;
data/trn4-4.0-test77/respond.c:776:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(cantcreate,headname) FLUSH;
data/trn4-4.0-test77/respond.c:887:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(cantcreate,headname) FLUSH;
data/trn4-4.0-test77/respond.c:949:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(nocd,dir) FLUSH;
data/trn4-4.0-test77/rt-mt.c:206:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/%s", datasrc->thread_dir, group);
data/trn4-4.0-test77/rt-mt.c:210:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
cp = strcpy(buf, datasrc->thread_dir) + strlen(datasrc->thread_dir);
data/trn4-4.0-test77/rt-mt.c:212:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cp, group);
data/trn4-4.0-test77/rt-mt.c:216:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, MT_FILE_NAME);
data/trn4-4.0-test77/rt-mt.c:545:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "@%s", string_ptr);
data/trn4-4.0-test77/rt-mt.c:565:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(article->msgid, "<%s%s>", string_ptr, buf);
data/trn4-4.0-test77/rt-ov.c:473:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, datasrc->over_dir);
data/trn4-4.0-test77/rt-ov.c:476:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cp, group);
data/trn4-4.0-test77/rt-ov.c:479:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, OV_FILE_NAME);
data/trn4-4.0-test77/rt-page.c:76:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"%s%s", sel_direction < 0? "reverse " : nullstr,
data/trn4-4.0-test77/rt-page.c:1254:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf+len, ", %s", rp->datasrc->name);
data/trn4-4.0-test77/rt-page.c:1331:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf+len, ", %s", rp->datasrc->name);
data/trn4-4.0-test77/rt-select.c:168:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "** %ld new article%s arrived ** ",
data/trn4-4.0-test77/rt-select.c:177:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg+strlen(msg), "%ld article%s selected.",
data/trn4-4.0-test77/rt-select.c:1247:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_buf, "%s [%c%c] --",
data/trn4-4.0-test77/rt-select.c:1250:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_buf, "%s%ld%% [%c%c] --",
data/trn4-4.0-test77/rt-select.c:1255:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "%s-- %s %s (%s%s order) -- %s", buf,
data/trn4-4.0-test77/rt-select.c:2724:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msg,s);
data/trn4-4.0-test77/rt-select.c:2891:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg,"(%s display style)",s);
data/trn4-4.0-test77/rt-util.c:241:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(d, mid);
data/trn4-4.0-test77/rt-util.c:717:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp+=strlen(cp), "%s%s ", obj_type, PLURAL(num));
data/trn4-4.0-test77/rt-util.c:749:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "No %ss affected.", obj_type);
data/trn4-4.0-test77/rt-wumpus.c:217:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tree_lines[line_num - first_line], tree_buff);
data/trn4-4.0-test77/rt-wumpus.c:231:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tree_buff, tree_indent+5);
data/trn4-4.0-test77/sacmd.c:516:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"%s/%s",sa_extract_dest,decode_dest);
data/trn4-4.0-test77/sacmd.c:530:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"!%s %s",sa_extracted_use,decode_dest);
data/trn4-4.0-test77/sadesc.c:134:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(desc_buf,sa_buf);
data/trn4-4.0-test77/sadesc.c:140:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(desc_buf,sa_buf);
data/trn4-4.0-test77/sadesc.c:145:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(desc_buf,sa_buf);
data/trn4-4.0-test77/sadesc.c:150:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sa_buf,"%s ",padspaces(sa_desc_author(e,16),16));
data/trn4-4.0-test77/sadesc.c:152:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sa_buf,"%s ",sa_desc_author(e,40));
data/trn4-4.0-test77/sadesc.c:153:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(desc_buf,sa_buf);
data/trn4-4.0-test77/sadesc.c:156:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(desc_buf,compress_from(article_ptr(artnum)->from,16));
data/trn4-4.0-test77/sadesc.c:158:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(desc_buf,compress_from(article_ptr(artnum)->from,200));
data/trn4-4.0-test77/sadesc.c:162:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sa_buf,"%s",sa_desc_subject(e));
data/trn4-4.0-test77/sadesc.c:163:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(desc_buf,sa_buf);
data/trn4-4.0-test77/sadesc.c:190:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s2,"Summary: %s%s",tc_SO,s);
data/trn4-4.0-test77/sadesc.c:193:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s2,"Summary: %s",s);
data/trn4-4.0-test77/sadesc.c:221:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s2,"Keys: %s%s",tc_SO,s);
data/trn4-4.0-test77/sadesc.c:224:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s2,"Keys: %s",s);
data/trn4-4.0-test77/sadesc.c:237:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(desc_buf,tc_SE); /* end standout mode */
data/trn4-4.0-test77/score-easy.c:106:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s",buf+1);
data/trn4-4.0-test77/scorefile.c:75:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sf_buf,filexp("%C"));
data/trn4-4.0-test77/scorefile.c:311:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sf_file,filexp(getval("SCOREDIR",DEFAULT_SCOREDIR)));
data/trn4-4.0-test77/scorefile.c:314:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(sf_file,filexp("%C"));
data/trn4-4.0-test77/scorefile.c:333:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(sf_file,filexp("%C"));
data/trn4-4.0-test77/scorefile.c:361:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lbuf,getval("SCOREDIR",DEFAULT_SCOREDIR));
data/trn4-4.0-test77/scorefile.c:363:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(lbuf,s);
data/trn4-4.0-test77/scorefile.c:749:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sf_buf,s);
data/trn4-4.0-test77/scorefile.c:899:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lbuf,buf+1);
data/trn4-4.0-test77/scorefile.c:903:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(lbuf,s);
data/trn4-4.0-test77/scorefile.c:970:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lbuf,scoreline);
data/trn4-4.0-test77/scorefile.c:972:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(lbuf,filexp("from: %y"));
data/trn4-4.0-test77/scorefile.c:976:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lbuf,scoreline);
data/trn4-4.0-test77/scorefile.c:1004:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filebuf,getval("SCOREDIR",DEFAULT_SCOREDIR));
data/trn4-4.0-test77/scorefile.c:1014:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filebuf,getval("SCOREDIR",DEFAULT_SCOREDIR));
data/trn4-4.0-test77/scorefile.c:1198:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filebuf,filespec);
data/trn4-4.0-test77/scorefile.c:1201:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filebuf,getval("SCOREDIR",DEFAULT_SCOREDIR));
data/trn4-4.0-test77/scorefile.c:1210:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filebuf,getval("SCOREDIR",DEFAULT_SCOREDIR));
data/trn4-4.0-test77/scorefile.c:1218:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filebuf,sf_abbr[(int)filechar]);
data/trn4-4.0-test77/scorefile.c:1221:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filebuf,filexp(fname_noexpand));
data/trn4-4.0-test77/scoresave.c:128:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lbuf,savename);
data/trn4-4.0-test77/scoresave.c:445:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(lbuf2,"!%s",gname); /* add the header */
data/trn4-4.0-test77/strftime.c:177:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpbuf, ts->tm_zone);
data/trn4-4.0-test77/strftime.c:186:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tznm, timezone(tz.tz_minuteswest, ts->tm_isdst));
data/trn4-4.0-test77/strftime.c:188:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpbuf, tznm);
data/trn4-4.0-test77/strftime.c:190:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpbuf, ts->tm_name);
data/trn4-4.0-test77/strftime.c:194:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpbuf, tzname[ts->tm_isdst]);
data/trn4-4.0-test77/support/unipatch.c:47:22: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
ln->lk=0, ln->t=ch, strcpy(ln->s,cp);
data/trn4-4.0-test77/sw.c:194:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpbuf,s);
data/trn4-4.0-test77/sw.c:288:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpbuf, "%s%c", isupper(*s)? "r " : nullstr, *s);
data/trn4-4.0-test77/term.c:169:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(cantopen,"/dev/tty") FLUSH;
data/trn4-4.0-test77/term.c:272:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tc_CR,"%s\r",tc_UP);
data/trn4-4.0-test77/term.c:346:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lbuf,seq);
data/trn4-4.0-test77/term.c:352:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lbuf,seq);
data/trn4-4.0-test77/term.c:407:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lbuf,Tgetstr("ku")); /* up */
data/trn4-4.0-test77/term.c:415:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lbuf,Tgetstr("kd")); /* down */
data/trn4-4.0-test77/term.c:423:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lbuf,Tgetstr("kl")); /* left */
data/trn4-4.0-test77/term.c:431:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lbuf,Tgetstr("kr")); /* right */
data/trn4-4.0-test77/term.c:576:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(next,cmd_buf);
data/trn4-4.0-test77/term.c:580:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_buf,"%s %c\n",prefix,i);
data/trn4-4.0-test77/term.c:587:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_buf,"%s %s\n",prefix,curmap->km_ptr[i].km_str);
data/trn4-4.0-test77/term.c:591:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_buf,"%s BOGUS\n",prefix);
data/trn4-4.0-test77/term.c:1452:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf,value);
data/trn4-4.0-test77/term.c:1510:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s ", prefix);
data/trn4-4.0-test77/term.c:1511:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf,cp);
data/trn4-4.0-test77/term.c:1514:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf,cp);
data/trn4-4.0-test77/term.c:1670:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msg,str);
data/trn4-4.0-test77/term.c:2506:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(str,num);
data/trn4-4.0-test77/term.c:2519:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(gbuf,str,y+1,x+1);
data/trn4-4.0-test77/tkstuff.c:135:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(class, name);
data/trn4-4.0-test77/tkstuff.c:275:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf,str);
data/trn4-4.0-test77/trn-artchk.c:114:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ngptrs[ngcnt], cp);
data/trn4-4.0-test77/trn-artchk.c:225:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ser_line, "list active %s", ngptrs[i]);
data/trn4-4.0-test77/trn-artchk.c:241:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ser_line, "GROUP %s", ngptrs[i]);
data/trn4-4.0-test77/trn-artchk.c:255:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ser_line, "XGTITLE %s", ngptrs[i]);
data/trn4-4.0-test77/trn.c:518:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s,ngname);
data/trn4-4.0-test77/trn.c:573:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf+len, ", %s", rp->datasrc->name);
data/trn4-4.0-test77/trn.c:609:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(unsubto,ngptr->rcline) FLUSH;
data/trn4-4.0-test77/trn.c:835:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg,"Trn version:%s.\nConfigured for ",patchlevel);
data/trn4-4.0-test77/trn.c:855:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg,"ID %s:\nNewsrc %s.\n",rp->datasrc->name,rp->name);
data/trn4-4.0-test77/trn.c:859:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg,"News from server %s.\n",rp->datasrc->newsid);
data/trn4-4.0-test77/trn.c:865:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg,"Local active file: %s",
data/trn4-4.0-test77/trn.c:873:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg+strlen(msg),
data/trn4-4.0-test77/trn.c:880:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg,"News from %s.\nLocal active file %s.\n",
data/trn4-4.0-test77/trn.c:891:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg,"Group desc. file: %s",rp->datasrc->grpdesc);
data/trn4-4.0-test77/trn.c:896:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg+strlen(msg),
data/trn4-4.0-test77/trn.c:904:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg,"Overview files from %s.\n",
data/trn4-4.0-test77/trn.c:910:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg,"Thread files from %s.\n",
data/trn4-4.0-test77/trn.c:932:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ngname,what);
data/trn4-4.0-test77/trn.c:935:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ngdir,getngdir(ngname));
data/trn4-4.0-test77/trn.c:948:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(myngdir,ngnam);
data/trn4-4.0-test77/univ.c:350:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lbuf,univ_fname);
data/trn4-4.0-test77/univ.c:355:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(lbuf,s);
data/trn4-4.0-test77/univ.c:767:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lbuf,univ_fname);
data/trn4-4.0-test77/univ.c:773:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(lbuf,s);
data/trn4-4.0-test77/univ.c:785:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lbuf,s);
data/trn4-4.0-test77/univ.c:980:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_buf,"%s ",
data/trn4-4.0-test77/univ.c:982:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cmd_buf, filexp(fname));
