The following issues were found
database/engine/journalfile.c
8 issues
Line: 97
Column: 12
CWE codes:
134
Suggestion:
Use a constant for the format specification
void generate_journalfilepath(struct rrdengine_datafile *datafile, char *str, size_t maxlen)
{
(void) snprintf(str, maxlen, "%s/" WALFILE_PREFIX RRDENG_FILE_NUMBER_PRINT_TMPL WALFILE_EXTENSION,
datafile->ctx->dbfiles_path, datafile->tier, datafile->fileno);
}
void journalfile_init(struct rrdengine_journalfile *journalfile, struct rrdengine_datafile *datafile)
{
Reported by FlawFinder.
Line: 113
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct rrdengine_instance *ctx = datafile->ctx;
uv_fs_t req;
int ret;
char path[RRDENG_PATH_MAX];
generate_journalfilepath(datafile, path, sizeof(path));
ret = uv_fs_close(NULL, &req, journalfile->file, NULL);
if (ret < 0) {
Reported by FlawFinder.
Line: 134
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct rrdengine_instance *ctx = datafile->ctx;
uv_fs_t req;
int ret;
char path[RRDENG_PATH_MAX];
generate_journalfilepath(datafile, path, sizeof(path));
ret = uv_fs_unlink(NULL, &req, path, NULL);
if (ret < 0) {
Reported by FlawFinder.
Line: 156
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct rrdengine_instance *ctx = datafile->ctx;
uv_fs_t req;
int ret;
char path[RRDENG_PATH_MAX];
generate_journalfilepath(datafile, path, sizeof(path));
ret = uv_fs_ftruncate(NULL, &req, journalfile->file, 0, NULL);
if (ret < 0) {
Reported by FlawFinder.
Line: 197
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int ret, fd;
struct rrdeng_jf_sb *superblock;
uv_buf_t iov;
char path[RRDENG_PATH_MAX];
generate_journalfilepath(datafile, path, sizeof(path));
fd = open_file_direct_io(path, O_CREAT | O_RDWR | O_TRUNC, &file);
if (fd < 0) {
++ctx->stats.fs_errors;
Reported by FlawFinder.
Line: 467
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
uv_file file;
int ret, fd, error;
uint64_t file_size, max_id;
char path[RRDENG_PATH_MAX];
generate_journalfilepath(datafile, path, sizeof(path));
fd = open_file_direct_io(path, O_RDWR, &file);
if (fd < 0) {
++ctx->stats.fs_errors;
Reported by FlawFinder.
Line: 213
Column: 12
CWE codes:
120
if (unlikely(ret)) {
fatal("posix_memalign:%s", strerror(ret));
}
(void) strncpy(superblock->magic_number, RRDENG_JF_MAGIC, RRDENG_MAGIC_SZ);
(void) strncpy(superblock->version, RRDENG_JF_VER, RRDENG_VER_SZ);
iov = uv_buf_init((void *)superblock, sizeof(*superblock));
ret = uv_fs_write(NULL, &req, file, &iov, 1, 0, NULL);
Reported by FlawFinder.
Line: 214
Column: 12
CWE codes:
120
fatal("posix_memalign:%s", strerror(ret));
}
(void) strncpy(superblock->magic_number, RRDENG_JF_MAGIC, RRDENG_MAGIC_SZ);
(void) strncpy(superblock->version, RRDENG_JF_VER, RRDENG_VER_SZ);
iov = uv_buf_init((void *)superblock, sizeof(*superblock));
ret = uv_fs_write(NULL, &req, file, &iov, 1, 0, NULL);
if (ret < 0) {
Reported by FlawFinder.
database/engine/rrdenginelib.c
8 issues
Line: 10
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void print_page_cache_descr(struct rrdeng_page_descr *descr)
{
struct page_cache_descr *pg_cache_descr = descr->pg_cache_descr;
char uuid_str[UUID_STR_LEN];
char str[BUFSIZE + 1];
int pos = 0;
uuid_unparse_lower(*descr->id, uuid_str);
pos += snprintfz(str, BUFSIZE - pos, "page(%p) id=%s\n"
Reported by FlawFinder.
