Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/uucpsend-1.1/log.c
Examining data/uucpsend-1.1/log.h
Examining data/uucpsend-1.1/paths.h
Examining data/uucpsend-1.1/uucpsend.c
FINAL RESULTS:
data/uucpsend-1.1/log.c:63:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(logfile, format, argp);
data/uucpsend-1.1/log.c:70:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, argp);
data/uucpsend-1.1/uucpsend.c:65:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "%s", what);
data/uucpsend-1.1/uucpsend.c:67:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "%s/LOCK.%s", _PATH_LOCKS, what);
data/uucpsend-1.1/uucpsend.c:93:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "%s", what);
data/uucpsend-1.1/uucpsend.c:95:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "%s/LOCK.%s", _PATH_LOCKS, what);
data/uucpsend-1.1/uucpsend.c:125:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(arg_sites, argv[optind++]);
data/uucpsend-1.1/uucpsend.c:126:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(arg_sites, "%s%c", arg_sites, DELIMITER);
data/uucpsend-1.1/uucpsend.c:190:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpsite->name, field);
data/uucpsend-1.1/uucpsend.c:224:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpsite->header, field);
data/uucpsend-1.1/uucpsend.c:238:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpsite->compressor, field);
data/uucpsend-1.1/uucpsend.c:246:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpsite->uuxargs, cp);
data/uucpsend-1.1/uucpsend.c:321:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpsite->name, name);
data/uucpsend-1.1/uucpsend.c:329:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpsite->header, site->header);
data/uucpsend-1.1/uucpsend.c:335:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpsite->compressor, site->compressor);
data/uucpsend-1.1/uucpsend.c:341:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpsite->uuxargs, site->uuxargs);
data/uucpsend-1.1/uucpsend.c:373:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempo2, "%s", cp2);
data/uucpsend-1.1/uucpsend.c:378:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keep, "%s%c%s", tempo1, DELIMITER, tempo2);
data/uucpsend-1.1/uucpsend.c:380:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keep, "%s", tempo1);
data/uucpsend-1.1/uucpsend.c:384:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keep, "%s", tempo2);
data/uucpsend-1.1/uucpsend.c:459:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s -P %s ", PATH_DF, PATH_UUSPOOL);
data/uucpsend-1.1/uucpsend.c:460:14: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
pcmd = popen(cmd, "r");
data/uucpsend-1.1/uucpsend.c:476:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(batchfile, "%s/%s.uucp", _PATH_BATCHDIR, site->name);
data/uucpsend-1.1/uucpsend.c:477:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(batchtmp, "%s/%s.work", _PATH_BATCHDIR, site->name);
data/uucpsend-1.1/uucpsend.c:479:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s %s >> %s; %s -f %s", PATH_CAT, batchtmp, batchfile, PATH_RM, batchtmp);
data/uucpsend-1.1/uucpsend.c:480:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ret = system(cmd);
data/uucpsend-1.1/uucpsend.c:482:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s -s -t30 flush %s", PATH_CTLINND, site->name);
data/uucpsend-1.1/uucpsend.c:483:18: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((ret = system (cmd))) {
data/uucpsend-1.1/uucpsend.c:486:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s -f %s", PATH_RM, batchfile);
data/uucpsend-1.1/uucpsend.c:487:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ret = system(cmd);
data/uucpsend-1.1/uucpsend.c:493:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s %s/%s %s; %s -s -t30 flush %s", PATH_MV, _PATH_BATCHDIR, site->name, batchtmp, PATH_CTLINND, site->name);
data/uucpsend-1.1/uucpsend.c:494:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ret = system(cmd);
data/uucpsend-1.1/uucpsend.c:496:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s %s >> %s", PATH_CAT, batchfile, batchtmp);
data/uucpsend-1.1/uucpsend.c:497:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ret = system(cmd);
data/uucpsend-1.1/uucpsend.c:499:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s %s | %s > %s; %s -f %s", PATH_CAT, batchtmp, PATH_SORT, batchfile, PATH_RM, batchtmp);