data/trn4-4.0-test77/univ.c:1254:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf,"[%3d] %16s %s",ui->score,fbuf,sbuf);
data/trn4-4.0-test77/univ.c:1256:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dbuf,"%16s %55s",fbuf,sbuf);
data/trn4-4.0-test77/url.c:62:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(url_buf, "GET %s\n",path);
data/trn4-4.0-test77/url.c:129:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmdline,"%s/ftpgrab %s ftp %s@%s %s %s %s",
data/trn4-4.0-test77/url.c:229:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(url_path,s);
data/trn4-4.0-test77/util.c:153:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nntpserver_export+len, buf);
data/trn4-4.0-test77/util.c:217:6: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl(shell, shell, "-c", s, (char*)NULL);
data/trn4-4.0-test77/util.c:219:6: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl(shell, shell, (char*)NULL, (char*)NULL, (char*)NULL);
data/trn4-4.0-test77/util.c:398:11: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
FILE* popen();
data/trn4-4.0-test77/util.c:402:19: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((pipefp = popen("/bin/pwd","r")) == NULL) {
data/trn4-4.0-test77/util.c:505:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tbptr," %s",dirname);
data/trn4-4.0-test77/util.c:520:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_buf,"%s %s %d", filexp(DIRMAKER), dirname, nametype);
data/trn4-4.0-test77/util.c:714:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "%d day%s, ", items, PLURAL(items));
data/trn4-4.0-test77/util.c:720:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "%d hour%s, ", items, PLURAL(items));
data/trn4-4.0-test77/util.c:724:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "%d minute%s, ", (int)secs, PLURAL(items));
data/trn4-4.0-test77/util.c:738:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpbuf,"%s/trn%d.%ld",tmpdir,tmpfile_num++,our_pid);
data/trn4-4.0-test77/util.c:1066:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_buf,"%s ",
data/trn4-4.0-test77/util.c:1068:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cmd_buf, filexp(fname));
data/trn4-4.0-test77/util2.c:33:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newaddr,str);
data/trn4-4.0-test77/util2.c:100:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scrbuf,"%s%s",homedir,s);
data/trn4-4.0-test77/util2.c:106:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename,scrbuf);
data/trn4-4.0-test77/util2.c:112:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scrbuf,"%s%s",d,s+1);
data/trn4-4.0-test77/util2.c:123:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(scrbuf,tildedir);
data/trn4-4.0-test77/util2.c:124:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(scrbuf, s);
data/trn4-4.0-test77/util2.c:125:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, scrbuf);
data/trn4-4.0-test77/util2.c:145:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scrbuf,"%s%s",pwd->pw_dir,s);
data/trn4-4.0-test77/util2.c:147:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename,scrbuf);
data/trn4-4.0-test77/util2.c:171:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(scrbuf,s);
data/trn4-4.0-test77/util2.c:172:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename,scrbuf);
data/trn4-4.0-test77/util2.c:202:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(d,s+2);
data/trn4-4.0-test77/util2.c:208:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(d,s);
data/trn4-4.0-test77/util3.c:30:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return system(cmd);
data/trn4-4.0-test77/uudecode.c:251:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lastline, buf);
data/trn4-4.0-test77/config2.h:20:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char* getenv();
data/trn4-4.0-test77/datasrc.c:46:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
machine = getenv("NNTPSERVER");
data/trn4-4.0-test77/datasrc.c:52:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
vals[DI_AUTH_COMMAND] = getenv("NNTPAUTH");
data/trn4-4.0-test77/datasrc.c:54:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
vals[DI_FORCE_AUTH] = getenv("NNTP_FORCE_AUTH");
data/trn4-4.0-test77/datasrc.c:93:30: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
vals[DI_AUTH_COMMAND] = getenv("NNTPAUTH");
data/trn4-4.0-test77/datasrc.c:95:28: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
vals[DI_FORCE_AUTH] = getenv("NNTP_FORCE_AUTH");
data/trn4-4.0-test77/env.c:29:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((homedir = getenv("HOME")) == NULL)
data/trn4-4.0-test77/env.c:30:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
homedir = getenv("LOGDIR");
data/trn4-4.0-test77/env.c:32:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((tmpdir = getenv("TMPDIR")) == NULL)
data/trn4-4.0-test77/env.c:37:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
loginName = getenv("USER");
data/trn4-4.0-test77/env.c:39:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
loginName = getenv("LOGNAME");
data/trn4-4.0-test77/env.c:280:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((val = getenv(nam)) == NULL || !*val)
data/trn4-4.0-test77/env.c:368:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
#undef getenv
data/trn4-4.0-test77/env.c:369:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char* s = getenv(var);
data/trn4-4.0-test77/inews.c:68:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cp = getenv("NNTPSERVER");
data/trn4-4.0-test77/inews.c:83:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cp = getenv("NNTP_FORCE_AUTH")) != NULL
data/trn4-4.0-test77/inews.c:150:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cp = getenv("NNTPFDS")) != NULL) {
data/trn4-4.0-test77/inews.c:191:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!getenv("NO_ORIGINATOR")) {
data/trn4-4.0-test77/kfile.c:53:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char* cp = getenv("KILLTHREADS");
data/trn4-4.0-test77/mime.c:39:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((mcname = getenv("MIMECAPS")) == NULL)
data/trn4-4.0-test77/msdos.h:18:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
#define getenv GetEnv
data/trn4-4.0-test77/nntplist.c:74:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
loginName = getenv("USER");
data/trn4-4.0-test77/nntplist.c:76:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
loginName = getenv("LOGNAME");
data/trn4-4.0-test77/nntplist.c:84:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
homedir = getenv("HOME");
data/trn4-4.0-test77/nntplist.c:86:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
homedir = getenv("LOGDIR");
data/trn4-4.0-test77/nntplist.c:87:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
dotdir = getenv("DOTDIR");
data/trn4-4.0-test77/nntplist.c:91:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cp = getenv("NNTPSERVER");
data/trn4-4.0-test77/nntplist.c:109:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cp = getenv("NNTP_FORCE_AUTH")) != NULL
data/trn4-4.0-test77/opt.c:101:30: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!use_threads || (s = getenv("TRNINIT")) == NULL)
data/trn4-4.0-test77/opt.c:102:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
s = getenv("RNINIT");
data/trn4-4.0-test77/os2.h:18:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
#define getenv GetEnv
data/trn4-4.0-test77/popen.c:44:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((shell = getenv("SHELL")) == NULL
data/trn4-4.0-test77/popen.c:45:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
&& (shell = getenv("COMSPEC")) == NULL)
data/trn4-4.0-test77/rcstuff.c:121:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
newsrc = getenv("NEWSRC");
data/trn4-4.0-test77/respond.c:382:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
s = getenv(mailbox ? "MBOXSAVER" : "NORMSAVER");
data/trn4-4.0-test77/term.c:203:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
s = getenv("TERM");
data/trn4-4.0-test77/term.c:2163:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
s = getenv("XTERMMOUSE");
data/trn4-4.0-test77/trn-artchk.c:58:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
homedir = getenv("HOME");
data/trn4-4.0-test77/trn-artchk.c:60:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
homedir = getenv("LOGDIR");
data/trn4-4.0-test77/trn-artchk.c:61:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
dotdir = getenv("DOTDIR");
data/trn4-4.0-test77/trn-artchk.c:155:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cp = getenv("NNTPSERVER");
data/trn4-4.0-test77/trn-artchk.c:173:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cp = getenv("NNTP_FORCE_AUTH")) != NULL
data/trn4-4.0-test77/util.c:391:11: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
ret = getwd(buf);
data/trn4-4.0-test77/util2.c:109:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
d = getenv("TRNPREFIX");
data/trn4-4.0-test77/addng.c:171:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, " %010ld %05ld %c\n", high, low, ch);
data/trn4-4.0-test77/addng.c:201:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[LBUFLEN];
data/trn4-4.0-test77/addng.c:213:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpfp = fopen(dp->extra_name,"r");
data/trn4-4.0-test77/addng.c:224:17: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
|| (lastone = atol(s+1)) < dp->lastnewgrp)
data/trn4-4.0-test77/addng.c:371:12: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) bcopy(bp, buf, linelen);
data/trn4-4.0-test77/addng.h:13:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1];
data/trn4-4.0-test77/art.c:102:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char prompt_buf[64]; /* place to hold prompt */
data/trn4-4.0-test77/art.c:185:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(art_line+strlen(art_line)," (%ld + %ld more)",
data/trn4-4.0-test77/art.c:191:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(art_line+strlen(art_line),
data/trn4-4.0-test77/art.c:195:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(art_line+strlen(art_line)-1,
data/trn4-4.0-test77/art.c:597:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd_buf,"%ld",(long)(artpos*100/artsize));
data/trn4-4.0-test77/art.c:723:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd_buf,"^[^%c\n]",*s);
data/trn4-4.0-test77/art.h:17:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXT char art_line[LBUFLEN]; /* place for article lines */
data/trn4-4.0-test77/artio.c:47:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char artname[MAXFILENAME]; /* filename of current article */
data/trn4-4.0-test77/artio.c:66:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(artname,"%ld",(long)artnum);
data/trn4-4.0-test77/artio.c:67:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
artfp = fopen(artname,"r");
data/trn4-4.0-test77/artio.c:84:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[256];
data/trn4-4.0-test77/artio.c:94:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(artfp = fopen(tmpbuf,"r")))
data/trn4-4.0-test77/artsrch.c:172:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pattern,": *");
data/trn4-4.0-test77/artsrch.c:266:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char saltbuf[LBUFLEN], *f;
data/trn4-4.0-test77/artsrch.c:387:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf,"Subject: ");
data/trn4-4.0-test77/artsrch.c:395:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "From: ");
data/trn4-4.0-test77/backpage.c:23:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
varyfd = open(varyname,2);
data/trn4-4.0-test77/bits.c:100:8: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
min = atol(s);
data/trn4-4.0-test77/bits.c:120:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if ((max = atol(h+1)) < min)
data/trn4-4.0-test77/bits.c:171:13: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
firstart = atol(s+2)+1; /* process first range thusly */
data/trn4-4.0-test77/bits.c:199:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s," 1-%ld,",(long)i-1);
data/trn4-4.0-test77/bits.c:222:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"%ld",(long)i); /* put out the min of the range */
data/trn4-4.0-test77/bits.c:229:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"-%ld,",(long)i);
data/trn4-4.0-test77/bits.c:287:17: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
an = (ART_NUM)atol(ser_line);
data/trn4-4.0-test77/bits.c:624:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[128];
data/trn4-4.0-test77/bits.c:670:16: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!(x = atol(xartnum)))
data/trn4-4.0-test77/bits.c:772:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[128];
data/trn4-4.0-test77/bits.c:809:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((hist_file = fopen(filexp(ARTFILE), "r")) == NULL)
data/trn4-4.0-test77/bits.c:830:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(rhs.dptr,(char*)&pos, 4);
data/trn4-4.0-test77/bits.c:853:12: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!(x = atol(xartnum)))
data/trn4-4.0-test77/cache.c:430:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char linesbuf[32];
data/trn4-4.0-test77/cache.c:431:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(linesbuf, "%ld", ap->lines);
data/trn4-4.0-test77/cache.c:436:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bytesbuf[32];
data/trn4-4.0-test77/cache.c:437:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bytesbuf, "%ld", ap->bytes);
data/trn4-4.0-test77/cache.c:466:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(newsubj, "Re: ");
data/trn4-4.0-test77/cache.c:652:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ap->lines = atol(s);
data/trn4-4.0-test77/cache.c:655:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ap->bytes = atol(s);
data/trn4-4.0-test77/cache.c:700:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pattern,": *");
data/trn4-4.0-test77/common.h:753:12: [2] (race) vfork:
On some old systems, vfork() permits race conditions, and it's very
difficult to use correctly (CWE-362). Use fork() instead.
