COMMAND : rats -w 3 Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/intl/explodename.c Total lines analyzed: 137 Total time 0.000175 seconds 782857 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Total lines analyzed: 0 Total time 0.000018 seconds 0 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/intl/l10nflist.c /tmp/bogosec.temp_target.4OYGRp/src/intl/l10nflist.c:80: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/intl/l10nflist.c:108: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/intl/l10nflist.c:194: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/intl/l10nflist.c:196: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/intl/l10nflist.c:198: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/intl/l10nflist.c:200: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/intl/l10nflist.c:202: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/intl/l10nflist.c:203: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/intl/l10nflist.c:312: Low: strlen This function does not properly handle non-NULL terminated strings. This does not result in exploitable code, but can lead to access violations. /tmp/bogosec.temp_target.4OYGRp/src/intl/l10nflist.c:212: Low: memcpy Double check that your buffer is as big as you specify. When using functions that accept a number n of bytes to copy, such as strncpy, be aware that if the dest buffer size = n it may not NULL-terminate the string. Total lines analyzed: 384 Total time 0.000371 seconds 1035040 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/crypt/md5.c /tmp/bogosec.temp_target.4OYGRp/src/crypt/md5.c:147: High: fixed size local buffer Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks. /tmp/bogosec.temp_target.4OYGRp/src/crypt/md5.c:67: Low: fixed size global buffer Extra care should be taken to ensure that character arrays that are allocated with a static size are used safely. This appears to be a global allocation and is less dangerous than a similar one on the stack. Extra caution is still advised, however. /tmp/bogosec.temp_target.4OYGRp/src/crypt/md5.c:123: Low: memcpy /tmp/bogosec.temp_target.4OYGRp/src/crypt/md5.c:228: Low: memcpy /tmp/bogosec.temp_target.4OYGRp/src/crypt/md5.c:237: Low: memcpy /tmp/bogosec.temp_target.4OYGRp/src/crypt/md5.c:259: Low: memcpy /tmp/bogosec.temp_target.4OYGRp/src/crypt/md5.c:277: Low: memcpy /tmp/bogosec.temp_target.4OYGRp/src/crypt/md5.c:283: Low: memcpy Double check that your buffer is as big as you specify. When using functions that accept a number n of bytes to copy, such as strncpy, be aware that if the dest buffer size = n it may not NULL-terminate the string. Total lines analyzed: 459 Total time 0.000479 seconds 958246 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Total lines analyzed: 0 Total time 0.000017 seconds 0 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/nl_langinfo_l.c Total lines analyzed: 21 Total time 0.000068 seconds 308823 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/C-messages.c Total lines analyzed: 43 Total time 0.000109 seconds 394495 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/C-name.c Total lines analyzed: 45 Total time 0.000095 seconds 473684 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/nl_langinfo.c Total lines analyzed: 91 Total time 0.000139 seconds 654676 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/lc-time.c Total lines analyzed: 23 Total time 0.000078 seconds 294871 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/duplocale.c /tmp/bogosec.temp_target.4OYGRp/src/locale/duplocale.c:47: Low: strlen This function does not properly handle non-NULL terminated strings. This does not result in exploitable code, but can lead to access violations. Total lines analyzed: 87 Total time 0.000175 seconds 497142 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/C-address.c Total lines analyzed: 51 Total time 0.000111 seconds 459459 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/C-time.c Total lines analyzed: 148 Total time 0.000246 seconds 601626 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/lc-identification.c Total lines analyzed: 23 Total time 0.000075 seconds 306666 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/lc-paper.c Total lines analyzed: 23 Total time 0.000078 seconds 294871 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Total lines analyzed: 0 Total time 0.000021 seconds 0 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/C_name.c Total lines analyzed: 12 Total time 0.000070 seconds 171428 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Total lines analyzed: 0 Total time 0.000018 seconds 0 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/lc-address.c Total lines analyzed: 23 Total time 0.000075 seconds 306666 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Total lines analyzed: 0 Total time 0.000020 seconds 0 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Total lines analyzed: 0 Total time 0.000019 seconds 0 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/C-collate.c Total lines analyzed: 150 Total time 0.000215 seconds 697674 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/C-numeric.c Total lines analyzed: 41 Total time 0.000104 seconds 394230 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/lc-messages.c Total lines analyzed: 23 Total time 0.000092 seconds 250000 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/localename.c Total lines analyzed: 28 Total time 0.000094 seconds 297872 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/freelocale.c Total lines analyzed: 56 Total time 0.000108 seconds 518518 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/C-telephone.c Total lines analyzed: 43 Total time 0.000112 seconds 383928 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/lc-ctype.c Total lines analyzed: 112 Total time 0.000207 seconds 541062 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/C-identification.c Total lines analyzed: 58 Total time 0.000129 seconds 449612 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/lc-collate.c Total lines analyzed: 25 Total time 0.000071 seconds 352112 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Total lines analyzed: 0 Total time 0.000016 seconds 0 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/lc-numeric.c Total lines analyzed: 23 Total time 0.000078 seconds 294871 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/xlocale.c Total lines analyzed: 56 Total time 0.000122 seconds 459016 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/coll-lookup.c Total lines analyzed: 82 Total time 0.000162 seconds 506172 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Total lines analyzed: 0 Total time 0.000018 seconds 0 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/findlocale.c /tmp/bogosec.temp_target.4OYGRp/src/locale/findlocale.c:81: High: getenv /tmp/bogosec.temp_target.4OYGRp/src/locale/findlocale.c:83: High: getenv /tmp/bogosec.temp_target.4OYGRp/src/locale/findlocale.c:85: High: getenv Environment variables are highly untrustable input. They may be of any length, and contain any data. Do not make any assumptions regarding content or length. If at all possible avoid using them, and if it is necessary, sanitize them and truncate them to a reasonable length. /tmp/bogosec.temp_target.4OYGRp/src/locale/findlocale.c:225: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/findlocale.c:228: Low: strlen This function does not properly handle non-NULL terminated strings. This does not result in exploitable code, but can lead to access violations. Total lines analyzed: 294 Total time 0.000355 seconds 828169 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Total lines analyzed: 0 Total time 0.000023 seconds 0 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Total lines analyzed: 0 Total time 0.000017 seconds 0 