data/uucpsend-1.1/uucpsend.c:500:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ret = system(cmd);
data/uucpsend-1.1/uucpsend.c:504:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s -f %s", PATH_RM, batchfile);
data/uucpsend-1.1/uucpsend.c:505:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ret = system(cmd);
data/uucpsend-1.1/uucpsend.c:529:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s -s %s/%s ", PATH_DU, PATH_UUSPOOL, site->name);
data/uucpsend-1.1/uucpsend.c:530:14: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
pcmd = popen(cmd, "r");
data/uucpsend-1.1/uucpsend.c:547:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(uuxcmd, "( echo \\\"#! %s\\\" ; %s ) | %s %s %s %s!rnews",
data/uucpsend-1.1/uucpsend.c:556:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s/batcher -B%d -b%d -p \"%s\" %s %s",
data/uucpsend-1.1/uucpsend.c:558:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ret = system(cmd);
data/uucpsend-1.1/uucpsend.c:561:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s -f %s;", PATH_RM, batchfile);
data/uucpsend-1.1/uucpsend.c:562:15: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ret = system(cmd);
data/uucpsend-1.1/uucpsend.c:590:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "%s/%s", _PATH_MOST_LOGS, "uucpsend.log");
data/uucpsend-1.1/uucpsend.c:603:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "%s-%s", arg_ctlfile, arg_ctlappendix);
data/uucpsend-1.1/uucpsend.c:111:26: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while (EOF != (argch = getopt(argc, argv, "f:c:"))) {
data/uucpsend-1.1/log.c:35:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logfile = fopen(name,"a");
data/uucpsend-1.1/uucpsend.c:51:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arg_ctlfile[255] = PATH_UUCPCTL;
data/uucpsend-1.1/uucpsend.c:52:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arg_ctlappendix[255] = "";
data/uucpsend-1.1/uucpsend.c:53:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arg_sites[1024] = "";
data/uucpsend-1.1/uucpsend.c:60:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[255];
data/uucpsend-1.1/uucpsend.c:74:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(lock = fopen(path, "w"))) {
data/uucpsend-1.1/uucpsend.c:89:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[255];
data/uucpsend-1.1/uucpsend.c:142:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[LINELENGTH], field[LINELENGTH];
data/uucpsend-1.1/uucpsend.c:147:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ctlfile = fopen(fname, "r")) == NULL) {
data/uucpsend-1.1/uucpsend.c:200:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmpsite->maxsize = atoi(field);
data/uucpsend-1.1/uucpsend.c:210:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmpsite->queuesize = atoi(field);
data/uucpsend-1.1/uucpsend.c:351:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempo1[1024], tempo2[1024];
data/uucpsend-1.1/uucpsend.c:400:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char site[20];
data/uucpsend-1.1/uucpsend.c:441:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char batchfile[255];
data/uucpsend-1.1/uucpsend.c:442:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char batchtmp[255];
data/uucpsend-1.1/uucpsend.c:443:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/uucpsend-1.1/uucpsend.c:444:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuxcmd[1024];
data/uucpsend-1.1/uucpsend.c:445:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/uucpsend-1.1/uucpsend.c:584:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[255];
data/uucpsend-1.1/uucpsend.c:116:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (arg_ctlfile, optarg, sizeof (arg_ctlfile));
data/uucpsend-1.1/uucpsend.c:119:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (arg_ctlappendix, optarg, sizeof (arg_ctlappendix));
data/uucpsend-1.1/uucpsend.c:128:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
arg_sites[strlen(arg_sites)-1] = '\0';
data/uucpsend-1.1/uucpsend.c:156:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (line[strlen(line)-1] == '\n')
data/uucpsend-1.1/uucpsend.c:157:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[strlen(line)-1] = '\0';