# define vfork fork
data/trn4-4.0-test77/common.h:782:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXT char msg[CBUFLEN]; /* general purpose message buffer */
data/trn4-4.0-test77/common.h:783:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXT char buf[LBUFLEN+1]; /* general purpose line buffer */
data/trn4-4.0-test77/common.h:784:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXT char cmd_buf[CBUFLEN]; /* buffer for formatting system commands */
data/trn4-4.0-test77/common.h:817:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXT char UnivSelCmds[3] INIT("Z>");
data/trn4-4.0-test77/common.h:818:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXT char NewsrcSelCmds[3] INIT("Z>");
data/trn4-4.0-test77/common.h:819:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXT char AddSelCmds[3] INIT("Z>");
data/trn4-4.0-test77/common.h:820:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXT char NewsgroupSelCmds[3] INIT("Z>");
data/trn4-4.0-test77/common.h:821:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXT char NewsSelCmds[3] INIT("Z>");
data/trn4-4.0-test77/common.h:822:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXT char OptionSelCmds[3] INIT("Z>");
data/trn4-4.0-test77/common.h:906:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXT char MouseModes[32] INIT("acjlptwvK");
data/trn4-4.0-test77/common.h:925:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXT char nullstr[1] INIT("");
data/trn4-4.0-test77/common.h:926:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXT char ess[2] INIT("s");
data/trn4-4.0-test77/config2.h:119:10: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# ifndef bcopy
data/trn4-4.0-test77/config2.h:120:12: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define bcopy(s,d,l) memcpy((d),(s),(l))
data/trn4-4.0-test77/config2.h:120:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define bcopy(s,d,l) memcpy((d),(s),(l))
data/trn4-4.0-test77/config2.h:147:6: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
long atol(), ftell();
data/trn4-4.0-test77/datasrc.c:116:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(filexp(filename),0)) >= 0) {
data/trn4-4.0-test77/datasrc.c:181:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dp->nntplink.port_number = atoi(cp+1);
data/trn4-4.0-test77/datasrc.c:276:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cp+len,"newsgroups");
data/trn4-4.0-test77/datasrc.c:546:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
high = (ART_NUM)atol(outbuf+len+1);
data/trn4-4.0-test77/datasrc.c:555:35: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (high && high != (ART_NUM)atol(cp = lbp+len+1)) {
data/trn4-4.0-test77/datasrc.c:578:13: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) bcopy(outbuf, lbp, lbp_len);
data/trn4-4.0-test77/datasrc.c:583:9: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) bcopy(lbp, outbuf, lbp_len);
data/trn4-4.0-test77/datasrc.c:703:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "r");
data/trn4-4.0-test77/datasrc.c:708:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "w+");
data/trn4-4.0-test77/datasrc.c:729:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "r+");
data/trn4-4.0-test77/datasrc.c:732:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "r");
data/trn4-4.0-test77/datasrc.c:742:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "r");
data/trn4-4.0-test77/datasrc.c:828:9: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) bcopy(buf, lbp, linelen);
data/trn4-4.0-test77/datasrc.c:898:12: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) bcopy(bp, lbp, linelen);
data/trn4-4.0-test77/datasrc.c:1093:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char promptbuf[256];
data/trn4-4.0-test77/datasrc.c:1094:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char options[MAX_NG+10];
data/trn4-4.0-test77/datasrc.c:1109:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(op++, "%d", i+1); /* Expensive, but avoids ASCII deps */
data/trn4-4.0-test77/datasrc.c:1118:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(promptbuf, "Which of these would you like?");
data/trn4-4.0-test77/datasrc.c:1122:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(promptbuf, "Which?");
data/trn4-4.0-test77/decode.c:196:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
part = atoi(t);
data/trn4-4.0-test77/decode.c:198:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
total = isdigit(*s)? atoi(s) : 0;
data/trn4-4.0-test77/decode.c:209:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
total = atoi(t);
data/trn4-4.0-test77/decode.c:215:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
part = atoi(s);
data/trn4-4.0-test77/decode.c:256:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg, "Failed.");
data/trn4-4.0-test77/decode.c:271:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Saving part %d ", part);
data/trn4-4.0-test77/decode.c:273:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf+strlen(buf), "of %d ", total);
data/trn4-4.0-test77/decode.c:282:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(buf, "w");
data/trn4-4.0-test77/decode.c:284:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg,"Failed."); /*$$*/
data/trn4-4.0-test77/decode.c:296:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpfp = fopen(buf, "w");
data/trn4-4.0-test77/decode.c:310:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(buf, "r")) != NULL) {
data/trn4-4.0-test77/decode.c:312:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
total = atoi(buf);
data/trn4-4.0-test77/decode.c:327:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(buf, "r");
data/trn4-4.0-test77/decode.c:347:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg,"Unhandled encoding type -- aborting.");
data/trn4-4.0-test77/decode.c:359:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(buf, "r");
data/trn4-4.0-test77/decode.c:370:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg,"Failed."); /*$$*/
data/trn4-4.0-test77/decode.c:378:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg,"Premature EOF.");
data/trn4-4.0-test77/decode.c:428:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dir[LBUFLEN];
data/trn4-4.0-test77/env.c:71:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
netspeed = atoi(cp);
data/trn4-4.0-test77/env.c:169:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filexp(FULLNAMEFILE),"r")) != NULL) {
data/trn4-4.0-test77/env.c:216:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmpbuf, "!INVALID!");
data/trn4-4.0-test77/env.c:227:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(phostname,"r")) == NULL)
data/trn4-4.0-test77/env.c:265:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmpbuf,"UNKNOWN.HOST");
data/trn4-4.0-test77/env.c:373:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ebuf[MAXDIR+32];
data/trn4-4.0-test77/filter.c:133:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/trn4-4.0-test77/filter.c:186:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/trn4-4.0-test77/filter.c:198:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "art %ld", ap->num);
data/trn4-4.0-test77/head.c:525:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num = atol(line);
data/trn4-4.0-test77/inews.c:21:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nullstr[1];
data/trn4-4.0-test77/inews.c:23:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[LBUFLEN+1];
data/trn4-4.0-test77/inews.c:79:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nntplink.port_number = atoi(cp+1);
data/trn4-4.0-test77/inews.c:228:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(ser_line) == NNTP_POSTFAIL_VAL) {
data/trn4-4.0-test77/inews.c:294:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filexp(SIGNATURE_FILE), "r");
data/trn4-4.0-test77/inews.c:323:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_command_save[NNTP_STRLEN];
data/trn4-4.0-test77/init.c:71:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char std_out_buf[BUFSIZ]; /* must be static or malloced */
data/trn4-4.0-test77/init.c:201:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((tmpfp = fopen(newsnewsname,"r")) != NULL) {
data/trn4-4.0-test77/intrp.c:71:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tildenews[2+sizeof NEWS_ADMIN];
data/trn4-4.0-test77/intrp.c:221:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scrbuf[8192];
data/trn4-4.0-test77/intrp.c:222:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spfbuf[512];
data/trn4-4.0-test77/intrp.c:464:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"%ld",our_pid);
data/trn4-4.0-test77/intrp.c:470:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"%d",++counter);
data/trn4-4.0-test77/intrp.c:473:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"%d",perform_cnt);
data/trn4-4.0-test77/intrp.c:486:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"%ld",(long)art);
data/trn4-4.0-test77/intrp.c:520:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"%ld",(long)savefrom);
data/trn4-4.0-test77/intrp.c:603:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(scrbuf,"%d",just_a_sec*10);
data/trn4-4.0-test77/intrp.c:621:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(scrbuf,"%ld",(long)dmcount);
data/trn4-4.0-test77/intrp.c:644:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* ofp = fopen(s,"r");
data/trn4-4.0-test77/intrp.c:777:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(scrbuf,"%ld",(long)ngptr->toread);
data/trn4-4.0-test77/intrp.c:795:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(scrbuf,"%ld",
data/trn4-4.0-test77/intrp.c:799:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(scrbuf,"%ld",(long)ngptr->toread - unseen);
data/trn4-4.0-test77/intrp.c:809:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(scrbuf,"%ld",(long)ngptr->toread-selected_count
data/trn4-4.0-test77/intrp.c:840:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmpbuf[1024];
data/trn4-4.0-test77/intrp.c:890:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"%ld",(long)art);
data/trn4-4.0-test77/intrp.c:894:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(scrbuf,"%5ld",(long)filestat.st_size);
data/trn4-4.0-test77/intrp.c:898:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(scrbuf,"%ld",(long)selected_count);
data/trn4-4.0-test77/kfile.c:60:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filexp(cp), "r")) != NULL) {
data/trn4-4.0-test77/kfile.c:70:25: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
age = kf_daynum - atol(cp+1);
data/trn4-4.0-test77/kfile.c:147:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
killfirst = atol(cp+len+1)+1;
data/trn4-4.0-test77/kfile.c:167:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((incfile = fopen(cp, "r")) != NULL) {
data/trn4-4.0-test77/kfile.c:433:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((newkfp = fopen(killname,"w")) != NULL) {
data/trn4-4.0-test77/kfile.c:578:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((newkfp = fopen(cp,"w")) == NULL)
data/trn4-4.0-test77/kfile.c:584:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((newkfp = fopen(cp, "a")) == NULL)
data/trn4-4.0-test77/kfile.c:744:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
localkfp = fopen(kname,"r");
data/trn4-4.0-test77/kfile.c:749:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
globkfp = fopen(kname,"r");
data/trn4-4.0-test77/kfile.c:772:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((tmpfp = fopen(cmd_buf,"a+")) != NULL) {
data/trn4-4.0-test77/last.c:32:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((tmpfp = fopen(lastfile,"r")) != NULL) {
data/trn4-4.0-test77/last.c:57:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((tmpfp = fopen(buf,"w")) != NULL) {
data/trn4-4.0-test77/list.h:11:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1]; /* this is actually longer */
data/trn4-4.0-test77/mime.c:66:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filexp(mcname), "r")) == NULL)
data/trn4-4.0-test77/mime.c:384:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mp->part = (short)atoi(t);
data/trn4-4.0-test77/mime.c:387:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mp->total = (short)atoi(t);
data/trn4-4.0-test77/mime.c:549:34: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mime_section->content_len = atol(s+1);
data/trn4-4.0-test77/mime.c:794:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s+limit-3, "...]\n");
data/trn4-4.0-test77/mime.c:800:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(s, "...]\n");
data/trn4-4.0-test77/mime.c:881:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofp = fopen(filename, FOPEN_WB);
data/trn4-4.0-test77/mime.c:993:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofp = fopen(filename, FOPEN_WB);
data/trn4-4.0-test77/mime.c:1086:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofp = fopen(filename, FOPEN_WB);
data/trn4-4.0-test77/mime.c:1118:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tagword[32];
data/trn4-4.0-test77/mime.c:1258:4: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(cp, cp + fudge, t - cp);
data/trn4-4.0-test77/mime.c:1273:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bullets[3] = {'*', 'o', '+'};
data/trn4-4.0-test77/mime.c:1274:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char letters[2] = {'a', 'A'};
data/trn4-4.0-test77/mime.c:1377:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t, "[Image] ");
data/trn4-4.0-test77/mime.c:1421:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(t-4, "%2d. ", ++blks[j].cnt);
data/trn4-4.0-test77/ndir.c:27:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(name, 0)) == -1)
data/trn4-4.0-test77/ndir.c:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char od_name[ODIRSIZ];
data/trn4-4.0-test77/ndir.c:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char od_name[ODIRSIZ];
data/trn4-4.0-test77/ndir.h:29:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d_name[MAXNAMLEN + 1]; /* name must be no longer than this */
data/trn4-4.0-test77/ndir.h:48:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dd_buf[DIRBLKSIZ];
data/trn4-4.0-test77/ng.c:401:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[256];
data/trn4-4.0-test77/ng.c:1706:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
leave_unread = atoi(buf);
data/trn4-4.0-test77/ng.c:1790:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[256];
data/trn4-4.0-test77/ng.c:1808:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpbuf,"%-5ld ", i);
data/trn4-4.0-test77/ngdata.c:178:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "More news -- auto-processing...\n\n");
data/trn4-4.0-test77/ngdata.c:335:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[LBUFLEN];
data/trn4-4.0-test77/ngsrch.c:192:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ng_pattern[128];
data/trn4-4.0-test77/ngstuff.c:54:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char whereiam[1024];
data/trn4-4.0-test77/ngstuff.c:116:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[LBUFLEN];
data/trn4-4.0-test77/ngstuff.c:125:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char whereami[1024];
data/trn4-4.0-test77/ngstuff.c:126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[LBUFLEN+16];
data/trn4-4.0-test77/ngstuff.c:161:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[LBUFLEN];
data/trn4-4.0-test77/ngstuff.c:199:12: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
min = atol(s);
data/trn4-4.0-test77/ngstuff.c:202:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg,"(First article is %ld)",(long)absfirst);
data/trn4-4.0-test77/ngstuff.c:212:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max = atol(s);
data/trn4-4.0-test77/ngstuff.c:220:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg,"(Last article is %ld)",(long)lastart) FLUSH;
data/trn4-4.0-test77/ngstuff.c:238:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg,"(Interrupted at article %ld)",(long)art);
data/trn4-4.0-test77/ngstuff.c:242:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg,"(Intr at %ld)",(long)art);
data/trn4-4.0-test77/ngstuff.c:393:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[LBUFLEN+1];
data/trn4-4.0-test77/ngstuff.c:508:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[512];
data/trn4-4.0-test77/nntp.c:46:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ser_line, "LIST");