Line: 11
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct page_cache_descr *pg_cache_descr = descr->pg_cache_descr;
char uuid_str[UUID_STR_LEN];
char str[BUFSIZE + 1];
int pos = 0;
uuid_unparse_lower(*descr->id, uuid_str);
pos += snprintfz(str, BUFSIZE - pos, "page(%p) id=%s\n"
"--->len:%"PRIu32" time:%"PRIu64"->%"PRIu64" xt_offset:",
Reported by FlawFinder.
Line: 33
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void print_page_descr(struct rrdeng_page_descr *descr)
{
char uuid_str[UUID_STR_LEN];
char str[BUFSIZE + 1];
int pos = 0;
uuid_unparse_lower(*descr->id, uuid_str);
pos += snprintfz(str, BUFSIZE - pos, "id=%s\n"
Reported by FlawFinder.
Line: 34
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void print_page_descr(struct rrdeng_page_descr *descr)
{
char uuid_str[UUID_STR_LEN];
char str[BUFSIZE + 1];
int pos = 0;
uuid_unparse_lower(*descr->id, uuid_str);
pos += snprintfz(str, BUFSIZE - pos, "id=%s\n"
"--->len:%"PRIu32" time:%"PRIu64"->%"PRIu64" xt_offset:",
Reported by FlawFinder.
Line: 215
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int is_legacy_child(const char *machine_guid)
{
uuid_t uuid;
char dbengine_file[FILENAME_MAX+1];
if (unlikely(!strcmp(machine_guid, "unittest-dbengine") || !strcmp(machine_guid, "dbengine-dataset") ||
!strcmp(machine_guid, "dbengine-stress-test"))) {
return 1;
}
Reported by FlawFinder.
Line: 259
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int compute_multidb_diskspace()
{
char multidb_disk_space_file[FILENAME_MAX + 1];
FILE *fp;
int computed_multidb_disk_quota_mb = -1;
snprintfz(multidb_disk_space_file, FILENAME_MAX, "%s/dbengine_multihost_size", netdata_configured_varlib_dir);
fp = fopen(multidb_disk_space_file, "r");
Reported by FlawFinder.
Line: 264
Column: 10
CWE codes:
362
int computed_multidb_disk_quota_mb = -1;
snprintfz(multidb_disk_space_file, FILENAME_MAX, "%s/dbengine_multihost_size", netdata_configured_varlib_dir);
fp = fopen(multidb_disk_space_file, "r");
if (likely(fp)) {
int rc = fscanf(fp, "%d", &computed_multidb_disk_quota_mb);
fclose(fp);
if (unlikely(rc != 1 || computed_multidb_disk_quota_mb < RRDENG_MIN_DISK_SPACE_MB)) {
errno = 0;
Reported by FlawFinder.
Line: 281
Column: 18
CWE codes:
362
computed_multidb_disk_quota_mb = (rc + 1) * default_rrdeng_disk_quota_mb;
info("Found %d legacy dbengines, setting multidb diskspace to %dMB", rc, computed_multidb_disk_quota_mb);
fp = fopen(multidb_disk_space_file, "w");
if (likely(fp)) {
fprintf(fp, "%d", computed_multidb_disk_quota_mb);
info("Created file '%s' to store the computed value", multidb_disk_space_file);
fclose(fp);
} else
Reported by FlawFinder.
registry/registry_db.c
8 issues
Line: 115
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
error_log_limit_unlimited();
char tmp_filename[FILENAME_MAX + 1];
char old_filename[FILENAME_MAX + 1];
snprintfz(old_filename, FILENAME_MAX, "%s.old", registry.db_filename);
snprintfz(tmp_filename, FILENAME_MAX, "%s.tmp", registry.db_filename);
Reported by FlawFinder.
Line: 116
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
error_log_limit_unlimited();
char tmp_filename[FILENAME_MAX + 1];
char old_filename[FILENAME_MAX + 1];
snprintfz(old_filename, FILENAME_MAX, "%s.old", registry.db_filename);
snprintfz(tmp_filename, FILENAME_MAX, "%s.tmp", registry.db_filename);
debug(D_REGISTRY, "Registry: Creating file '%s'", tmp_filename);
Reported by FlawFinder.