data/uucpsend-1.1/uucpsend.c:164:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (cp2 = line + strlen(line)-1; cp2 >= line && (*cp2 == ' ' || *cp2 == '\t'); cp2--)
data/uucpsend-1.1/uucpsend.c:169:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(line))
data/uucpsend-1.1/uucpsend.c:184:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(field, cp, (int)cp2 - (int)cp);
data/uucpsend-1.1/uucpsend.c:186:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((tmpsite->name = (char *)malloc(strlen(field)+1)) == NULL) {
data/uucpsend-1.1/uucpsend.c:191:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen(field) +1;
data/uucpsend-1.1/uucpsend.c:198:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(field, cp, (int)cp2 - (int)cp);
data/uucpsend-1.1/uucpsend.c:201:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen(field) +1;
data/uucpsend-1.1/uucpsend.c:208:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(field, cp, (int)cp2 - (int)cp);
data/uucpsend-1.1/uucpsend.c:211:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen(field) +1;
data/uucpsend-1.1/uucpsend.c:218:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(field, cp, (int)cp2 - (int)cp);
data/uucpsend-1.1/uucpsend.c:220:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((tmpsite->header = (char *)malloc(strlen(field)+1)) == NULL) {
data/uucpsend-1.1/uucpsend.c:225:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen(field) +1;
data/uucpsend-1.1/uucpsend.c:232:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(field, cp, (int)cp2 - (int)cp);
data/uucpsend-1.1/uucpsend.c:234:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((tmpsite->compressor = (char *)malloc(strlen(field)+1)) == NULL) {
data/uucpsend-1.1/uucpsend.c:239:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen(field) +1;
data/uucpsend-1.1/uucpsend.c:242:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((tmpsite->uuxargs = (char *)malloc(strlen(cp)+1)) == NULL) {
data/uucpsend-1.1/uucpsend.c:317:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((tmpsite->name = (char *)malloc(strlen(name)+1)) == NULL) {
data/uucpsend-1.1/uucpsend.c:325:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((tmpsite->header = (char *)malloc(strlen(site->header)+1)) == NULL) {
data/uucpsend-1.1/uucpsend.c:331:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((tmpsite->compressor = (char *)malloc(strlen(site->compressor)+1)) == NULL) {
data/uucpsend-1.1/uucpsend.c:337:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((tmpsite->uuxargs = (char *)malloc(strlen(site->uuxargs)+1)) == NULL) {
data/uucpsend-1.1/uucpsend.c:363:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tempo1, keep, (int)cp2 - (int)cp1);
data/uucpsend-1.1/uucpsend.c:368:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (tempo1[strlen(tempo1)-1] == DELIMITER) tempo1[strlen(tempo1)-1] = '\0';
data/uucpsend-1.1/uucpsend.c:368:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (tempo1[strlen(tempo1)-1] == DELIMITER) tempo1[strlen(tempo1)-1] = '\0';
data/uucpsend-1.1/uucpsend.c:371:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp2 += strlen(site);
data/uucpsend-1.1/uucpsend.c:376:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tempo1) > 0) {
data/uucpsend-1.1/uucpsend.c:377:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tempo2) > 0)
data/uucpsend-1.1/uucpsend.c:383:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tempo2) > 0)
data/uucpsend-1.1/uucpsend.c:417:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(keep) > 0) {
data/uucpsend-1.1/uucpsend.c:420:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(site, keep, (int)cp - (int)cp2);
data/uucpsend-1.1/uucpsend.c:598:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(arg_ctlappendix) > 0) {
data/uucpsend-1.1/uucpsend.c:599:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(arg_sites) == 0) {
data/uucpsend-1.1/uucpsend.c:608:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(arg_sites) > 0) {
ANALYSIS SUMMARY:
Hits = 104
Lines analyzed = 784 in approximately 0.04 seconds (21350 lines/second)
Physical Source Lines of Code (SLOC) = 521
Hits@level = [0] 23 [1] 37 [2] 19 [3] 1 [4] 47 [5] 0
Hits@level+ = [0+] 127 [1+] 104 [2+] 67 [3+] 48 [4+] 47 [5+] 0
Hits/KSLOC@level+ = [0+] 243.762 [1+] 199.616 [2+] 128.599 [3+] 92.1305 [4+] 90.2111 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.