data/trn4-4.0-test77/nntp.c:97:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int ser_int = atoi(ser_line);
data/trn4-4.0-test77/nntp.c:131:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ser_line, "STAT %ld", (long)artnum);
data/trn4-4.0-test77/nntp.c:173:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ser_line, "HEAD %ld", (long)artnum);
data/trn4-4.0-test77/nntp.c:191:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
artfp = fopen(artname,"r");
data/trn4-4.0-test77/nntp.c:198:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(artfp = fopen(artname, "w+"))) {
data/trn4-4.0-test77/nntp.c:208:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ser_line, "BODY %ld", (long)artnum);
data/trn4-4.0-test77/nntp.c:210:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ser_line, "ARTICLE %ld", (long)artnum);
data/trn4-4.0-test77/nntp.c:229:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[NNTP_STRLEN];
data/trn4-4.0-test77/nntp.c:284:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[NNTP_STRLEN];
data/trn4-4.0-test77/nntp.c:329:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[NNTP_STRLEN];
data/trn4-4.0-test77/nntp.c:393:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
year = atoi(s);
data/trn4-4.0-test77/nntp.c:421:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ser_line, "NEWGROUPS %02d%02d%02d %02d%02d%02d GMT",
data/trn4-4.0-test77/nntp.c:523:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char artname[20];
data/trn4-4.0-test77/nntp.c:524:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(artname,"rrn.%ld.%d",our_pid,ndx);
data/trn4-4.0-test77/nntp.c:543:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_command_save[NNTP_STRLEN];
data/trn4-4.0-test77/nntp.c:629:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5]; /* "\r\n.\r\n" */
data/trn4-4.0-test77/nntpauth.c:24:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_command_save[NNTP_STRLEN];
data/trn4-4.0-test77/nntpauth.c:69:13: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
FILE* fp = tmpfile();
data/trn4-4.0-test77/nntpauth.c:87:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ser_line, "502 Authentication failed");
data/trn4-4.0-test77/nntpauth.c:90:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ser_line, "281 Ok");
data/trn4-4.0-test77/nntpclient.c:53:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(ser_line) == response) {
data/trn4-4.0-test77/nntpclient.c:54:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[LBUFLEN];
data/trn4-4.0-test77/nntpclient.c:121:33: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (FILE_REF(name) && (fp = fopen(name, "r")) != NULL) {
data/trn4-4.0-test77/nntpclient.c:193:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ser_line, "503 Server closed connection.");
data/trn4-4.0-test77/nntpclient.c:196:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (len == 0 && atoi(ser_line) == NNTP_TMPERR_VAL
data/trn4-4.0-test77/nntpclient.c:204:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ser_line, "205 Ok");
data/trn4-4.0-test77/nntpclient.c:218:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(ser_line) == NNTP_LIST_FOLLOWS_VAL)
data/trn4-4.0-test77/nntpclient.c:230:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(ser_line) == NNTP_AUTH_NEEDED_VAL) {
data/trn4-4.0-test77/nntpclient.h:58:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXT char ser_line[NNTP_STRLEN];
data/trn4-4.0-test77/nntpclient.h:60:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXT char last_command[NNTP_STRLEN];
data/trn4-4.0-test77/nntpinit.c:113:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char save_line[NNTP_STRLEN];
data/trn4-4.0-test77/nntpinit.c:118:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ser_line, "%d failed to send MODE READER\n", NNTP_ACCESS_VAL);
data/trn4-4.0-test77/nntpinit.c:119:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (nntp_check() <= 0 && atoi(ser_line) == NNTP_BAD_COMMAND_VAL)
data/trn4-4.0-test77/nntpinit.c:122:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(ser_line);
data/trn4-4.0-test77/nntpinit.c:144:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char portstr[8];
data/trn4-4.0-test77/nntpinit.c:153:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(service = portstr, "%d", port);
data/trn4-4.0-test77/nntpinit.c:160:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64] = "";
data/trn4-4.0-test77/nntpinit.c:203:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char namebuf[256];
data/trn4-4.0-test77/nntpinit.c:262:9: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(*cp, (char*)&sin.sin_addr, hp->h_length);
data/trn4-4.0-test77/nntpinit.c:309:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(hp->h_addr, (char*)&sin.sin_addr, hp->h_length);
data/trn4-4.0-test77/nntpinit.c:364:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(np->n_addr, (char*)sdn.sdn_add.a_addr, np->n_length);
data/trn4-4.0-test77/nntpinit.c:372:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy("NNTP", &sdn.sdn_objname[0], sdn.sdn_objnamel);
data/trn4-4.0-test77/nntplist.c:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[32];
data/trn4-4.0-test77/nntplist.c:46:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_fp = fopen(*++argv, "w");
data/trn4-4.0-test77/nntplist.c:106:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nntplink.port_number = atoi(cp+1);
data/trn4-4.0-test77/nntplist.c:121:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(command,"LIST");
data/trn4-4.0-test77/nntplist.c:164:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((in_fp = fopen(filexp(cp), "r")) == NULL) {
data/trn4-4.0-test77/only.c:81:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "Exiting \"only\".");
data/trn4-4.0-test77/opt.c:131:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(filename,0);
data/trn4-4.0-test77/opt.c:295:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
UseNewsSelector = atoi(s);
data/trn4-4.0-test77/opt.c:357:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[1024];
data/trn4-4.0-test77/opt.c:369:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
docheckwhen = atoi(s);
data/trn4-4.0-test77/opt.c:391:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gline = atoi(s)-1;
data/trn4-4.0-test77/opt.c:404:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
initlines = atoi(s);
data/trn4-4.0-test77/opt.c:414:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
change_join_subject_len(atoi(s));
data/trn4-4.0-test77/opt.c:436:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
marking_areas = atoi(s);
data/trn4-4.0-test77/opt.c:448:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
olden_days = atoi(s);
data/trn4-4.0-test77/opt.c:488:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
countdown = atoi(s);
data/trn4-4.0-test77/opt.c:503:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
scanon = atoi(s);
data/trn4-4.0-test77/opt.c:528:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((max_tree_lines = atoi(s)) > 11)
data/trn4-4.0-test77/opt.c:535:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
word_wrap_offset = atoi(s);
data/trn4-4.0-test77/opt.c:624:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_out = fopen(buf,"w");
data/trn4-4.0-test77/opt.c:629:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd_in = open(filename,0)) >= 0) {
data/trn4-4.0-test77/opt.c:774:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",UseNewsSelector);
data/trn4-4.0-test77/opt.c:821:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",docheckwhen);
data/trn4-4.0-test77/opt.c:832:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",gline+1);
data/trn4-4.0-test77/opt.c:843:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",initlines);
data/trn4-4.0-test77/opt.c:851:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",join_subject_len);
data/trn4-4.0-test77/opt.c:869:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",marking_areas);
data/trn4-4.0-test77/opt.c:873:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf,"underline");
data/trn4-4.0-test77/opt.c:875:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf,"standout");
data/trn4-4.0-test77/opt.c:880:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",olden_days);
data/trn4-4.0-test77/opt.c:911:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",countdown);
data/trn4-4.0-test77/opt.c:917:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",scanon);
data/trn4-4.0-test77/opt.c:933:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",max_tree_lines);
data/trn4-4.0-test77/opt.c:937:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",word_wrap_offset);
data/trn4-4.0-test77/opt.c:1255:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[LBUFLEN];
data/trn4-4.0-test77/popen.c:86:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char name[14];
data/trn4-4.0-test77/popen.c:88:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(name, "pipe%04d.tmp", num++);
data/trn4-4.0-test77/popen.c:127:11: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
char* tmpfile; /* Holds name of pipe file */
data/trn4-4.0-test77/popen.c:133:12: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
strcat(tmpfile, uniquepipe());
data/trn4-4.0-test77/popen.c:146:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((p = fopen(tmpfile, "w")) != NULL) {
data/trn4-4.0-test77/popen.c:146:17: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if ((p = fopen(tmpfile, "w")) != NULL) {
data/trn4-4.0-test77/popen.c:149:33: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
pipename[pipefd] = savestr(tmpfile);
data/trn4-4.0-test77/popen.c:157:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((p = fopen(tmpfile, "w")) != NULL) {
data/trn4-4.0-test77/popen.c:157:17: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if ((p = fopen(tmpfile, "w")) != NULL) {
data/trn4-4.0-test77/popen.c:161:33: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
pipename[pipefd] = savestr(tmpfile);
data/trn4-4.0-test77/popen.c:176:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((p = fopen(tmpfile, "r")) == NULL)
data/trn4-4.0-test77/popen.c:176:21: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if ((p = fopen(tmpfile, "r")) == NULL)
data/trn4-4.0-test77/popen.c:214:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((p = fopen(pipename[pipefd],"r")) == NULL)
data/trn4-4.0-test77/rcln.c:36:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[128];
data/trn4-4.0-test77/rcln.c:140:44: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
while (isdigit(*s) && artnum >= (min = atol(s))) {
data/trn4-4.0-test77/rcln.c:145:27: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (artnum <= (max = atol(t)))
data/trn4-4.0-test77/rcln.c:193:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(t,"%ld-",(long)artnum);/* artnum will be new min */
data/trn4-4.0-test77/rcln.c:201:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(t,"%ld,",(long)artnum); /* put the number and comma */
data/trn4-4.0-test77/rcln.c:204:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(t,"%ld",(long)artnum); /* put the number there (wherever) */
data/trn4-4.0-test77/rcln.c:258:22: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (*t == ',' && atol(t+1) == artnum) {
data/trn4-4.0-test77/rcln.c:271:44: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
while (isdigit(*s) && artnum >= (min = atol(s))) {
data/trn4-4.0-test77/rcln.c:276:12: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max = atol(t);
data/trn4-4.0-test77/rcln.c:348:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(where,"%ld",(long)min);
data/trn4-4.0-test77/rcln.c:350:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(where,"%ld-%ld",(long)min,(long)max);
data/trn4-4.0-test77/rcln.c:364:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[64];
data/trn4-4.0-test77/rcln.c:387:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpbuf," 1-%ld",(long)ngsize);
data/trn4-4.0-test77/rcln.c:403:26: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unread -= (newmax = atol(h+1)) - atol(s) + 1;
data/trn4-4.0-test77/rcln.c:403:39: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unread -= (newmax = atol(h+1)) - atol(s) + 1;
data/trn4-4.0-test77/rcln.c:404:21: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if ((newmax = atol(s)) != 0)
data/trn4-4.0-test77/rcln.c:468:25: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
while (*s && (num = atol(s)) <= a1st) {
data/trn4-4.0-test77/rcln.c:494:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numbuf[32];
data/trn4-4.0-test77/rcln.c:497:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(numbuf," 1-%ld",(long)(a1st - (lastnum != a1st)));
data/trn4-4.0-test77/rcln.c:572:44: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
while (isdigit(*s) && artnum >= (min = atol(s))) {
data/trn4-4.0-test77/rcln.c:577:27: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (artnum <= (max = atol(t)))
data/trn4-4.0-test77/rcstuff.c:56:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(section+6);
data/trn4-4.0-test77/rcstuff.c:113:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[CBUFLEN];
data/trn4-4.0-test77/rcstuff.c:317:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpfp = fopen(rp->lockname,"r");
data/trn4-4.0-test77/rcstuff.c:320:19: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
processnum = atol(buf);
data/trn4-4.0-test77/rcstuff.c:420:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpfp = fopen(rp->lockname,"w");
data/trn4-4.0-test77/rcstuff.c:455:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((rcfp = fopen(rp->name,"r")) == NULL) {
data/trn4-4.0-test77/rcstuff.c:456:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rcfp = fopen(rp->name,"w+");
data/trn4-4.0-test77/rcstuff.c:474:32: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ElseIf (*some_buf && (tmpfp = fopen(filexp(some_buf),"r")) != NULL) {
data/trn4-4.0-test77/rcstuff.c:613:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((tmpfp = fopen(rp->infoname,"r")) != NULL) {
data/trn4-4.0-test77/rcstuff.c:678:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s, ": ");
data/trn4-4.0-test77/rcstuff.c:697:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((rcfp = fopen(np->rc->oldname, "r")) != NULL) {
data/trn4-4.0-test77/rcstuff.c:754:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char promptbuf[PBLEN+1];
data/trn4-4.0-test77/rcstuff.c:1126:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
newnum = atol(buf);
data/trn4-4.0-test77/rcstuff.c:1201:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[2048];
data/trn4-4.0-test77/rcstuff.c:1211:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpbuf,"%3d %6ld ",i,(long)np->toread);
data/trn4-4.0-test77/rcstuff.c:1430:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((tmpfp = fopen(rp->infoname, "w")) != NULL) {
data/trn4-4.0-test77/rcstuff.c:1455:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rcfp = fopen(rp->newname, "w");
data/trn4-4.0-test77/respond.c:49:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char altbuf[CBUFLEN];
data/trn4-4.0-test77/respond.c:86:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
partOpt = atoi(s+1);
data/trn4-4.0-test77/respond.c:89:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
totalOpt = atoi(s+1);
data/trn4-4.0-test77/respond.c:367:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpfp = fopen(s,"r+");
data/trn4-4.0-test77/respond.c:398:37: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if (tmpfp != NULL || (tmpfp = fopen(savedest, "a")) != NULL) {
data/trn4-4.0-test77/respond.c:510:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hbuf[5*LBUFLEN];
data/trn4-4.0-test77/respond.c:558:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpfp = fopen(headname,"w"); /* open header file */
data/trn4-4.0-test77/respond.c:583:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hbuf[5*LBUFLEN];
data/trn4-4.0-test77/respond.c:632:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpfp = fopen(headname,"w"); /* open header file */
data/trn4-4.0-test77/respond.c:666:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
|| (nntp_check() < 0 && atoi(ser_line) != NNTP_BAD_COMMAND_VAL)))
data/trn4-4.0-test77/respond.c:680:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp_out = fopen(deadart, "a")) != NULL) {
data/trn4-4.0-test77/respond.c:681:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp_in = fopen(headname, "r")) != NULL) {