Line: 122
Column: 16
CWE codes:
362
snprintfz(tmp_filename, FILENAME_MAX, "%s.tmp", registry.db_filename);
debug(D_REGISTRY, "Registry: Creating file '%s'", tmp_filename);
FILE *fp = fopen(tmp_filename, "w");
if(!fp) {
error("Registry: Cannot create file: %s", tmp_filename);
error_log_limit_reset();
return -1;
}
Reported by FlawFinder.
Line: 214
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// LOAD THE REGISTRY DATABASE
size_t registry_db_load(void) {
char *s, buf[4096 + 1];
REGISTRY_PERSON *p = NULL;
REGISTRY_MACHINE *m = NULL;
REGISTRY_URL *u = NULL;
size_t line = 0;
Reported by FlawFinder.
Line: 221
Column: 16
CWE codes:
362
size_t line = 0;
debug(D_REGISTRY, "Registry: loading active db from: '%s'", registry.db_filename);
FILE *fp = fopen(registry.db_filename, "r");
if(!fp) {
error("Registry: cannot open registry file: '%s'", registry.db_filename);
return 0;
}
Reported by FlawFinder.
Line: 301
Column: 43
CWE codes:
126
*url++ = '\0';
// u = registry_url_allocate_nolock(url, strlen(url));
u = registry_url_get(url, strlen(url));
time_t first_t = strtoul(&s[2], NULL, 16);
m = registry_machine_find(&s[32]);
if(!m) m = registry_machine_allocate(&s[32], first_t);
Reported by FlawFinder.
Line: 308
Column: 89
CWE codes:
126
m = registry_machine_find(&s[32]);
if(!m) m = registry_machine_allocate(&s[32], first_t);
REGISTRY_PERSON_URL *pu = registry_person_url_allocate(p, m, u, &s[69], strlen(&s[69]), first_t);
pu->last_t = (uint32_t)strtoul(&s[11], NULL, 16);
pu->usages = (uint32_t)strtoul(&s[20], NULL, 16);
pu->flags = (uint8_t)strtoul(&s[29], NULL, 16);
debug(D_REGISTRY, "Registry loaded person URL '%s' with name '%s' of machine '%s', first: %u, last: %u, usages: %u, flags: %02x", u->url, pu->machine_name, m->guid, pu->first_t, pu->last_t, pu->usages, pu->flags);
break;
Reported by FlawFinder.
Line: 329
Column: 46
CWE codes:
126
s[1] = s[10] = s[19] = s[28] = s[31] = '\0';
// u = registry_url_allocate_nolock(&s[32], strlen(&s[32]));
u = registry_url_get(&s[32], strlen(&s[32]));
REGISTRY_MACHINE_URL *mu = registry_machine_url_allocate(m, u, strtoul(&s[2], NULL, 16));
mu->last_t = (uint32_t)strtoul(&s[11], NULL, 16);
mu->usages = (uint32_t)strtoul(&s[20], NULL, 16);
mu->flags = (uint8_t)strtoul(&s[29], NULL, 16);
Reported by FlawFinder.
collectors/python.d.plugin/memcached/memcached.chart.py
8 issues
Line: 6
Column: 1
# Author: Pawel Krupa (paulfantom)
# SPDX-License-Identifier: GPL-3.0-or-later
from bases.FrameworkServices.SocketService import SocketService
ORDER = [
'cache',
'net',
'connections',
Reported by Pylint.
Line: 1
Column: 1
# -*- coding: utf-8 -*-
# Description: memcached netdata python.d module
# Author: Pawel Krupa (paulfantom)
# SPDX-License-Identifier: GPL-3.0-or-later
from bases.FrameworkServices.SocketService import SocketService
ORDER = [
'cache',
Reported by Pylint.
Line: 41
Column: 1
]
},
'connections': {
'options': [None, 'Connections', 'connections/s', 'connections', 'memcached.connections', 'line'],
'lines': [
['curr_connections', 'current', 'incremental'],
['rejected_connections', 'rejected', 'incremental'],
['total_connections', 'total', 'incremental']
]
Reported by Pylint.