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-measurement.c /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-measurement.c:146: Low: strlen This function does not properly handle non-NULL terminated strings. This does not result in exploitable code, but can lead to access violations. Total lines analyzed: 256 Total time 0.000304 seconds 842105 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Total lines analyzed: 0 Total time 0.000018 seconds 0 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-messages.c /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-messages.c:133: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-messages.c:167: High: fixed size local buffer Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-messages.c:203: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-messages.c:208: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-messages.c:213: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-messages.c:218: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-messages.c:223: Low: strlen This function does not properly handle non-NULL terminated strings. This does not result in exploitable code, but can lead to access violations. Total lines analyzed: 349 Total time 0.000412 seconds 847087 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Total lines analyzed: 0 Total time 0.000017 seconds 0 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locale-spec.c Total lines analyzed: 127 Total time 0.000184 seconds 690217 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:77: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:237: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:238: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:412: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:806: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:990: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:1164: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:1222: High: fixed size local buffer Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:242: High: strcpy /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:416: High: strcpy Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:1121: High: printf Check to be sure that the non-constant format string passed as argument 1 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:463: Medium: random Standard random number generators should not be used to generate randomness used for security reasons. For security sensitive randomness a crytographic randomness generator that provides sufficient entropy should be used. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:489: Medium: read Check buffer boundaries if calling this function in a loop and make sure you are not in danger of writing past the allocated space. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:77: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:236: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:411: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:588: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:589: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:606: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:659: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:957: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:1112: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:1164: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:1222: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:1320: Low: strlen This function does not properly handle non-NULL terminated strings. This does not result in exploitable code, but can lead to access violations. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:241: Low: memcpy /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:415: Low: memcpy /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:617: Low: memcpy /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:718: Low: memcpy /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:837: Low: memcpy /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:854: Low: memcpy Double check that your buffer is as big as you specify. When using functions that accept a number n of bytes to copy, such as strncpy, be aware that if the dest buffer size = n it may not NULL-terminate the string. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:115: Low: unlink /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:122: Low: unlink /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:131: Low: unlink /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:144: Low: unlink /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:158: Low: unlink /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:164: Low: unlink /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:301: Low: unlink /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:308: Low: unlink /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:317: Low: unlink /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:325: Low: unlink /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:382: Low: unlink /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:391: Low: unlink A potential race condition vulnerability exists here. Normally a call to this function is vulnerable only when a match check precedes it. No check was detected, however one could still exist that could not be detected. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:138: Low: link A potential race condition vulnerability exists here. Normally a call to this function is vulnerable only when a match check precedes it. No check was detected, however one could still exist that could not be detected. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:388: Low: rename A potential race condition vulnerability exists here. Normally a call to this function is vulnerable only when a match check precedes it. No check was detected, however one could still exist that could not be detected. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:975: Low: fopen A potential race condition vulnerability exists here. Normally a call to this function is vulnerable only when a match check precedes it. No check was detected, however one could still exist that could not be detected. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:1137: Low: opendir A potential race condition vulnerability exists here. Normally a call to this function is vulnerable only when a match check precedes it. No check was detected, however one could still exist that could not be detected. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locarchive.c:1281: Low: basename A potential race condition vulnerability exists here. Normally a call to this function is vulnerable only when a match check precedes it. No check was detected, however one could still exist that could not be detected. Total lines analyzed: 1523 Total time 0.001579 seconds 964534 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Total lines analyzed: 0 Total time 0.000018 seconds 0 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/xstrdup.c /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/xstrdup.c:36: Low: strlen This function does not properly handle non-NULL terminated strings. This does not result in exploitable code, but can lead to access violations. Total lines analyzed: 38 Total time 0.000104 seconds 365384 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Total lines analyzed: 0 Total time 0.000158 seconds 0 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-address.c /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-address.c:38: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-address.c:39: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-address.c:52: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-address.c:53: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-address.c:54: High: fixed size local buffer Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-address.c:537: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-address.c:542: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-address.c:547: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-address.c:552: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-address.c:557: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-address.c:562: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-address.c:579: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-address.c:584: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-address.c:589: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-address.c:594: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-address.c:599: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-address.c:604: Low: strlen This function does not properly handle non-NULL terminated strings. This does not result in exploitable code, but can lead to access violations. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-address.c:112: Low: fopen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-address.c:193: Low: fopen A potential race condition vulnerability exists here. Normally a call to this function is vulnerable only when a match check precedes it. No check was detected, however one could still exist that could not be detected. Total lines analyzed: 788 Total time 0.000834 seconds 944844 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/linereader.c /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/linereader.c:720: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/linereader.c:784: High: fixed size local buffer Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/linereader.c:733: Low: snprintf /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/linereader.c:786: Low: snprintf Double check that your buffer is as big as you specify. When using functions that accept a number n of bytes to copy, such as strncpy, be aware that if the dest buffer size = n it may not NULL-terminate the string. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/linereader.c:749: Low: strlen This function does not properly handle non-NULL terminated strings. This does not result in exploitable code, but can lead to access violations. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/linereader.c:57: Low: fopen A potential race condition vulnerability exists here. Normally a call to this function is vulnerable only when a match check precedes it. No check was detected, however one could still exist that could not be detected. Total lines analyzed: 893 Total time 0.000751 seconds 1189081 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/charmap.c /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/charmap.c:105: High: getenv Environment variables are highly untrustable input. They may be of any length, and contain any data. Do not make any assumptions regarding content or length. If at all possible avoid using them, and if it is necessary, sanitize them and truncate them to a reasonable length. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/charmap.c:109: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/charmap.c:110: High: fixed size local buffer Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/charmap.c:258: High: fprintf Check to be sure that the non-constant format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/charmap.c:72: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/charmap.c:74: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/charmap.c:108: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/charmap.c:866: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/charmap.c:877: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/charmap.c:943: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/charmap.c:988: Low: strlen This function does not properly handle non-NULL terminated strings. This does not result in exploitable code, but can lead to access violations. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/charmap.c:112: Low: memcpy /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/charmap.c:903: Low: memcpy /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/charmap.c:949: Low: memcpy /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/charmap.c:1043: Low: memcpy Double check that your buffer is as big as you specify. When using functions that accept a number n of bytes to copy, such as strncpy, be aware that if the dest buffer size = n it may not NULL-terminate the string. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/charmap.c:202: Low: basename A potential race condition vulnerability exists here. Normally a call to this function is vulnerable only when a match check precedes it. No check was detected, however one could still exist that could not be detected. Total lines analyzed: 1105 Total time 0.001080 seconds 1023148 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Total lines analyzed: 0 Total time 0.000017 seconds 0 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/simple-hash.c Total lines analyzed: 326 Total time 0.000311 seconds 1048231 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Total lines analyzed: 0 Total time 0.000017 seconds 0 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Total lines analyzed: 0 Total time 0.000021 seconds 0 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:54: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:57: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:60: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:63: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:66: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:88: High: fixed size local buffer Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:236: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:553: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:562: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:571: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:580: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:589: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:594: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:599: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:604: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:609: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:617: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:623: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:629: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:638: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:644: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:650: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:881: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:887: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:900: Low: strlen This function does not properly handle non-NULL terminated strings. This does not result in exploitable code, but can lead to access violations. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:240: Low: memcpy Double check that your buffer is as big as you specify. When using functions that accept a number n of bytes to copy, such as strncpy, be aware that if the dest buffer size = n it may not NULL-terminate the string. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:726: Low: wcslen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:736: Low: wcslen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:746: Low: wcslen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:756: Low: wcslen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:766: Low: wcslen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:772: Low: wcslen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:779: Low: wcslen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:786: Low: wcslen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:793: Low: wcslen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:800: Low: wcslen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:807: Low: wcslen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:818: Low: wcslen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:825: Low: wcslen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:832: Low: wcslen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-time.c:893: Low: wcslen This function does not properly handle non-NULL terminated strings. This does not result in exploitable code, but can lead to access violations. Total lines analyzed: 1220 Total time 0.001411 seconds 864635 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:139: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:162: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:361: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:520: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:536: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:633: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:904: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:1254: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:1753: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:1832: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:1957: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:2191: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:2557: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:3383: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:3398: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:3742: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:3756: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:3781: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:4369: High: fixed size local buffer Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:1876: High: sprintf Check to be sure that the non-constant format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:1876: High: sprintf Check to be sure that the format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle. Additionally, the format string could contain `%s' without precision that could result in a buffer overflow. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:4237: High: fprintf /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:4306: High: fprintf /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:4441: High: fprintf Check to be sure that the non-constant format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:522: Low: snprintf /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:538: Low: snprintf /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:1755: Low: snprintf /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:1959: Low: snprintf /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:1963: Low: snprintf /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:2193: Low: snprintf Double check that your buffer is as big as you specify. When using functions that accept a number n of bytes to copy, such as strncpy, be aware that if the dest buffer size = n it may not NULL-terminate the string. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:642: Low: memcpy /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:2135: Low: memcpy /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:2154: Low: memcpy /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:2807: Low: memcpy /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:4018: Low: memcpy /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:4042: Low: memcpy /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:4378: Low: memcpy Double check that your buffer is as big as you specify. When using functions that accept a number n of bytes to copy, such as strncpy, be aware that if the dest buffer size = n it may not NULL-terminate the string. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:659: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:757: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:1011: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:1029: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:1047: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:1363: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:1381: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:1399: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:1770: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:1807: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:1841: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:1989: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:2108: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:2306: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:3841: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:4396: Low: strlen This function does not properly handle non-NULL terminated strings. This does not result in exploitable code, but can lead to access violations. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:1165: Low: wcslen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:1176: Low: wcslen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:1518: Low: wcslen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:1529: Low: wcslen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:2408: Low: wcslen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:4530: Low: wcslen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:4534: Low: wcslen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:4558: Low: wcslen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-ctype.c:4567: Low: wcslen This function does not properly handle non-NULL terminated strings. This does not result in exploitable code, but can lead to access violations. Total lines analyzed: 4594 Total time 0.004676 seconds 982463 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-paper.c /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-paper.c:150: Low: strlen This function does not properly handle non-NULL terminated strings. This does not result in exploitable code, but can lead to access violations. Total lines analyzed: 258 Total time 0.000325 seconds 793846 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locale.c /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locale.c:196: High: gettext /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locale.c:198: High: gettext /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locale.c:211: High: gettext /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locale.c:227: High: gettext /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locale.c:278: High: gettext /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locale.c:283: High: gettext /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locale.c:503: High: gettext Environment variables are highly untrustable input. They may be of any length, and contain any data. Do not make any assumptions regarding content or length. If at all possible avoid using them, and if it is necessary, sanitize them and truncate them to a reasonable length. gettext() can utilize the LC_ALL or LC_MESSAGES environment variables. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locale.c:278: High: fprintf /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locale.c:283: High: fprintf Check to be sure that the non-constant format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locale.c:312: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locale.c:403: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locale.c:436: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locale.c:510: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locale.c:528: High: fixed size local buffer Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locale.c:684: High: printf Check to be sure that the non-constant format string passed as argument 1 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locale.c:757: High: getenv /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locale.c:758: High: getenv /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locale.c:759: High: getenv /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locale.c:765: High: getenv /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locale.c:777: High: getenv Environment variables are highly untrustable input. They may be of any length, and contain any data. Do not make any assumptions regarding content or length. If at all possible avoid using them, and if it is necessary, sanitize them and truncate them to a reasonable length. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locale.c:312: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locale.c:436: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locale.c:510: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locale.c:870: Low: strlen This function does not properly handle non-NULL terminated strings. This does not result in exploitable code, but can lead to access violations. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locale.c:431: Low: scandir A potential race condition vulnerability exists here. Normally a call to this function is vulnerable only when a match check precedes it. No check was detected, however one could still exist that could not be detected. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locale.c:513: Low: fopen A potential race condition vulnerability exists here. Normally a call to this function is vulnerable only when a match check precedes it. No check was detected, however one could still exist that could not be detected. Total lines analyzed: 938 Total time 0.000852 seconds 1100938 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/charmap-dir.c /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/charmap-dir.c:61: High: gettext Environment variables are highly untrustable input. They may be of any length, and contain any data. Do not make any assumptions regarding content or length. If at all possible avoid using them, and if it is necessary, sanitize them and truncate them to a reasonable length. gettext() can utilize the LC_ALL or LC_MESSAGES environment variables. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/charmap-dir.c:181: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/charmap-dir.c:268: High: fixed size local buffer Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/charmap-dir.c:69: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/charmap-dir.c:107: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/charmap-dir.c:216: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/charmap-dir.c:218: Low: strlen This function does not properly handle non-NULL terminated strings. This does not result in exploitable code, but can lead to access violations. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/charmap-dir.c:72: Low: memcpy /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/charmap-dir.c:233: Low: memcpy /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/charmap-dir.c:238: Low: memcpy Double check that your buffer is as big as you specify. When using functions that accept a number n of bytes to copy, such as strncpy, be aware that if the dest buffer size = n it may not NULL-terminate the string. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/charmap-dir.c:248: Low: fixed size global buffer Extra care should be taken to ensure that character arrays that are allocated with a static size are used safely. This appears to be a global allocation and is less dangerous than a similar one on the stack. Extra caution is still advised, however. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/charmap-dir.c:279: Low: fgets /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/charmap-dir.c:286: Low: fgets Double check that your buffer is as big as you specify. When using functions that accept a number n of bytes to copy, such as strncpy, be aware that if the dest buffer size = n it may not NULL-terminate the string. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/charmap-dir.c:58: Low: opendir A potential race condition vulnerability exists here. Normally a call to this function is vulnerable only when a match check precedes it. No check was detected, however one could still exist that could not be detected. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/charmap-dir.c:130: Low: stat A potential TOCTOU (Time Of Check, Time Of Use) vulnerability exists. This is the first line where a check has occured. No matching uses were detected. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/charmap-dir.c:171: Low: open A potential race condition vulnerability exists here. Normally a call to this function is vulnerable only when a match check precedes it. No check was detected, however one could still exist that could not be detected. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/charmap-dir.c:229: Low: fopen A potential race condition vulnerability exists here. Normally a call to this function is vulnerable only when a match check precedes it. No check was detected, however one could still exist that could not be detected. Total lines analyzed: 314 Total time 0.000489 seconds 642126 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-identification.c /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-identification.c:52: High: fixed size local buffer Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-identification.c:56: Low: fixed size global buffer Extra care should be taken to ensure that character arrays that are allocated with a static size are used safely. This appears to be a global allocation and is less dangerous than a similar one on the stack. Extra caution is still advised, however. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-identification.c:207: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-identification.c:212: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-identification.c:217: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-identification.c:222: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-identification.c:227: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-identification.c:232: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-identification.c:237: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-identification.c:242: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-identification.c:247: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-identification.c:252: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-identification.c:257: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-identification.c:262: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-identification.c:267: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-identification.c:272: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-identification.c:282: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-identification.c:289: Low: strlen This function does not properly handle non-NULL terminated strings. This does not result in exploitable code, but can lead to access violations. Total lines analyzed: 472 Total time 0.000565 seconds 835398 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locfile.c /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locfile.c:62: High: getenv Environment variables are highly untrustable input. They may be of any length, and contain any data. Do not make any assumptions regarding content or length. If at all possible avoid using them, and if it is necessary, sanitize them and truncate them to a reasonable length. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locfile.c:66: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locfile.c:67: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locfile.c:91: High: fixed size local buffer Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locfile.c:407: High: strcpy /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locfile.c:687: High: strcpy Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locfile.c:578: High: sprintf Check to be sure that the format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle. Additionally, the format string could contain `%s' without precision that could result in a buffer overflow. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locfile.c:470: Medium: read Check buffer boundaries if calling this function in a loop and make sure you are not in danger of writing past the allocated space. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locfile.c:584: Medium: stat A potential TOCTOU (Time Of Check, Time Of Use) vulnerability exists. This is the first line where a check has occured. The following line(s) contain uses that may match up with this check: 586 (mkdir), 604 (unlink), 605 (creat), 615 (unlink), 616 (creat) /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locfile.c:689: Medium: lstat A potential TOCTOU (Time Of Check, Time Of Use) vulnerability exists. This is the first line where a check has occured. The following line(s) contain uses that may match up with this check: 738 (link) /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locfile.c:65: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locfile.c:67: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locfile.c:91: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locfile.c:363: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locfile.c:404: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locfile.c:417: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locfile.c:572: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locfile.c:572: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locfile.c:666: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locfile.c:680: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locfile.c:685: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locfile.c:734: Low: strlen This function does not properly handle non-NULL terminated strings. This does not result in exploitable code, but can lead to access violations. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locfile.c:70: Low: memcpy /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locfile.c:158: Low: memcpy /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locfile.c:365: Low: memcpy /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locfile.c:405: Low: memcpy /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locfile.c:686: Low: memcpy Double check that your buffer is as big as you specify. When using functions that accept a number n of bytes to copy, such as strncpy, be aware that if the dest buffer size = n it may not NULL-terminate the string. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locfile.c:380: Low: lstat A potential TOCTOU (Time Of Check, Time Of Use) vulnerability exists. This is the first line where a check has occured. No matching uses were detected. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locfile.c:409: Low: lstat A potential TOCTOU (Time Of Check, Time Of Use) vulnerability exists. This is the first line where a check has occured. No matching uses were detected. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locfile.c:384: Low: opendir A potential race condition vulnerability exists here. Normally a call to this function is vulnerable only when a match check precedes it. No check was detected, however one could still exist that could not be detected. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locfile.c:495: Low: open /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locfile.c:498: Low: open A potential race condition vulnerability exists here. Normally a call to this function is vulnerable only when a match check precedes it. No check was detected, however one could still exist that could not be detected. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locfile.c:740: Low: unlink A potential race condition vulnerability exists here. Normally a call to this function is vulnerable only when a match check precedes it. No check was detected, however one could still exist that could not be detected. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/locfile.c:741: Low: rename A potential race condition vulnerability exists here. Normally a call to this function is vulnerable only when a match check precedes it. No check was detected, however one could still exist that could not be detected. Total lines analyzed: 826 Total time 0.000821 seconds 1006090 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Total lines analyzed: 0 Total time 0.000016 seconds 0 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Total lines analyzed: 0 Total time 0.000016 seconds 0 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/xmalloc.c /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/xmalloc.c:40: Medium: realloc /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/xmalloc.c:112: Medium: realloc Don't use on memory intended to be secure, because the old structure will not be zeroed out. Total lines analyzed: 117 Total time 0.000137 seconds 854014 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Total lines analyzed: 0 Total time 0.000023 seconds 0 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-telephone.c /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-telephone.c:194: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-telephone.c:199: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-telephone.c:204: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-telephone.c:209: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-telephone.c:214: Low: strlen This function does not properly handle non-NULL terminated strings. This does not result in exploitable code, but can lead to access violations. Total lines analyzed: 330 Total time 0.000387 seconds 852713 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-monetary.c /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-monetary.c:91: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-monetary.c:291: High: fixed size local buffer Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-monetary.c:418: High: strcpy Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-monetary.c:282: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-monetary.c:415: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-monetary.c:445: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-monetary.c:450: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-monetary.c:455: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-monetary.c:460: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-monetary.c:470: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-monetary.c:475: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-monetary.c:520: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-monetary.c:555: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-monetary.c:560: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-monetary.c:677: Low: strlen This function does not properly handle non-NULL terminated strings. This does not result in exploitable code, but can lead to access violations. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-monetary.c:292: Low: strncpy Double check that your buffer is as big as you specify. When using functions that accept a number n of bytes to copy, such as strncpy, be aware that if the dest buffer size = n it may not NULL-terminate the string. Also, consider using strlcpy() instead, if it is avaialable to you. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-monetary.c:177: Low: fopen A potential race condition vulnerability exists here. Normally a call to this function is vulnerable only when a match check precedes it. No check was detected, however one could still exist that could not be detected. Total lines analyzed: 1021 Total time 0.001161 seconds 879414 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/repertoire.c /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/repertoire.c:78: High: getenv Environment variables are highly untrustable input. They may be of any length, and contain any data. Do not make any assumptions regarding content or length. If at all possible avoid using them, and if it is necessary, sanitize them and truncate them to a reasonable length. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/repertoire.c:82: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/repertoire.c:83: High: fixed size local buffer Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/repertoire.c:81: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/repertoire.c:83: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/repertoire.c:108: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/repertoire.c:399: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/repertoire.c:413: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/repertoire.c:414: Low: strlen This function does not properly handle non-NULL terminated strings. This does not result in exploitable code, but can lead to access violations. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/repertoire.c:86: Low: memcpy Double check that your buffer is as big as you specify. When using functions that accept a number n of bytes to copy, such as strncpy, be aware that if the dest buffer size = n it may not NULL-terminate the string. Total lines analyzed: 525 Total time 0.000512 seconds 1025390 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/localedef.c /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/localedef.c:196: High: getenv Environment variables are highly untrustable input. They may be of any length, and contain any data. Do not make any assumptions regarding content or length. If at all possible avoid using them, and if it is necessary, sanitize them and truncate them to a reasonable length. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/localedef.c:218: High: fprintf /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/localedef.c:410: High: fprintf /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/localedef.c:415: High: fprintf Check to be sure that the non-constant format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/localedef.c:389: High: gettext /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/localedef.c:394: High: gettext /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/localedef.c:410: High: gettext /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/localedef.c:415: High: gettext Environment variables are highly untrustable input. They may be of any length, and contain any data. Do not make any assumptions regarding content or length. If at all possible avoid using them, and if it is necessary, sanitize them and truncate them to a reasonable length. gettext() can utilize the LC_ALL or LC_MESSAGES environment variables. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/localedef.c:484: Low: strlen This function does not properly handle non-NULL terminated strings. This does not result in exploitable code, but can lead to access violations. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/localedef.c:500: Low: mkdir A potential race condition vulnerability exists here. Normally a call to this function is vulnerable only when a match check precedes it. No check was detected, however one could still exist that could not be detected. Total lines analyzed: 669 Total time 0.000620 seconds 1079032 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-collate.c /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-collate.c:264: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-collate.c:745: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-collate.c:1118: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-collate.c:1119: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-collate.c:1311: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-collate.c:1968: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-collate.c:2787: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-collate.c:3419: High: fixed size local buffer Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-collate.c:1358: High: sprintf /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-collate.c:3077: High: sprintf Check to be sure that the non-constant format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-collate.c:1358: High: sprintf /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-collate.c:3077: High: sprintf Check to be sure that the format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle. Additionally, the format string could contain `%s' without precision that could result in a buffer overflow. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-collate.c:350: Low: wcslen This function does not properly handle non-NULL terminated strings. This does not result in exploitable code, but can lead to access violations. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-collate.c:757: Low: snprintf /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-collate.c:817: Low: snprintf /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-collate.c:3629: Low: snprintf Double check that your buffer is as big as you specify. When using functions that accept a number n of bytes to copy, such as strncpy, be aware that if the dest buffer size = n it may not NULL-terminate the string. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-collate.c:853: Low: memcpy /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-collate.c:864: Low: memcpy /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-collate.c:1150: Low: memcpy /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-collate.c:1164: Low: memcpy /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-collate.c:1347: Low: memcpy /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-collate.c:3217: Low: memcpy /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-collate.c:3935: Low: memcpy Double check that your buffer is as big as you specify. When using functions that accept a number n of bytes to copy, such as strncpy, be aware that if the dest buffer size = n it may not NULL-terminate the string. /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-collate.c:1193: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-collate.c:1309: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-collate.c:1310: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-collate.c:2581: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-collate.c:2680: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-collate.c:3559: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-collate.c:3777: Low: strlen This function does not properly handle non-NULL terminated strings. This does not result in exploitable code, but can lead to access violations. Total lines analyzed: 4151 Total time 0.003749 seconds 1107228 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-numeric.c /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-numeric.c:152: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-numeric.c:157: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-numeric.c:184: Low: strlen This function does not properly handle non-NULL terminated strings. This does not result in exploitable code, but can lead to access violations. Total lines analyzed: 392 Total time 0.000518 seconds 756756 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-name.c /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-name.c:176: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-name.c:181: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-name.c:186: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-name.c:191: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-name.c:196: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-name.c:201: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/programs/ld-name.c:206: Low: strlen This function does not properly handle non-NULL terminated strings. This does not result in exploitable code, but can lead to access violations. Total lines analyzed: 324 Total time 0.000370 seconds 875675 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Total lines analyzed: 0 Total time 0.000018 seconds 0 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Total lines analyzed: 0 Total time 0.000019 seconds 0 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/lc-telephone.c Total lines analyzed: 23 Total time 0.000069 seconds 333333 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Total lines analyzed: 0 Total time 0.000018 seconds 0 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/C-paper.c Total lines analyzed: 41 Total time 0.000098 seconds 418367 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/mb_cur_max.c Total lines analyzed: 34 Total time 0.000087 seconds 390804 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/loadlocale.c /tmp/bogosec.temp_target.4OYGRp/src/locale/loadlocale.c:196: Low: strlen This function does not properly handle non-NULL terminated strings. This does not result in exploitable code, but can lead to access violations. Total lines analyzed: 309 Total time 0.000331 seconds 933534 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/C-monetary.c Total lines analyzed: 88 Total time 0.000153 seconds 575163 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/localeconv.c Total lines analyzed: 76 Total time 0.000174 seconds 436781 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/C-measurement.c Total lines analyzed: 40 Total time 0.000104 seconds 384615 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/SYS_libc.c Total lines analyzed: 8 Total time 0.000062 seconds 129032 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/lc-monetary.c Total lines analyzed: 23 Total time 0.000073 seconds 315068 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Total lines analyzed: 0 Total time 0.000017 seconds 0 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/broken_cur_max.c Total lines analyzed: 52 Total time 0.000112 seconds 464285 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/loadarchive.c /tmp/bogosec.temp_target.4OYGRp/src/locale/loadarchive.c:182: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/loadarchive.c:183: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/loadarchive.c:271: Low: strlen This function does not properly handle non-NULL terminated strings. This does not result in exploitable code, but can lead to access violations. /tmp/bogosec.temp_target.4OYGRp/src/locale/loadarchive.c:185: Low: memcpy Double check that your buffer is as big as you specify. When using functions that accept a number n of bytes to copy, such as strncpy, be aware that if the dest buffer size = n it may not NULL-terminate the string. Total lines analyzed: 543 Total time 0.000582 seconds 932989 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Total lines analyzed: 0 Total time 0.000017 seconds 0 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Total lines analyzed: 0 Total time 0.000018 seconds 0 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/global-locale.c Total lines analyzed: 76 Total time 0.000237 seconds 320675 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/lc-measurement.c Total lines analyzed: 23 Total time 0.000069 seconds 333333 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Total lines analyzed: 0 Total time 0.000018 seconds 0 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/C-ctype.c /tmp/bogosec.temp_target.4OYGRp/src/locale/C-ctype.c:33: Low: fixed size global buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/C-ctype.c:99: Low: fixed size global buffer Extra care should be taken to ensure that character arrays that are allocated with a static size are used safely. This appears to be a global allocation and is less dangerous than a similar one on the stack. Extra caution is still advised, however. Total lines analyzed: 688 Total time 0.000689 seconds 998548 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/setlocale.c /tmp/bogosec.temp_target.4OYGRp/src/locale/setlocale.c:240: High: getenv Environment variables are highly untrustable input. They may be of any length, and contain any data. Do not make any assumptions regarding content or length. If at all possible avoid using them, and if it is necessary, sanitize them and truncate them to a reasonable length. /tmp/bogosec.temp_target.4OYGRp/src/locale/setlocale.c:258: High: fixed size local buffer /tmp/bogosec.temp_target.4OYGRp/src/locale/setlocale.c:383: High: fixed size local buffer Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks. /tmp/bogosec.temp_target.4OYGRp/src/locale/setlocale.c:132: Low: fixed size global buffer Extra care should be taken to ensure that character arrays that are allocated with a static size are used safely. This appears to be a global allocation and is less dangerous than a similar one on the stack. Extra caution is still advised, however. /tmp/bogosec.temp_target.4OYGRp/src/locale/setlocale.c:147: Low: strlen This function does not properly handle non-NULL terminated strings. This does not result in exploitable code, but can lead to access violations. /tmp/bogosec.temp_target.4OYGRp/src/locale/setlocale.c:162: Low: memcpy Double check that your buffer is as big as you specify. When using functions that accept a number n of bytes to copy, such as strncpy, be aware that if the dest buffer size = n it may not NULL-terminate the string. Total lines analyzed: 509 Total time 0.000481 seconds 1058212 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Total lines analyzed: 0 Total time 0.000016 seconds 0 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/lc-name.c Total lines analyzed: 23 Total time 0.000076 seconds 302631 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Total lines analyzed: 0 Total time 0.000017 seconds 0 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Total lines analyzed: 0 Total time 0.000021 seconds 0 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/uselocale.c Total lines analyzed: 74 Total time 0.000136 seconds 544117 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/tst-C-locale.c Total lines analyzed: 499 Total time 0.000517 seconds 965183 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Analyzing /tmp/bogosec.temp_target.4OYGRp/src/locale/newlocale.c /tmp/bogosec.temp_target.4OYGRp/src/locale/newlocale.c:48: High: fixed size local buffer Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks. /tmp/bogosec.temp_target.4OYGRp/src/locale/newlocale.c:107: High: getenv Environment variables are highly untrustable input. They may be of any length, and contain any data. Do not make any assumptions regarding content or length. If at all possible avoid using them, and if it is necessary, sanitize them and truncate them to a reasonable length. /tmp/bogosec.temp_target.4OYGRp/src/locale/newlocale.c:190: Low: strlen /tmp/bogosec.temp_target.4OYGRp/src/locale/newlocale.c:194: Low: strlen This function does not properly handle non-NULL terminated strings. This does not result in exploitable code, but can lead to access violations. Total lines analyzed: 282 Total time 0.000331 seconds 851963 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Total lines analyzed: 0 Total time 0.000020 seconds 0 lines per second Entries in perl database: 33 Entries in python database: 62 Entries in c database: 336 Entries in php database: 55 Total lines analyzed: 0 Total time 0.000015 seconds 0 lines per second