data/trn4-4.0-test77/respond.c:700:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hbuf[5*LBUFLEN];
data/trn4-4.0-test77/respond.c:705:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpfp = fopen(headname,"w"); /* open header file */
data/trn4-4.0-test77/respond.c:760:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hbuf[5*LBUFLEN];
data/trn4-4.0-test77/respond.c:774:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpfp = fopen(headname,"w"); /* open header file */
data/trn4-4.0-test77/respond.c:833:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "Content-Type: text/plain\n");
data/trn4-4.0-test77/respond.c:871:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hbuf[5*LBUFLEN];
data/trn4-4.0-test77/respond.c:885:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpfp = fopen(headname,"w");
data/trn4-4.0-test77/respond.c:983:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[80];
data/trn4-4.0-test77/rt-mt.c:70:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filexp(DBINIT), FOPEN_RB)) != NULL)
data/trn4-4.0-test77/rt-mt.c:134:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(mt_name(ngname), FOPEN_RB)) == NULL)
data/trn4-4.0-test77/rt-mt.c:218:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, ".th");
data/trn4-4.0-test77/rt-ov.c:48:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(ser_line) == NNTP_BAD_COMMAND_VAL)
data/trn4-4.0-test77/rt-ov.c:61:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
&& (tmpfp = fopen(datasrc->over_fmt, "r")) != NULL;
data/trn4-4.0-test77/rt-ov.c:198:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ser_line, "XOVER %ld-%ld", (long)first, (long)last);
data/trn4-4.0-test77/rt-ov.c:211:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((datasrc->ov_in = fopen(ov_name(ngname), "r")) == NULL)
data/trn4-4.0-test77/rt-ov.c:249:7: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
an = atol(line);
data/trn4-4.0-test77/rt-ov.c:515:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd_buf, "%ld", (long)ap->num);
data/trn4-4.0-test77/rt-ov.c:520:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd_buf, "%ld", (long)ap->date);
data/trn4-4.0-test77/rt-page.c:1259:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf+len, ", ...");
data/trn4-4.0-test77/rt-page.c:1335:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf+len, ", ...");
data/trn4-4.0-test77/rt-process.c:396:28: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
article = article_ptr(atol(s));
data/trn4-4.0-test77/rt-select.c:171:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "** %ld of %ld new articles unread ** ",
data/trn4-4.0-test77/rt-select.c:927:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg,"Range: %d-", j);
data/trn4-4.0-test77/rt-select.c:929:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg,"Range: %c-", sel_chars[j-1]);
data/trn4-4.0-test77/rt-select.c:979:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg,"Range: %d-%c", j, ch);
data/trn4-4.0-test77/rt-select.c:982:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg,"Go to number: %c", ch);
data/trn4-4.0-test77/rt-select.c:984:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg,"%c", ch);
data/trn4-4.0-test77/rt-select.c:1018:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg,"Range: %d- ", j);
data/trn4-4.0-test77/rt-select.c:1037:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "No item %c%c on this page.", ch_num1, ch);
data/trn4-4.0-test77/rt-select.c:1055:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "No item '%c' on this page.", ch);
data/trn4-4.0-test77/rt-select.c:1681:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg,"Type ? for help.");
data/trn4-4.0-test77/rt-select.c:1798:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg,"No marked articles to yank back.");
data/trn4-4.0-test77/rt-select.c:2021:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg,"Group is not threaded.");
data/trn4-4.0-test77/rt-select.c:2048:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg,"Kill memorized.");
data/trn4-4.0-test77/rt-select.c:2052:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg,"Selection memorized.");
data/trn4-4.0-test77/rt-select.c:2056:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg,"Auto-commands cleared.");
data/trn4-4.0-test77/rt-select.c:2370:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg, "No newsgroup to catchup.");
data/trn4-4.0-test77/rt-util.c:339:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lbuf[LBUFLEN];
data/trn4-4.0-test77/rt-util.c:354:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s,"NO NAME");
data/trn4-4.0-test77/rt-util.c:715:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp, "%ld ", num);
data/trn4-4.0-test77/rt-wumpus.c:61:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tree_buff[128];
data/trn4-4.0-test77/sacmd.c:88:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(buf+1);
data/trn4-4.0-test77/sacmd.c:384:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(buf+1);
data/trn4-4.0-test77/sadesc.c:38:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char char_buf[16];
data/trn4-4.0-test77/sadesc.c:49:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(char_buf,".....");
data/trn4-4.0-test77/sadesc.c:60:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(char_buf," ");
data/trn4-4.0-test77/sadesc.c:66:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(char_buf,"...");
data/trn4-4.0-test77/sadesc.c:77:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(char_buf," ");
data/trn4-4.0-test77/sadesc.c:90:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sa_subj_buf[256];
data/trn4-4.0-test77/sadesc.c:98:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sa_subj_buf,"(no subject)");
data/trn4-4.0-test77/sadesc.c:122:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char desc_buf[1024];
data/trn4-4.0-test77/sadesc.c:133:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sa_buf,"%6d ",(int)artnum);
data/trn4-4.0-test77/sadesc.c:139:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sa_buf,"[%4d] ",sc_score_art(artnum,TRUE));
data/trn4-4.0-test77/sadesc.c:144:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sa_buf,"(%3d) ",sa_subj_thread_count(e));
data/trn4-4.0-test77/sadesc.c:230:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(desc_buf,"Entry %ld: Nonimplemented Description LINE",e);
data/trn4-4.0-test77/samain.h:31:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXT char sa_buf[LBUFLEN];
data/trn4-4.0-test77/scmd.c:304:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char search_text[LBUFLEN];
data/trn4-4.0-test77/scmd.c:313:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lbuf[LBUFLEN];
data/trn4-4.0-test77/score-easy.c:19:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sc_e_newline[LBUFLEN];
data/trn4-4.0-test77/score-easy.c:128:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
score = atoi(buf+1);
data/trn4-4.0-test77/score-easy.c:132:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"%ld",score);
data/trn4-4.0-test77/score.c:232:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
filter_error_file = fopen("/tmp/score.log", "a");
data/trn4-4.0-test77/scorefile.c:47:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sf_buf[LBUFLEN];
data/trn4-4.0-test77/scorefile.c:199:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lbuf[LBUFLEN];
data/trn4-4.0-test77/scorefile.c:221:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lbuf[LBUFLEN]; /* ick. */
data/trn4-4.0-test77/scorefile.c:259:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lbuf[LBUFLEN];
data/trn4-4.0-test77/scorefile.c:302:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sf_file[LBUFLEN];
data/trn4-4.0-test77/scorefile.c:327:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(sf_file,"/SCORE");
data/trn4-4.0-test77/scorefile.c:331:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(sf_file,"global");
data/trn4-4.0-test77/scorefile.c:354:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lbuf[LBUFLEN];
data/trn4-4.0-test77/scorefile.c:382:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(s);
data/trn4-4.0-test77/scorefile.c:417:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(s);
data/trn4-4.0-test77/scorefile.c:485:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(s);
data/trn4-4.0-test77/scorefile.c:570:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
datenum = atoi(s);
data/trn4-4.0-test77/scorefile.c:631:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(s);
data/trn4-4.0-test77/scorefile.c:728:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(fname,"r");
data/trn4-4.0-test77/scorefile.c:884:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lbuf[LBUFLEN];
data/trn4-4.0-test77/scorefile.c:918:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filebuf[LBUFLEN];
data/trn4-4.0-test77/scorefile.c:967:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lbuf[LBUFLEN];
data/trn4-4.0-test77/scorefile.c:985:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lbuf+(strlen(lbuf)-1),"subject: %.900s",s);
data/trn4-4.0-test77/scorefile.c:1006:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(filebuf,"/%c/SCORE");
data/trn4-4.0-test77/scorefile.c:1008:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(filebuf,"/%C");
data/trn4-4.0-test77/scorefile.c:1015:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(filebuf,"/global");
data/trn4-4.0-test77/scorefile.c:1028:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename,"a")) != NULL) { /* open (or create) for append */
data/trn4-4.0-test77/scorefile.c:1043:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sf_getline[LBUFLEN];
data/trn4-4.0-test77/scorefile.c:1174:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((char*)sf_entries,(char*)tmp_entries,start * sizeof (SF_ENTRY));
data/trn4-4.0-test77/scorefile.c:1176:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((char*)(sf_entries+end+1), (char*)(tmp_entries+start),
data/trn4-4.0-test77/scorefile.c:1189:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filebuf[LBUFLEN]; /* clean up buffers */
data/trn4-4.0-test77/scorefile.c:1203:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(filebuf,"/%c/SCORE");
data/trn4-4.0-test77/scorefile.c:1205:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(filebuf,"/%C");
data/trn4-4.0-test77/scorefile.c:1211:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(filebuf,"/global");
data/trn4-4.0-test77/scorefile.c:1266:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[1024];
data/trn4-4.0-test77/scorefile.c:1283:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(name,"r");
data/trn4-4.0-test77/scoresave.c:36:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lbuf[LBUFLEN];
data/trn4-4.0-test77/scoresave.c:37:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lbuf2[LBUFLEN]; /* what's another buffer between... */
data/trn4-4.0-test77/scoresave.c:100:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filexp(s),"r");
data/trn4-4.0-test77/scoresave.c:129:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(lbuf,".tmp");
data/trn4-4.0-test77/scoresave.c:130:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpfp = fopen(lbuf,"w");
data/trn4-4.0-test77/scoresave.c:187:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
score = 0 - atoi(p);
data/trn4-4.0-test77/scoresave.c:207:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
score = atoi(p);
data/trn4-4.0-test77/scoresave.c:228:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
x = atoi(p);
data/trn4-4.0-test77/scoresave.c:251:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
x = atoi(p);
data/trn4-4.0-test77/scoresave.c:283:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"s%ld",(a-last)-1);
data/trn4-4.0-test77/scoresave.c:301:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"r%d",i); /* repeat >one */
data/trn4-4.0-test77/scoresave.c:313:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"%d",i);
data/trn4-4.0-test77/scoresave.c:375:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
a = atoi(s+1); /* set the article # */
data/trn4-4.0-test77/scoresave.c:449:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lbuf2,":%ld",a);
data/trn4-4.0-test77/search.c:156:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bracket[NBRA];
data/trn4-4.0-test77/strftime.c:31:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tznm[16] = "";
data/trn4-4.0-test77/strftime.c:47:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[80];
data/trn4-4.0-test77/strftime.c:76:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpbuf, "%-.3s", day_name[ts->tm_wday]);
data/trn4-4.0-test77/strftime.c:86:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpbuf, "%-.3s", mth_name[ts->tm_mon]);
data/trn4-4.0-test77/strftime.c:101:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpbuf, "%02d", ts->tm_mday);
data/trn4-4.0-test77/strftime.c:104:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpbuf, "%2d", ts->tm_mday);
data/trn4-4.0-test77/strftime.c:107:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpbuf, "%02d", ts->tm_hour);
data/trn4-4.0-test77/strftime.c:118:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpbuf, "%02d", n);
data/trn4-4.0-test77/strftime.c:122:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpbuf, "%03d", ts->tm_yday + 1);
data/trn4-4.0-test77/strftime.c:125:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpbuf, "%02d", ts->tm_mon + 1);
data/trn4-4.0-test77/strftime.c:128:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpbuf, "%02d", ts->tm_min);
data/trn4-4.0-test77/strftime.c:140:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpbuf, "%02d", ts->tm_sec);
data/trn4-4.0-test77/strftime.c:149:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpbuf, "%02d", (ts->tm_yday - ts->tm_wday + 10) / 7);
data/trn4-4.0-test77/strftime.c:152:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpbuf, "%02d", (ts->tm_yday - ((ts->tm_wday + 6) % 7)
data/trn4-4.0-test77/strftime.c:156:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpbuf, "%d", ts->tm_wday);
data/trn4-4.0-test77/strftime.c:159:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpbuf, "%02d", ts->tm_year % 100);
data/trn4-4.0-test77/strftime.c:172:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpbuf, "%d", ts->tm_year + 1900);
data/trn4-4.0-test77/strftime.c:208:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpbuf, "%%%c", ch);
data/trn4-4.0-test77/support/unipatch.c:8:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
struct Ln {struct Ln *lk; char t; char s[1];} r,*h,*ln;
data/trn4-4.0-test77/support/unipatch.c:9:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bf[2048],*cp,ch,*malloc();
data/trn4-4.0-test77/support/unipatch.c:32:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(bf," \n");
data/trn4-4.0-test77/sw.c:31:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int initfd = open(*tcbufptr,0);
data/trn4-4.0-test77/sw.c:120:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[LBUFLEN];
data/trn4-4.0-test77/sw.c:174:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug |= atoi(s);
data/trn4-4.0-test77/sw.c:176:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug &= ~atoi(s);
data/trn4-4.0-test77/sw.c:287:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[4];
data/trn4-4.0-test77/term.c:50:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tcarea[TCSIZE]; /* area for "compiled" termcap strings */
data/trn4-4.0-test77/term.c:167:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
devtty = open("/dev/tty",0);
data/trn4-4.0-test77/term.c:303:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", tc_LINES);
data/trn4-4.0-test77/term.c:305:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", tc_COLS);
data/trn4-4.0-test77/term.c:345:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[LBUFLEN]; /* copy of possibly non-writable string */
data/trn4-4.0-test77/term.c:351:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[LBUFLEN]; /* copy of possibly non-writable string */
data/trn4-4.0-test77/term.c:395:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[256]; /* should be long enough */
data/trn4-4.0-test77/term.c:405:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lbuf,"\035\110");
data/trn4-4.0-test77/term.c:413:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lbuf,"\035\120");