Line: 97
Column: 1
]
},
'increment': {
'options': [None, 'Requests', 'requests', 'increment ops', 'memcached.increment', 'stacked'],
'lines': [
['incr_hits', 'hits', 'percent-of-absolute-row'],
['incr_misses', 'misses', 'percent-of-absolute-row']
]
},
Reported by Pylint.
Line: 104
Column: 1
]
},
'decrement': {
'options': [None, 'Requests', 'requests', 'decrement ops', 'memcached.decrement', 'stacked'],
'lines': [
['decr_hits', 'hits', 'percent-of-absolute-row'],
['decr_misses', 'misses', 'percent-of-absolute-row']
]
},
Reported by Pylint.
Line: 126
Column: 1
}
class Service(SocketService):
def __init__(self, configuration=None, name=None):
SocketService.__init__(self, configuration=configuration, name=name)
self.order = ORDER
self.definitions = CHARTS
self.request = 'stats\r\n'
Reported by Pylint.
Line: 126
Column: 1
}
class Service(SocketService):
def __init__(self, configuration=None, name=None):
SocketService.__init__(self, configuration=configuration, name=name)
self.order = ORDER
self.definitions = CHARTS
self.request = 'stats\r\n'
Reported by Pylint.
Line: 162
Column: 21
for line in parsed:
if line.startswith('STAT'):
try:
t = line[5:].split(' ')
data[t[0]] = t[1]
except (IndexError, ValueError):
self.debug('invalid line received: ' + str(line))
if not data:
Reported by Pylint.
collectors/ebpf.plugin/ebpf_swap.c
7 issues
Line: 6
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include "ebpf.h"
#include "ebpf_swap.h"
static char *swap_dimension_name[NETDATA_SWAP_END] = { "read", "write" };
static netdata_syscall_stat_t swap_aggregated_data[NETDATA_SWAP_END];
static netdata_publish_syscall_t swap_publish_aggregated[NETDATA_SWAP_END];
static int read_thread_closed = 1;
netdata_publish_swap_t *swap_vector = NULL;
Reported by FlawFinder.
Line: 138
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
swap_pid[current_pid] = curr;
}
memcpy(curr, publish, sizeof(netdata_publish_swap_t));
}
/**
* Read APPS table
*
Reported by FlawFinder.
Line: 259
Column: 30
CWE codes:
120
20
netdata_publish_swap_t *w = swap_pid[pid];
if (w) {
local_write += w->write;
local_read += w->read;
}
root = root->next;
}
// These conditions were added, because we are using incremental algorithm
Reported by FlawFinder.
Line: 266
Column: 39
CWE codes:
120
20
// These conditions were added, because we are using incremental algorithm
swap->write = (local_write >= swap->write) ? local_write : swap->write;
swap->read = (local_read >= swap->read) ? local_read : swap->read;
}
/**
* Send data to Netdata calling auxiliar functions.
*
Reported by FlawFinder.
Line: 266
Column: 66
CWE codes:
120
20
// These conditions were added, because we are using incremental algorithm
swap->write = (local_write >= swap->write) ? local_write : swap->write;
swap->read = (local_read >= swap->read) ? local_read : swap->read;
}
/**
* Send data to Netdata calling auxiliar functions.
*
Reported by FlawFinder.
Line: 286
Column: 64
CWE codes:
120
20
write_begin_chart(NETDATA_APPS_FAMILY, NETDATA_MEM_SWAP_READ_CHART);
for (w = root; w; w = w->next) {
if (unlikely(w->exposed && w->processes)) {
write_chart_dimension(w->name, (long long) w->swap.read);
}
}
write_end_chart();
write_begin_chart(NETDATA_APPS_FAMILY, NETDATA_MEM_SWAP_WRITE_CHART);
Reported by FlawFinder.
aclk/legacy/aclk_query.c
7 issues
Line: 498
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
int bytes_to_cpy = NETDATA_WEB_RESPONSE_ZLIB_CHUNK_SIZE - w->response.zstream.avail_out;
buffer_need_bytes(z_buffer, bytes_to_cpy);
memcpy(&z_buffer->buffer[z_buffer->len], w->response.zbuffer, bytes_to_cpy);
z_buffer->len += bytes_to_cpy;
} while(z_ret != Z_STREAM_END);
// so that web_client_build_http_header
// puts correct content length into header
buffer_free(w->response.data);
Reported by FlawFinder.