data/trn4-4.0-test77/term.c:421:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lbuf,"\035\113");
data/trn4-4.0-test77/term.c:429:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lbuf,"\035\115");
data/trn4-4.0-test77/term.c:445:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[1024];
data/trn4-4.0-test77/term.c:450:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
|| (tmpfp = fopen(filexp(getval("TRNMACRO",TRNMACRO)),"r")) == NULL)
data/trn4-4.0-test77/term.c:451:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpfp = fopen(filexp(getval("RNMACRO",RNMACRO)),"r");
data/trn4-4.0-test77/term.c:543:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prebuf[64];
data/trn4-4.0-test77/term.c:567:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(next,"^%c",i+64);
data/trn4-4.0-test77/term.c:569:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(next,"\\040");
data/trn4-4.0-test77/term.c:571:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(next,"^?");
data/trn4-4.0-test77/term.c:573:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(next,"%c",i);
data/trn4-4.0-test77/term.c:575:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd_buf,"+%d", (kt >> KM_GSHIFT) & KM_GMASK);
data/trn4-4.0-test77/term.c:764:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[4], *cpybuf;
data/trn4-4.0-test77/term.c:1229:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[PUSHSIZE];
data/trn4-4.0-test77/term.c:1241:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[64];
data/trn4-4.0-test77/term.c:1411:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[80], prefixes[80];
data/trn4-4.0-test77/term.c:1501:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", number_was);
data/trn4-4.0-test77/term.c:1540:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
number_was = atoi(buf);
data/trn4-4.0-test77/term.c:1567:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%c %c",ch == ERASECH || ch == KILLCH? '<' : ch, ch1);
data/trn4-4.0-test77/term.c:1897:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lines_export, "%d", tc_LINES);
data/trn4-4.0-test77/term.c:1898:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cols_export, "%d", tc_COLS);
data/trn4-4.0-test77/term.c:2021:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
wait_ttyfd = open("/dev/tty",0); /*$$ possible cron prob */
data/trn4-4.0-test77/term.c:2044:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[1]; /* for the read command */
data/trn4-4.0-test77/term.c:2518:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char gbuf[32];
data/trn4-4.0-test77/term.h:8:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXT char circlebuf[PUSHSIZE];
data/trn4-4.0-test77/tkstuff.c:80:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pending_buf[64];
data/trn4-4.0-test77/tkstuff.c:101:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pending_buf,"ttk_idlepending");
data/trn4-4.0-test77/tkstuff.c:227:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[20];
data/trn4-4.0-test77/tkstuff.c:229:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",val);
data/trn4-4.0-test77/tkstuff.c:267:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/trn4-4.0-test77/tktree.c:316:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(interp->result, "trn_article%d",ttk_article_counter++);
data/trn4-4.0-test77/tktree.c:374:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(interp->result,"%d",(int)num);
data/trn4-4.0-test77/tktree.c:392:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(interp->result,"%d",artscore);
data/trn4-4.0-test77/tktree.c:417:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(interp->result,"%d",artscore);
data/trn4-4.0-test77/tktree.c:440:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lbuf[100];
data/trn4-4.0-test77/tktree.c:450:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lbuf,"trn_draw_article_tree 0 0");
data/trn4-4.0-test77/tktree.c:470:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(interp->result, "trn_article%d",ttk_article_counter++);
data/trn4-4.0-test77/tktree.c:485:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lbuf[32]; /* long enough for integers... */
data/trn4-4.0-test77/tktree.c:514:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[20];
data/trn4-4.0-test77/tktree.c:519:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lbuf,"ttk__art0");
data/trn4-4.0-test77/trn-artchk.c:36:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nullstr[1] = "";
data/trn4-4.0-test77/trn-artchk.c:37:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ess[2] = "s";
data/trn4-4.0-test77/trn-artchk.c:49:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[LBUFLEN];
data/trn4-4.0-test77/trn-artchk.c:65:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc != 5 || !(max_col_len = atoi(argv[2]))) {
data/trn4-4.0-test77/trn-artchk.c:71:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(argv[1], "r")) == NULL) {
data/trn4-4.0-test77/trn-artchk.c:170:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nntplink.port_number = atoi(cp+1);
data/trn4-4.0-test77/trn-artchk.c:183:44: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
check_ng = st.st_size > 0 && (fp_ng = fopen(argv[3], "r")) != NULL;
data/trn4-4.0-test77/trn-artchk.c:189:52: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
check_active = st.st_size > 0 && (fp_active = fopen(argv[4], "r")) != NULL;
data/trn4-4.0-test77/trn-artchk.c:250:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_ng = fopen(argv[3], "w+");
data/trn4-4.0-test77/trn.c:527:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int rcnum = atoi(s);
data/trn4-4.0-test77/trn.c:578:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf+len, ", ...");
data/trn4-4.0-test77/trn.c:838:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(msg,"both NNTP and local news access.\n");
data/trn4-4.0-test77/trn.c:840:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(msg,"NNTP (plus individual local access).\n");
data/trn4-4.0-test77/trn.c:843:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(msg,"local news access.\n");
data/trn4-4.0-test77/trn.c:850:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg,"News source group #%d:\n\n", multirc->num);
data/trn4-4.0-test77/trn.c:863:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg,"Copy of remote active file");
data/trn4-4.0-test77/trn.c:869:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg,"Dynamic active file");
data/trn4-4.0-test77/trn.c:876:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(msg,".\n");
data/trn4-4.0-test77/trn.c:886:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg,"Dynamic group desc. file");
data/trn4-4.0-test77/trn.c:888:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg,"Copy of remote group desc. file");
data/trn4-4.0-test77/trn.c:900:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(msg,".\n");
data/trn4-4.0-test77/univ.c:341:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lbuf[1024];
data/trn4-4.0-test77/univ.c:548:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lbuf[LBUFLEN];
data/trn4-4.0-test77/univ.c:590:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filexp(open_name),"r");
data/trn4-4.0-test77/univ.c:661:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
a = (ART_NUM)atoi(s);
data/trn4-4.0-test77/univ.c:678:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
univ_min_score = atoi(q);
data/trn4-4.0-test77/univ.c:766:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lbuf[1024];
data/trn4-4.0-test77/univ.c:784:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lbuf[1024];
data/trn4-4.0-test77/univ.c:927:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(s,"r");
data/trn4-4.0-test77/univ.c:935:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(s,"w");
data/trn4-4.0-test77/univ.c:1023:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[70];
data/trn4-4.0-test77/univ.c:1227:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dbuf[200];
data/trn4-4.0-test77/univ.c:1228:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sbuf[200];
data/trn4-4.0-test77/univ.c:1229:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fbuf[200];
data/trn4-4.0-test77/univ.c:1234:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fbuf,"<No Author> ");
data/trn4-4.0-test77/univ.c:1239:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sbuf,"<No Subject>");
data/trn4-4.0-test77/url.c:39:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char url_buf[1030];
data/trn4-4.0-test77/url.c:41:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char url_type[256];
data/trn4-4.0-test77/url.c:42:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char url_host[256];
data/trn4-4.0-test77/url.c:44:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char url_path[1024];
data/trn4-4.0-test77/url.c:70:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_out = fopen(outname,"w");
data/trn4-4.0-test77/url.c:101:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cmdline[1024];
data/trn4-4.0-test77/url.c:102:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char path[512]; /* use to make writable copy */
data/trn4-4.0-test77/url.c:104:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char username[128];
data/trn4-4.0-test77/url.c:105:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char userhost[128];
data/trn4-4.0-test77/url.c:216:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
url_port = atoi(url_buf);
data/trn4-4.0-test77/util.c:118:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d.%d.%d",(int)fileno(nntplink.rd_fp),
data/trn4-4.0-test77/util.c:128:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d.%d",(int)fileno(nntplink.rd_fp),
data/trn4-4.0-test77/util.c:139:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(nntp_auth_file, O_WRONLY|O_CREAT, 0600)) >= 0) {
data/trn4-4.0-test77/util.c:151:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,";%d",nntplink.port_number);
data/trn4-4.0-test77/util.c:192:16: [2] (race) vfork:
On some old systems, vfork() permits race conditions, and it's very
difficult to use correctly (CWE-362). Use fork() instead.
if ((pid = vfork()) == 0) {
data/trn4-4.0-test77/util.c:213:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dup(open("/dev/null",1));
data/trn4-4.0-test77/util.c:472:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[1024];
data/trn4-4.0-test77/util.c:484:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmpbuf,"mkdir");
data/trn4-4.0-test77/util.c:671:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
item = atol(s);
data/trn4-4.0-test77/util.c:736:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[CBUFLEN];
data/trn4-4.0-test77/util.c:1020:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num = atoi(cond) - atoi(buf);
data/trn4-4.0-test77/util.c:1020:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num = atoi(cond) - atoi(buf);
data/trn4-4.0-test77/util2.c:83:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filename[CBUFLEN];
data/trn4-4.0-test77/util2.c:84:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scrbuf[CBUFLEN];
data/trn4-4.0-test77/util2.c:152:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* pfp = fopen(filexp(PASSFILE),"r");
data/trn4-4.0-test77/util2.c:153:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[512];
data/trn4-4.0-test77/util2.c:339:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/trn4-4.0-test77/util2.c:341:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(file,"r")) != NULL) {
data/trn4-4.0-test77/uudecode.c:41:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmppart = atoi(s);
data/trn4-4.0-test77/uudecode.c:63:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmptotal = atoi(s);
data/trn4-4.0-test77/uudecode.c:90:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmppart = atoi(s);
data/trn4-4.0-test77/uudecode.c:94:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmptotal = atoi(s);
data/trn4-4.0-test77/uudecode.c:111:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmppart = atoi(s);
data/trn4-4.0-test77/uudecode.c:116:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmptotal = atoi(s);
data/trn4-4.0-test77/uudecode.c:128:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmppart = atoi(s);
data/trn4-4.0-test77/uudecode.c:132:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmptotal = atoi(++s);
data/trn4-4.0-test77/uudecode.c:163:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmppart = atoi(bp+8);
data/trn4-4.0-test77/uudecode.c:169:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmptotal = atoi(bp+14);
data/trn4-4.0-test77/uudecode.c:184:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lastline[UULENGTH+1];
data/trn4-4.0-test77/uudecode.c:222:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofp = fopen(filename, FOPEN_WB);
data/trn4-4.0-test77/wildmat.c:142:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[80];
data/trn4-4.0-test77/wildmat.c:143:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[80];
data/trn4-4.0-test77/addng.c:159:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ser_line);
data/trn4-4.0-test77/addng.c:254:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned namelen = strlen(name);
data/trn4-4.0-test77/addng.c:291:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
node = (ADDGROUP*)safemalloc(strlen(name) + sizeof (ADDGROUP));
data/trn4-4.0-test77/addng.c:335:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "*");
data/trn4-4.0-test77/addng.c:341:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (buf[strlen(buf)-2] == '$')
data/trn4-4.0-test77/addng.c:342:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf)-2] = '\0';
data/trn4-4.0-test77/addng.c:344:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (nntp_list("active", buf, strlen(buf)) == 1) {
data/trn4-4.0-test77/addng.c:403:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(actline,"\n");
data/trn4-4.0-test77/art.c:185:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(art_line+strlen(art_line)," (%ld + %ld more)",
data/trn4-4.0-test77/art.c:191:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(art_line+strlen(art_line),
data/trn4-4.0-test77/art.c:195:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(art_line+strlen(art_line)-1,
data/trn4-4.0-test77/art.c:297:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(art_line,bufptr,6);
data/trn4-4.0-test77/art.c:315:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int length = strlen(bufptr+1);
data/trn4-4.0-test77/art.c:594:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(cmd_buf,"?");
data/trn4-4.0-test77/art.c:603:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outpos = term_col + strlen(buf);
data/trn4-4.0-test77/artio.c:241:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(bp+o, "\n");
data/trn4-4.0-test77/artio.c:244:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(bp+o) + read_offset;
data/trn4-4.0-test77/artio.c:250:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(bp + len++ + extra_offset, "\n");
data/trn4-4.0-test77/artio.c:257:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(bp+o, "\n");
data/trn4-4.0-test77/artio.c:280:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(bp + len++ + extra_offset, "\n");
data/trn4-4.0-test77/artio.c:291:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(bp + len++ + extra_offset, "\n");
data/trn4-4.0-test77/artio.c:308:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(bp + len++, "\n");
data/trn4-4.0-test77/artio.c:377:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(multipart_separator) + 1;
data/trn4-4.0-test77/artio.c:395:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(bp);
data/trn4-4.0-test77/artio.c:402:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(bp);
data/trn4-4.0-test77/artio.c:418:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(bp);
data/trn4-4.0-test77/artsrch.c:173:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
h = pattern + strlen(pattern);
data/trn4-4.0-test77/artsrch.c:388:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf+9,fetchsubj(artnum,FALSE),256);
data/trn4-4.0-test77/artsrch.c:396:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf+6,fetchfrom(artnum,FALSE),256);
data/trn4-4.0-test77/backpage.c:60:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(varyfd,(char*)varybuf,sizeof(varybuf));