Line: 523
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#ifdef NETDATA_WITH_ZLIB
if (w->response.zinitialized) {
buffer_need_bytes(local_buffer, w->response.data->len);
memcpy(&local_buffer->buffer[local_buffer->len], w->response.data->buffer, w->response.data->len);
local_buffer->len += w->response.data->len;
sent = sent - size + w->response.data->len;
} else {
#endif
buffer_strcat(local_buffer, w->response.data->buffer);
Reported by FlawFinder.
Line: 716
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
info("Starting %d query threads.", query_threads->count);
char thread_name[TASK_LEN_MAX];
query_threads->thread_list = callocz(query_threads->count, sizeof(struct aclk_query_thread));
for (int i = 0; i < query_threads->count; i++) {
query_threads->thread_list[i].idx = i; //thread needs to know its index for statistics
if(unlikely(snprintf(thread_name, TASK_LEN_MAX, "%s_%d", ACLK_QUERY_THREAD_NAME, i) < 0))
Reported by FlawFinder.
Line: 353
Column: 9
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
w->response.data = buffer_create(NETDATA_WEB_RESPONSE_INITIAL_SIZE);
w->response.header = buffer_create(NETDATA_WEB_RESPONSE_HEADER_SIZE);
w->response.header_output = buffer_create(NETDATA_WEB_RESPONSE_HEADER_SIZE);
strcpy(w->origin, "*"); // Simulate web_client_create_on_fd()
w->cookie1[0] = 0; // Simulate web_client_create_on_fd()
w->cookie2[0] = 0; // Simulate web_client_create_on_fd()
w->acl = 0x1f;
char *mysep = strchr(this_query->query, '?');
Reported by FlawFinder.
Line: 441
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
w->response.data = buffer_create(NETDATA_WEB_RESPONSE_INITIAL_SIZE);
w->response.header = buffer_create(NETDATA_WEB_RESPONSE_HEADER_SIZE);
w->response.header_output = buffer_create(NETDATA_WEB_RESPONSE_HEADER_SIZE);
strcpy(w->origin, "*"); // Simulate web_client_create_on_fd()
w->cookie1[0] = 0; // Simulate web_client_create_on_fd()
w->cookie2[0] = 0; // Simulate web_client_create_on_fd()
w->acl = 0x1f;
char *mysep = strchr(this_query->query, '?');
Reported by FlawFinder.
Line: 465
Column: 18
CWE codes:
126
#ifdef NETDATA_WITH_ZLIB
// check if gzip encoding can and should be used
if ((start = strstr(cloud_req->data, WEB_HDR_ACCEPT_ENC))) {
start += strlen(WEB_HDR_ACCEPT_ENC);
end = strstr(start, "\x0D\x0A");
start = strstr(start, "gzip");
if (start && start < end) {
w->response.zstream.zalloc = Z_NULL;
Reported by FlawFinder.
Line: 605
Column: 29
CWE codes:
126
debug(
D_ACLK, "Query #%ld (%s) size=%zu in queue %llu ms", query_count, this_query->topic,
this_query->query ? strlen(this_query->query) : 0, (now_realtime_usec() - this_query->created)/USEC_PER_MS);
switch (this_query->cmd) {
case ACLK_CMD_ONCONNECT:
ACLK_HOST_PTR_COMPULSORY("ACLK_CMD_ONCONNECT");
#if ACLK_VERSION_MIN < ACLK_V_CHILDRENSTATE
Reported by FlawFinder.
aclk/legacy/aclk_rx_msgs.c
7 issues
Line: 30
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static inline int aclk_v2_payload_get_query(struct aclk_cloud_req_v2 *cloud_req, struct aclk_request *req)
{
const char *start, *end, *ptr, *query_type;
char uuid_str[UUID_STR_LEN];
uuid_t uuid;
errno = 0;
if(STRNCMP_CONSTANT_PREFIX(cloud_req->data, ACLK_GET_REQ)) {
Reported by FlawFinder.
Line: 18
Column: 12
CWE codes:
126
char* ptr = strstr(payload, ACLK_V2_PAYLOAD_SEPARATOR);
if(!ptr)
return 1;
ptr += strlen(ACLK_V2_PAYLOAD_SEPARATOR);
*data = strdupz(ptr);
return 0;
}
#define ACLK_GET_REQ "GET "
Reported by FlawFinder.
Line: 26
Column: 75
CWE codes:
126
#define ACLK_GET_REQ "GET "
#define ACLK_CHILD_REQ "/host/"
#define ACLK_CLOUD_REQ_V2_PREFIX "/api/v1/"
#define STRNCMP_CONSTANT_PREFIX(str, const_pref) strncmp(str, const_pref, strlen(const_pref))
static inline int aclk_v2_payload_get_query(struct aclk_cloud_req_v2 *cloud_req, struct aclk_request *req)
{
const char *start, *end, *ptr, *query_type;
char uuid_str[UUID_STR_LEN];
uuid_t uuid;
Reported by FlawFinder.
Line: 39
Column: 37
CWE codes:
126
error("Only accepting GET HTTP requests from CLOUD");
return 1;
}
start = ptr = cloud_req->data + strlen(ACLK_GET_REQ);
if(!STRNCMP_CONSTANT_PREFIX(ptr, ACLK_CHILD_REQ)) {
ptr += strlen(ACLK_CHILD_REQ);
if(strlen(ptr) < UUID_STR_LEN) {
error("the child id in URL too short \"%s\"", start);
Reported by FlawFinder.
Line: 42
Column: 16
CWE codes:
126
start = ptr = cloud_req->data + strlen(ACLK_GET_REQ);
if(!STRNCMP_CONSTANT_PREFIX(ptr, ACLK_CHILD_REQ)) {
ptr += strlen(ACLK_CHILD_REQ);
if(strlen(ptr) < UUID_STR_LEN) {
error("the child id in URL too short \"%s\"", start);
return 1;
}
Reported by FlawFinder.
Line: 43
Column: 12
CWE codes:
126
if(!STRNCMP_CONSTANT_PREFIX(ptr, ACLK_CHILD_REQ)) {
ptr += strlen(ACLK_CHILD_REQ);
if(strlen(ptr) < UUID_STR_LEN) {
error("the child id in URL too short \"%s\"", start);
return 1;
}
strncpyz(uuid_str, ptr, UUID_STR_LEN - 1);
Reported by FlawFinder.
Line: 70
Column: 12
CWE codes:
126
error("Only accepting requests that start with \"%s\" from CLOUD.", ACLK_CLOUD_REQ_V2_PREFIX);
return 1;
}
ptr += strlen(ACLK_CLOUD_REQ_V2_PREFIX);
query_type = ptr;
if(!(end = strstr(ptr, " HTTP/1.1\x0D\x0A"))) {
errno = 0;
error("Doesn't look like HTTP GET request.");
Reported by FlawFinder.
cli/cli.c
7 issues
Line: 10
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static uv_write_t write_req;
static uv_shutdown_t shutdown_req;
static char command_string[MAX_COMMAND_LENGTH];
static unsigned command_string_size;
static char response_string[MAX_COMMAND_LENGTH];
static unsigned response_string_size;
Reported by FlawFinder.
Line: 13
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static char command_string[MAX_COMMAND_LENGTH];
static unsigned command_string_size;
static char response_string[MAX_COMMAND_LENGTH];
static unsigned response_string_size;
static int exit_status;
struct command_context {
Reported by FlawFinder.
Line: 44
Column: 27
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
switch (*pos) {
case CMD_PREFIX_EXIT_CODE:
exit_status = atoi(++pos);
break;
case CMD_PREFIX_INFO:
stream = stdout;
break;
case CMD_PREFIX_ERROR:
Reported by FlawFinder.