data/trn4-4.0-test77/backpage.c:99:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(varyfd,(char*)varybuf,sizeof(varybuf));
data/trn4-4.0-test77/bits.c:66:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(s);
data/trn4-4.0-test77/bits.c:200:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s);
data/trn4-4.0-test77/bits.c:223:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s); /* keeping house */
data/trn4-4.0-test77/bits.c:231:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s); /* and housekeep */
data/trn4-4.0-test77/bits.c:826:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lhs.dsize = strlen(lhs.dptr) + 1;
data/trn4-4.0-test77/cache.c:223:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)strlen(sp->str+4) >= join_subject_len && sp->thread) {
data/trn4-4.0-test77/cache.c:354:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hashdelete(subj_hash, sp->str+4, strlen(sp->str+4));
data/trn4-4.0-test77/cache.c:484:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hashdelete(subj_hash, ap->subj->str+4, strlen(ap->subj->str+4));
data/trn4-4.0-test77/cache.c:613:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
decode_header(s, s, strlen(s));
data/trn4-4.0-test77/cache.c:701:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
h = pattern + strlen(pattern);
data/trn4-4.0-test77/charsubst.c:176:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(inb);
data/trn4-4.0-test77/color.c:258:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(str);
data/trn4-4.0-test77/datasrc.c:121:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd,filebuf,(int)filestat.st_size);
data/trn4-4.0-test77/datasrc.c:264:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* cp = safemalloc(strlen(dp->newsid)+6+1);
data/trn4-4.0-test77/datasrc.c:611:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
grouplen = strlen(groupname);
data/trn4-4.0-test77/datasrc.c:642:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
grouplen = strlen(groupname);
data/trn4-4.0-test77/datasrc.c:662:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "\n");
data/trn4-4.0-test77/datasrc.c:786:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf,"\n");
data/trn4-4.0-test77/decode.c:45:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
decode_filename = safemalloc(strlen(s) + 2);
data/trn4-4.0-test77/decode.c:77:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(filename);
data/trn4-4.0-test77/decode.c:141:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = s + strlen(s);
data/trn4-4.0-test77/decode.c:175:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = filename + strlen(filename) + 1;
data/trn4-4.0-test77/decode.c:273:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(buf+strlen(buf), "of %d ", total);
data/trn4-4.0-test77/decode.c:437:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = dir + strlen(dir);
data/trn4-4.0-test77/decode.c:454:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = dir + strlen(dir) - 1;
data/trn4-4.0-test77/env.c:151:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c = buf + strlen(buf); /* in the middle of the night */
data/trn4-4.0-test77/env.c:172:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf)-1] = '\0';
data/trn4-4.0-test77/env.c:212:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmpbuf[strlen(tmpbuf)-1] = '\0'; /* wipe out newline */
data/trn4-4.0-test77/env.c:228:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tmpbuf,".");
data/trn4-4.0-test77/env.c:232:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
phostname = tmpbuf + strlen(tmpbuf) - 1;
data/trn4-4.0-test77/env.c:251:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmpbuf, ".");
data/trn4-4.0-test77/env.c:293:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int namlen = strlen(nam);
data/trn4-4.0-test77/env.c:319:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
environ[i] = safemalloc((MEM_SIZE)(namlen + strlen(val) + 2));
data/trn4-4.0-test77/filter.c:158:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* s = buf + strlen(buf) - 1;
data/trn4-4.0-test77/head.c:123:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* end = s + strlen(s);
data/trn4-4.0-test77/head.c:150:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = bp + strlen(bp);
data/trn4-4.0-test77/head.c:281:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int reflen = strlen(references) + 1;
data/trn4-4.0-test77/head.c:282:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
growstr(&references, &reflen, reflen + strlen(inreply) + 1);
data/trn4-4.0-test77/head.c:344:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(bp,"."); /*$$*/
data/trn4-4.0-test77/head.c:352:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(bp);
data/trn4-4.0-test77/head.c:362:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(bp);
data/trn4-4.0-test77/head.c:534:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
set_subj_line(ap, t, strlen(t));
data/trn4-4.0-test77/head.c:556:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = saferealloc(s, (MEM_SIZE)strlen(s)+1);
data/trn4-4.0-test77/inews.c:105:6: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
i = getc(stdin);
data/trn4-4.0-test77/inews.c:120:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(cp);
data/trn4-4.0-test77/inews.c:203:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = headbuf + strlen(headbuf);
data/trn4-4.0-test77/inews.c:309:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = ser_line + strlen(ser_line) - 1;
data/trn4-4.0-test77/intrp.c:72:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tildenews, "~");
data/trn4-4.0-test77/intrp.c:99:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hostname = phostname+strlen(phostname)-1;
data/trn4-4.0-test77/intrp.c:287:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s);
data/trn4-4.0-test77/intrp.c:382:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pattern += strlen(pattern);
data/trn4-4.0-test77/intrp.c:444:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(scrbuf);
data/trn4-4.0-test77/intrp.c:650:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = scrbuf+strlen(scrbuf)-1;
data/trn4-4.0-test77/intrp.c:696:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(refs_buf)+1;
data/trn4-4.0-test77/intrp.c:716:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = refs_buf? strlen(refs_buf) : 0;
data/trn4-4.0-test77/intrp.c:717:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(artid_buf) + (i? 1 : 0)
data/trn4-4.0-test77/intrp.c:769:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(phostname);
data/trn4-4.0-test77/intrp.c:868:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(tmpbuf)+strlen(s3)+1)*sizeof(char));
data/trn4-4.0-test77/intrp.c:868:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(tmpbuf)+strlen(s3)+1)*sizeof(char));
data/trn4-4.0-test77/intrp.c:933:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(s);
data/trn4-4.0-test77/intrp.c:949:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
decode_header(s, s, strlen(s));
data/trn4-4.0-test77/intrp.c:1049:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)strlen(orig_dest) > 79)
data/trn4-4.0-test77/kfile.c:80:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data = hashfetch(msgid_hash,buf,strlen(buf));
data/trn4-4.0-test77/kfile.c:138:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*(cp = buf + strlen(buf) - 1) == '\n')
data/trn4-4.0-test77/kfile.c:142:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(ngptr->rc->name);
data/trn4-4.0-test77/kfile.c:438:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(ngptr->rc->name);
data/trn4-4.0-test77/kfile.c:777:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(tmpfp);
data/trn4-4.0-test77/last.c:35:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf)-1] = '\0';
data/trn4-4.0-test77/mempool.c:113:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/trn4-4.0-test77/mime.c:75:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linelen += strlen(s);
data/trn4-4.0-test77/mime.c:192:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = (s? s - pat : strlen(pat));
data/trn4-4.0-test77/mime.c:211:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t += strlen(t);
data/trn4-4.0-test77/mime.c:216:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t += strlen(t);
data/trn4-4.0-test77/mime.c:231:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t += strlen(t);
data/trn4-4.0-test77/mime.c:408:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mp->boundary_len = (short)strlen(t);
data/trn4-4.0-test77/mime.c:503:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (pos = 0; ; pos += strlen(line+pos)) {
data/trn4-4.0-test77/mime.c:504:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = pos + (next_line? strlen(next_line) : 0) + LBUFLEN;
data/trn4-4.0-test77/mime.c:655:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t += strlen(t);
data/trn4-4.0-test77/mime.c:672:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int param_len = strlen(param);
data/trn4-4.0-test77/mime.c:676:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s) + 1;
data/trn4-4.0-test77/mime.c:786:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len, flen = strlen(fn);
data/trn4-4.0-test77/mime.c:790:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
data/trn4-4.0-test77/mime.c:1058:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return fgetc(fp);
data/trn4-4.0-test77/mime.c:1423:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t += strlen(t);
data/trn4-4.0-test77/mime.c:1621:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(attr);
data/trn4-4.0-test77/ndir.c:70:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
dirp->dd_size = read(dirp->dd_fd, dirp->dd_buf,
data/trn4-4.0-test77/ndir.c:84:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dir.d_name, dp->od_name, ODIRSIZ);
data/trn4-4.0-test77/ndir.c:86:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dir.d_namlen = strlen(dir.d_name);
data/trn4-4.0-test77/ng.c:294:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "+");
data/trn4-4.0-test77/ng.c:459:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
draw_mousebar(tc_COLS - (term_line == tc_LINES-1? strlen(buf)+5 : 0), 1);
data/trn4-4.0-test77/ng.c:463:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
term_col = strlen(buf) + 1;
data/trn4-4.0-test77/ng.c:1809:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(tmpbuf);
data/trn4-4.0-test77/ngdata.c:377:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(tmpbuf);
data/trn4-4.0-test77/ngstuff.c:292:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(cmdstr);
data/trn4-4.0-test77/ngstuff.c:607:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(cmdstr);
data/trn4-4.0-test77/ngstuff.c:732:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(cmdstr);
data/trn4-4.0-test77/nntp.c:225:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite(headbuf, 1, strlen(headbuf), artfp);
data/trn4-4.0-test77/nntp.c:260:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(s,"."); /*$$*/
data/trn4-4.0-test77/nntp.c:270:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
data/trn4-4.0-test77/nntp.c:272:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(s+len, "\n");
data/trn4-4.0-test77/nntpclient.c:222:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ser_line);
data/trn4-4.0-test77/nntpclient.c:284:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(nntplink.rd_fp);
data/trn4-4.0-test77/nntpinit.c:371:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sdn.sdn_objnamel = strlen("NNTP");
data/trn4-4.0-test77/nntplist.c:123:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(command+strlen(command)," %s",wildarg);
data/trn4-4.0-test77/opt.c:140:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int len = read(fd,filebuf,(int)filestat.st_size);
data/trn4-4.0-test77/opt.c:156:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s) + 1;
data/trn4-4.0-test77/opt.c:158:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s) + 1;
data/trn4-4.0-test77/opt.c:164:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s) + 1;
data/trn4-4.0-test77/opt.c:166:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s) + 1;
data/trn4-4.0-test77/opt.c:172:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s) + 1;
data/trn4-4.0-test77/opt.c:174:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s) + 1;
data/trn4-4.0-test77/opt.c:289:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sel_grp_dmode = safemalloc(strlen(s)+2);
data/trn4-4.0-test77/opt.c:322:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sel_art_dmode = safemalloc(strlen(s)+2);
data/trn4-4.0-test77/opt.c:637:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd_in,filebuf,(int)filestat.st_size);
data/trn4-4.0-test77/opt.c:999:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(buf+strlen(buf),",%s%s", user_htype[i].flags? nullstr : "!",
data/trn4-4.0-test77/opt.c:1013:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(buf+strlen(buf),",%s%s",
data/trn4-4.0-test77/opt.c:1068:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(s);
data/trn4-4.0-test77/opt.c:1148:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = *cpp = safemalloc(strlen(btns)+1);
data/trn4-4.0-test77/opt.c:1182:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(cp);
data/trn4-4.0-test77/opt.c:1190:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen(cp)+1;
data/trn4-4.0-test77/opt.c:1236:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr = safemalloc(strlen(val)+2+(quotes > ticks? ticks : quotes)
data/trn4-4.0-test77/popen.c:62:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp = s = safemalloc(strlen(command) + 3);
data/trn4-4.0-test77/rcln.c:166:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mbuf = safemalloc((MEM_SIZE)(strlen(s)+(s - np->rcline)+MAX_DIGITS+2+1));
data/trn4-4.0-test77/rcln.c:296:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s);
data/trn4-4.0-test77/rcln.c:392:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(nums);
data/trn4-4.0-test77/rcln.c:473:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
data/trn4-4.0-test77/rcln.c:476:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (3+len <= (int)strlen(np->rcline+np->numoffset))
data/trn4-4.0-test77/rcln.c:498:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen(numbuf) + (len != 0);
data/trn4-4.0-test77/rcstuff.c:322:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& *(s = buf + strlen(buf) - 1) == '\n') {
data/trn4-4.0-test77/rcstuff.c:617:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf)-1] = '\0';
data/trn4-4.0-test77/rcstuff.c:991:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
np->numoffset = strlen(ngn) + 1;
data/trn4-4.0-test77/rcstuff.c:994:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(np->rcline + np->numoffset, " ");
data/trn4-4.0-test77/rcstuff.c:1230:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data = hashfetch(newsrc_hash, ngnam, strlen(ngnam));
data/trn4-4.0-test77/respond.c:100:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = buf + strlen(buf)-1;
data/trn4-4.0-test77/respond.c:295:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c = (s+strlen(s));
data/trn4-4.0-test77/respond.c:1056:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
other_cnt -= strlen(word);
data/trn4-4.0-test77/rt-mt.c:210:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = strcpy(buf, datasrc->thread_dir) + strlen(datasrc->thread_dir);
data/trn4-4.0-test77/rt-mt.c:261:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_ptr += strlen(string_ptr) + 1;
data/trn4-4.0-test77/rt-mt.c:302:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(string_ptr);
data/trn4-4.0-test77/rt-mt.c:546:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(string_ptr) + 1;
data/trn4-4.0-test77/rt-mt.c:563:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen(string_ptr);
data/trn4-4.0-test77/rt-ov.c:122:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = hdr + strlen(hdr);
data/trn4-4.0-test77/rt-ov.c:409:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
set_subj_line(article, fields[OV_SUBJ], strlen(fields[OV_SUBJ]));
data/trn4-4.0-test77/rt-ov.c:474:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = buf + strlen(buf);
data/trn4-4.0-test77/rt-page.c:290:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sel_max_per_page = strlen(sel_chars);
data/trn4-4.0-test77/rt-page.c:1255:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(buf+len);