Line: 82
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size_t to_copy;
to_copy = MIN(nread, MAX_COMMAND_LENGTH - 1 - response_string_size);
memcpy(response_string + response_string_size, buf->base, to_copy);
response_string_size += to_copy;
response_string[response_string_size] = '\0';
}
if (buf && buf->len) {
free(buf->base);
Reported by FlawFinder.
Line: 59
Column: 20
CWE codes:
126
}
if (stream) {
fprintf(stream, "%s\n", ++pos);
pos += strlen(pos);
stream = NULL;
}
}
}
Reported by FlawFinder.
Line: 150
Column: 27
CWE codes:
126
s = fgets(command_string, MAX_COMMAND_LENGTH, stdin);
}
(void)s; /* We don't need input to communicate with the server */
command_string_size = strlen(command_string);
write_req.data = &client_pipe;
write_buf.base = command_string;
write_buf.len = command_string_size;
ret = uv_write(&write_req, (uv_stream_t *)&client_pipe, &write_buf, 1, pipe_write_cb);
Reported by FlawFinder.
Line: 183
Column: 23
CWE codes:
126
for (i = 1 ; i < argc ; ++i) {
size_t to_copy;
to_copy = MIN(strlen(argv[i]), MAX_COMMAND_LENGTH - 1 - command_string_size);
strncpyz(command_string + command_string_size, argv[i], to_copy);
command_string_size += to_copy;
if (command_string_size < MAX_COMMAND_LENGTH - 1) {
command_string[command_string_size++] = ' ';
Reported by FlawFinder.
collectors/freebsd.plugin/freebsd_sysctl.c
7 issues
Line: 396
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int i;
static struct cpu_chart {
char cpuid[MAX_INT_DIGITS + 4];
RRDSET *st;
RRDDIM *rd_user;
RRDDIM *rd_nice;
RRDDIM *rd_system;
RRDDIM *rd_interrupt;
Reported by FlawFinder.
Line: 466
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int *mib = NULL;
static int *pcpu_temperature = NULL;
static int old_number_of_cpus = 0;
char char_mib[MAX_INT_DIGITS + 21];
char char_rd[MAX_INT_DIGITS + 9];
if (unlikely(number_of_cpus != old_number_of_cpus)) {
pcpu_temperature = reallocz(pcpu_temperature, sizeof(int) * number_of_cpus);
mib = reallocz(mib, sizeof(int) * number_of_cpus * 4);
Reported by FlawFinder.
Line: 467
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int *pcpu_temperature = NULL;
static int old_number_of_cpus = 0;
char char_mib[MAX_INT_DIGITS + 21];
char char_rd[MAX_INT_DIGITS + 9];
if (unlikely(number_of_cpus != old_number_of_cpus)) {
pcpu_temperature = reallocz(pcpu_temperature, sizeof(int) * number_of_cpus);
mib = reallocz(mib, sizeof(int) * number_of_cpus * 4);
if (unlikely(number_of_cpus > old_number_of_cpus))
Reported by FlawFinder.
Line: 477
Column: 13
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
for (i = 0; i < number_of_cpus; i++) {
if (unlikely(!(mib[i * 4])))
sprintf(char_mib, "dev.cpu.%d.temperature", i);
if (unlikely(getsysctl_simple(char_mib, &mib[i * 4], 4, &pcpu_temperature[i], sizeof(int)))) {
error("DISABLED: cpu.temperature chart");
error("DISABLED: dev.cpu.temperature module");
return 1;
}
Reported by FlawFinder.
Line: 516
Column: 13
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (i = 0; i < number_of_cpus; i++) {
if (unlikely(!rd_pcpu_temperature[i])) {
sprintf(char_rd, "cpu%d.temp", i);
rd_pcpu_temperature[i] = rrddim_add(st, char_rd, NULL, 1, 1, RRD_ALGORITHM_ABSOLUTE);
}
rrddim_set_by_pointer(st, rd_pcpu_temperature[i], (collected_number) ((double)pcpu_temperature[i] / 10 - 273.15));
}
Reported by FlawFinder.