data/trn4-4.0-test77/rt-page.c:1332:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(buf+len);
data/trn4-4.0-test77/rt-page.c:1431:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(gp->name)+2;
data/trn4-4.0-test77/rt-page.c:1456:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
display_group(gp->datasrc, gp->name, strlen(gp->name), max_len);
data/trn4-4.0-test77/rt-page.c:1907:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(options_ini[op].item+1);
data/trn4-4.0-test77/rt-process.c:89:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data = hashfetch(msgid_hash, msgid, strlen(msgid));
data/trn4-4.0-test77/rt-process.c:189:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data = hashfetch(msgid_hash, msgid, strlen(msgid));
data/trn4-4.0-test77/rt-process.c:270:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = references + strlen(references) - 1;
data/trn4-4.0-test77/rt-select.c:177:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(msg+strlen(msg), "%ld article%s selected.",
data/trn4-4.0-test77/rt-select.c:820:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
term_col = strlen(msg);
data/trn4-4.0-test77/rt-select.c:834:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
term_col = strlen(cp);
data/trn4-4.0-test77/rt-select.c:1135:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
term_col = strlen(msg);
data/trn4-4.0-test77/rt-select.c:1259:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
term_col = strlen(msg);
data/trn4-4.0-test77/rt-util.c:99:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len = strlen(name)) == 0)
data/trn4-4.0-test77/rt-util.c:267:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len = strlen(name)) == 0)
data/trn4-4.0-test77/rt-util.c:352:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
data/trn4-4.0-test77/rt-util.c:371:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(t = cmd_buf, ctime(&ap->date), size);
data/trn4-4.0-test77/rt-util.c:452:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/trn4-4.0-test77/rt-util.c:717:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(cp+=strlen(cp), "%s%s ", obj_type, PLURAL(num));
data/trn4-4.0-test77/rt-util.c:718:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen(cp);
data/trn4-4.0-test77/rt-util.c:782:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(cp, ".");
data/trn4-4.0-test77/rt-wumpus.c:232:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str = tree_buff + strlen(tree_buff);
data/trn4-4.0-test77/rt-wumpus.c:301:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(orig_line);
data/trn4-4.0-test77/rt-wumpus.c:327:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(line, " ");
data/trn4-4.0-test77/sadesc.c:101:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sa_subj_buf,s,250);
data/trn4-4.0-test77/sadesc.c:159:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(desc_buf," ");
data/trn4-4.0-test77/sathread.c:66:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data = hashfetch(sa_thread_hash,s,strlen(s));
data/trn4-4.0-test77/sathread.c:71:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data = hashfetch(sa_thread_hash,p,strlen(s));
data/trn4-4.0-test77/scmd.c:318:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lbuf,s_get_desc(ent,i,FALSE),LBUFLEN);
data/trn4-4.0-test77/scmd.c:379:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(search_text,s,LBUFLEN);
data/trn4-4.0-test77/score-easy.c:48:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(sc_e_newline,"?");
data/trn4-4.0-test77/score-easy.c:133:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = sc_e_newline+strlen(sc_e_newline); /* point at terminator */
data/trn4-4.0-test77/scorefile.c:230:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(lbuf);
data/trn4-4.0-test77/scorefile.c:264:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(head);
data/trn4-4.0-test77/scorefile.c:312:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(sf_file,"/");
data/trn4-4.0-test77/scorefile.c:362:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(lbuf,"/");
data/trn4-4.0-test77/scorefile.c:608:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = line + strlen(line) - 1;
data/trn4-4.0-test77/scorefile.c:792:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((s3 = STRSTR(str,s1)) != NULL && (!s2 || STRSTR(s3+strlen(s1),s2)))
data/trn4-4.0-test77/scorefile.c:900:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(lbuf);
data/trn4-4.0-test77/scorefile.c:971:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lbuf[strlen(lbuf)-1] = '\0';
data/trn4-4.0-test77/scorefile.c:985:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(lbuf+(strlen(lbuf)-1),"subject: %.900s",s);
data/trn4-4.0-test77/scoresave.c:108:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lbuf[strlen(lbuf)-1] = '\0'; /* strip \n */
data/trn4-4.0-test77/scoresave.c:284:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = lbuf + strlen(lbuf);
data/trn4-4.0-test77/scoresave.c:302:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = lbuf + strlen(lbuf);
data/trn4-4.0-test77/scoresave.c:319:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = lbuf + strlen(lbuf);
data/trn4-4.0-test77/strftime.c:211:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(putstr);
data/trn4-4.0-test77/strftime.c:218:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str, putstr, len);
data/trn4-4.0-test77/support/unipatch.c:45:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ln = (struct Ln*)malloc(sizeof(*ln)+strlen(cp));
data/trn4-4.0-test77/sw.c:38:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int len = read(initfd,*tcbufptr,(int)filestat.st_size);
data/trn4-4.0-test77/sw.c:203:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = export(tmpbuf,nullstr) - strlen(tmpbuf) - 1;
data/trn4-4.0-test77/term.c:271:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tc_CR = safemalloc((MEM_SIZE)strlen(tc_UP)+2);
data/trn4-4.0-test77/term.c:294:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
leftcost = strlen(tc_BC);
data/trn4-4.0-test77/term.c:295:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
upcost = strlen(tc_UP);
data/trn4-4.0-test77/term.c:409:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)strlen(lbuf) > 1)
data/trn4-4.0-test77/term.c:417:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)strlen(lbuf) > 1)
data/trn4-4.0-test77/term.c:425:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)strlen(lbuf) > 1)
data/trn4-4.0-test77/term.c:433:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)strlen(lbuf) > 1)
data/trn4-4.0-test77/term.c:476:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (line[ch = strlen(line)-1] == '\n')
data/trn4-4.0-test77/term.c:561:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
register char* next = prefix + strlen(prefix);
data/trn4-4.0-test77/term.c:782:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = buf + strlen(buf);
data/trn4-4.0-test77/term.c:788:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s);
data/trn4-4.0-test77/term.c:1002:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(ttk_keys);
data/trn4-4.0-test77/term.c:1005:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(addr, ttk_keys, size); /* return the first bit */
data/trn4-4.0-test77/term.c:1021:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size = read(0,addr,size);
data/trn4-4.0-test77/term.c:1038:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Howmany = read(devtty,circlebuf+nextin,1);
data/trn4-4.0-test77/term.c:1234:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(s)-1; i >= 0; i--)
data/trn4-4.0-test77/term.c:1455:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/trn4-4.0-test77/term.c:1459:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (prefix = prefixes; *prefix; prefix += strlen(prefix)) {
data/trn4-4.0-test77/term.c:1477:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen(cp) + 1;
data/trn4-4.0-test77/term.c:1516:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = buf + strlen(buf);
data/trn4-4.0-test77/term.c:1521:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(prompt);
data/trn4-4.0-test77/term.c:1808:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmcost = strlen(str);
data/trn4-4.0-test77/term.c:2065:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nrd = read(wait_ttyfd,&lbuf,1);
data/trn4-4.0-test77/term.c:2168:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (progname[strlen(progname)-1] == 'x') {
data/trn4-4.0-test77/term.c:2232:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(s);
data/trn4-4.0-test77/term.c:2236:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(s);
data/trn4-4.0-test77/term.c:2296:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
switch (strlen(s)) {
data/trn4-4.0-test77/term.c:2309:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(t, s, 5);
data/trn4-4.0-test77/term.c:2314:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s) + 1;
data/trn4-4.0-test77/term.c:2322:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(s) + 1;
data/trn4-4.0-test77/term.c:2332:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s) + 1;
data/trn4-4.0-test77/term.c:2399:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s) + 1;
data/trn4-4.0-test77/term.c:2400:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s) + 1;
data/trn4-4.0-test77/term.c:2403:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(s);
data/trn4-4.0-test77/term.c:2444:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s) + 1;
data/trn4-4.0-test77/tkstuff.c:134:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
class = (char*)ckalloc((unsigned) (strlen(name) + 1));
data/trn4-4.0-test77/tkstuff.c:272:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len = strlen(str)) > 1020) {
data/trn4-4.0-test77/tktree.c:132:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data = hashfetch(msgid_hash, argv[2], strlen(argv[2]));
data/trn4-4.0-test77/trn-artchk.c:79:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buff[strlen(buff)-1] = '\0';
data/trn4-4.0-test77/trn-artchk.c:107:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp2 = cp + strlen(cp);
data/trn4-4.0-test77/trn-artchk.c:111:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nglens[ngcnt] = strlen(cp);
data/trn4-4.0-test77/trn-artchk.c:133:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
col = strlen(buff)-1;
data/trn4-4.0-test77/trn.c:574:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(buf+len);
data/trn4-4.0-test77/trn.c:873:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(msg+strlen(msg),
data/trn4-4.0-test77/trn.c:896:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(msg+strlen(msg),
data/trn4-4.0-test77/trn.c:930:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ngname_len = strlen(what);
data/trn4-4.0-test77/trn.c:947:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
growstr(&myngdir,&ngdirlen,strlen(ngnam)+1);
data/trn4-4.0-test77/univ.c:268:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data = hashfetch(univ_ng_hash,grpname,strlen(grpname));
data/trn4-4.0-test77/univ.c:351:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (p = lbuf+strlen(lbuf); p > lbuf && *p != '/'; p--) ;
data/trn4-4.0-test77/univ.c:387:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data = hashfetch(univ_vg_hash,grpname,strlen(grpname));
data/trn4-4.0-test77/univ.c:713:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = line + strlen(line)-1;
data/trn4-4.0-test77/univ.c:765:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (univ_fname && strlen(univ_fname)+strlen(s) < 1020) {
data/trn4-4.0-test77/univ.c:765:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (univ_fname && strlen(univ_fname)+strlen(s) < 1020) {
data/trn4-4.0-test77/univ.c:768:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (p = lbuf+strlen(lbuf); p > lbuf && *p != '/'; p--) ;
data/trn4-4.0-test77/univ.c:783:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) < 1020) {
data/trn4-4.0-test77/url.c:64:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write(sock, url_buf, strlen(url_buf)+1) < 0) {
data/trn4-4.0-test77/url.c:79:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((len = read(sock, url_buf, 1024)) < 0) {
data/trn4-4.0-test77/url.c:134:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(cmdline);
data/trn4-4.0-test77/util.c:140:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(fd, datasrc->auth_user, strlen(datasrc->auth_user));
data/trn4-4.0-test77/util.c:143:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(fd, datasrc->auth_pass, strlen(datasrc->auth_pass));
data/trn4-4.0-test77/util.c:150:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(nntpserver_export);
data/trn4-4.0-test77/util.c:152:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len + (int)strlen(buf) < 511)
data/trn4-4.0-test77/util.c:184:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf)-1] = '\0';
data/trn4-4.0-test77/util.c:443:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp,buffer,buffer_length/2);
data/trn4-4.0-test77/util.c:448:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((nextch = getc(fp)) == EOF) {
data/trn4-4.0-test77/util.c:506:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tbptr += strlen(tbptr); /* make it, sort of */
data/trn4-4.0-test77/util.c:604:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
register int len = strlen(s2);
data/trn4-4.0-test77/util.c:715:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s);
data/trn4-4.0-test77/util.c:721:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s);
data/trn4-4.0-test77/util.c:725:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s);
data/trn4-4.0-test77/util.c:809:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("Read %d bytes from %s\n",strlen(cp),filename);
data/trn4-4.0-test77/util.c:938:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen(cp) + 1;
data/trn4-4.0-test77/util.c:939:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen(cp) + 1;
data/trn4-4.0-test77/util.c:942:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen(cp) + 1;
data/trn4-4.0-test77/util.c:944:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen(cp) + 1;
data/trn4-4.0-test77/util.c:984:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = s + strlen(s) + 1;
data/trn4-4.0-test77/util.c:1006:14: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
int not, equal, upordown, num;
data/trn4-4.0-test77/util.c:1009:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = buf + strlen(buf);
data/trn4-4.0-test77/util.c:1021:9: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (!((equal && !num) || (upordown * num < 0)) ^ not)
data/trn4-4.0-test77/util.c:1024:14: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
else if (equal) {
data/trn4-4.0-test77/util.c:1034:9: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return equal;
data/trn4-4.0-test77/util2.c:31:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
register char* newaddr = safemalloc((MEM_SIZE)(strlen(str)+1));
data/trn4-4.0-test77/util2.c:345:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* cp = buf + strlen(buf) - 1;
data/trn4-4.0-test77/util3.c:92:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(dotdir);
data/trn4-4.0-test77/uudecode.c:149:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| (bp[0] == 'M' && strlen(bp) == UULENGTH))) {
data/trn4-4.0-test77/uudecode.c:230:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*buf != 'M' || strlen(buf) != line_length) {
data/trn4-4.0-test77/uudecode.c:238:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line_length = strlen(buf);
data/trn4-4.0-test77/uudecode.c:242:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*buf == 'M' && strlen(buf) == line_length) {
data/trn4-4.0-test77/uudecode.c:246:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)strlen(buf) > line_length) {
data/trn4-4.0-test77/uudecode.c:305:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (c = strlen(line) - 1; c <= len; c++)
ANALYSIS SUMMARY:
Hits = 1308
Lines analyzed = 56011 in approximately 1.42 seconds (39444 lines/second)
Physical Source Lines of Code (SLOC) = 47620
Hits@level = [0] 732 [1] 316 [2] 589 [3] 44 [4] 353 [5] 6
Hits@level+ = [0+] 2040 [1+] 1308 [2+] 992 [3+] 403 [4+] 359 [5+] 6
Hits/KSLOC@level+ = [0+] 42.8391 [1+] 27.4675 [2+] 20.8316 [3+] 8.46283 [4+] 7.53885 [5+] 0.125997
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.