Line: 1677
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (likely(do_netisr_per_core)) {
static struct softnet_chart {
char netisr_cpuid[MAX_INT_DIGITS + 17];
RRDSET *st;
RRDDIM *rd_dispatched;
RRDDIM *rd_hybrid_dispatched;
RRDDIM *rd_qdrops;
RRDDIM *rd_queued;
Reported by FlawFinder.
Line: 684
Column: 46
CWE codes:
126
for (i = 0; i < nintr; i++) {
void *p;
p = intrnames + i * (strlen(intrnames) + 1);
if (unlikely((intrcnt[i] != 0) && (*(char *) p != 0))) {
RRDDIM *rd_interrupts = rrddim_find_active(st_interrupts, p);
if (unlikely(!rd_interrupts))
rd_interrupts = rrddim_add(st_interrupts, p, NULL, 1, 1, RRD_ALGORITHM_INCREMENTAL);
Reported by FlawFinder.
collectors/proc.plugin/proc_interrupts.c
7 issues
Line: 18
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct interrupt {
int used;
char *id;
char name[MAX_INTERRUPT_NAME + 1];
RRDDIM *rd;
unsigned long long total;
struct cpu_interrupt cpu[];
};
Reported by FlawFinder.
Line: 29
Column: 60
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define recordsize(cpus) (sizeof(struct interrupt) + ((cpus) * sizeof(struct cpu_interrupt)))
// given a base, get a pointer to each record
#define irrindex(base, line, cpus) ((struct interrupt *)&((char *)(base))[(line) * recordsize(cpus)])
static inline struct interrupt *get_interrupts_array(size_t lines, int cpus) {
static struct interrupt *irrs = NULL;
static size_t allocated = 0;
Reported by FlawFinder.
Line: 66
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
do_per_core = config_get_boolean_ondemand(CONFIG_SECTION_PLUGIN_PROC_INTERRUPTS, "interrupts per core", CONFIG_BOOLEAN_AUTO);
if(unlikely(!ff)) {
char filename[FILENAME_MAX + 1];
snprintfz(filename, FILENAME_MAX, "%s%s", netdata_configured_host_prefix, "/proc/interrupts");
ff = procfile_open(config_get(CONFIG_SECTION_PLUGIN_PROC_INTERRUPTS, "filename to monitor", filename), " \t", PROCFILE_FLAG_DEFAULT);
}
if(unlikely(!ff))
return 1;
Reported by FlawFinder.
Line: 209
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for(c = 0; c < cpus ;c++) {
if(unlikely(!core_st[c])) {
char id[50+1];
snprintfz(id, 50, "cpu%d_interrupts", c);
char title[100+1];
snprintfz(title, 100, "CPU%d Interrupts", c);
core_st[c] = rrdset_create_localhost(
Reported by FlawFinder.
Line: 212
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char id[50+1];
snprintfz(id, 50, "cpu%d_interrupts", c);
char title[100+1];
snprintfz(title, 100, "CPU%d Interrupts", c);
core_st[c] = rrdset_create_localhost(
"cpu"
, id
, NULL
Reported by FlawFinder.
Line: 116
Column: 24
CWE codes:
126
irr->id = procfile_lineword(ff, l, 0);
if(unlikely(!irr->id || !irr->id[0])) continue;
size_t idlen = strlen(irr->id);
if(irr->id[idlen - 1] == ':')
irr->id[--idlen] = '\0';
int c;
for(c = 0; c < cpus ;c++) {
Reported by FlawFinder.
Line: 132
Column: 27
CWE codes:
126
if(unlikely(isdigit(irr->id[0]) && (uint32_t)(cpus + 2) < words)) {
strncpyz(irr->name, procfile_lineword(ff, l, words - 1), MAX_INTERRUPT_NAME);
size_t nlen = strlen(irr->name);
if(likely(nlen + 1 + idlen <= MAX_INTERRUPT_NAME)) {
irr->name[nlen] = '_';
strncpyz(&irr->name[nlen + 1], irr->id, MAX_INTERRUPT_NAME - nlen - 1);
}
else {
Reported by FlawFinder.