Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/asterisk-16.15.0~dfsg/addons/chan_ooh323.h
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/context.c
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/decode.c
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/dlist.c
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/dlist.h
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/encode.c
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/errmgmt.c
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/eventHandler.c
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/eventHandler.h
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/h323/H235-SECURITY-MESSAGES.h
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/h323/H235-SECURITY-MESSAGESDec.c
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/h323/H235-SECURITY-MESSAGESEnc.c
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/h323/H323-MESSAGES.c
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/h323/H323-MESSAGES.h
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/h323/H323-MESSAGESDec.c
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/h323/H323-MESSAGESEnc.c
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/h323/MULTIMEDIA-SYSTEM-CONTROL.c
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/h323/MULTIMEDIA-SYSTEM-CONTROL.h
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/h323/MULTIMEDIA-SYSTEM-CONTROLDec.c
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/h323/MULTIMEDIA-SYSTEM-CONTROLEnc.c
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/memheap.c
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/memheap.h
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCalls.c
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCalls.h
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCapability.c
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCapability.h
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCmdChannel.c
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCmdChannel.h
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCommon.h
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooDateTime.c
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooDateTime.h
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.h
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooLogChan.c
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooLogChan.h
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooSocket.c
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooSocket.h
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.h
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooTimer.c
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooTimer.h
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooUtils.c
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooUtils.h
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooasn1.h
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/oochannels.c
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/oochannels.h
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh245.c
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh245.h
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.h
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323ep.c
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323ep.h
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/oohdr.h
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooper.h
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooports.c
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooports.h
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.h
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ootrace.c
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ootrace.h
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ootypes.h
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/perutil.c
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/printHandler.c
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/printHandler.h
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/rtctype.c
Examining data/asterisk-16.15.0~dfsg/addons/ooh323c/src/rtctype.h
Examining data/asterisk-16.15.0~dfsg/addons/ooh323cDriver.c
Examining data/asterisk-16.15.0~dfsg/addons/ooh323cDriver.h
Examining data/asterisk-16.15.0~dfsg/addons/mp3/common.c
Examining data/asterisk-16.15.0~dfsg/addons/mp3/dct64_i386.c
Examining data/asterisk-16.15.0~dfsg/addons/mp3/decode_i386.c
Examining data/asterisk-16.15.0~dfsg/addons/mp3/decode_ntom.c
Examining data/asterisk-16.15.0~dfsg/addons/mp3/huffman.h
Examining data/asterisk-16.15.0~dfsg/addons/mp3/interface.c
Examining data/asterisk-16.15.0~dfsg/addons/mp3/layer3.c
Examining data/asterisk-16.15.0~dfsg/addons/mp3/mpg123.h
Examining data/asterisk-16.15.0~dfsg/addons/mp3/mpglib.h
Examining data/asterisk-16.15.0~dfsg/addons/mp3/tabinit.c
Examining data/asterisk-16.15.0~dfsg/addons/app_mysql.c
Examining data/asterisk-16.15.0~dfsg/addons/chan_mobile.c
Examining data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c
Examining data/asterisk-16.15.0~dfsg/addons/res_config_mysql.c
Examining data/asterisk-16.15.0~dfsg/addons/cdr_mysql.c
Examining data/asterisk-16.15.0~dfsg/addons/format_mp3.c
Examining data/asterisk-16.15.0~dfsg/agi/eagi-sphinx-test.c
Examining data/asterisk-16.15.0~dfsg/agi/eagi-test.c
Examining data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c
Examining data/asterisk-16.15.0~dfsg/apps/app_agent_pool.c
Examining data/asterisk-16.15.0~dfsg/apps/app_alarmreceiver.c
Examining data/asterisk-16.15.0~dfsg/apps/app_amd.c
Examining data/asterisk-16.15.0~dfsg/apps/app_attended_transfer.c
Examining data/asterisk-16.15.0~dfsg/apps/app_authenticate.c
Examining data/asterisk-16.15.0~dfsg/apps/app_blind_transfer.c
Examining data/asterisk-16.15.0~dfsg/apps/app_bridgeaddchan.c
Examining data/asterisk-16.15.0~dfsg/apps/app_bridgewait.c
Examining data/asterisk-16.15.0~dfsg/apps/app_cdr.c
Examining data/asterisk-16.15.0~dfsg/apps/app_celgenuserevent.c
Examining data/asterisk-16.15.0~dfsg/apps/app_chanisavail.c
Examining data/asterisk-16.15.0~dfsg/apps/app_channelredirect.c
Examining data/asterisk-16.15.0~dfsg/apps/app_chanspy.c
Examining data/asterisk-16.15.0~dfsg/apps/app_confbridge.c
Examining data/asterisk-16.15.0~dfsg/apps/app_controlplayback.c
Examining data/asterisk-16.15.0~dfsg/apps/app_dahdiras.c
Examining data/asterisk-16.15.0~dfsg/apps/app_db.c
Examining data/asterisk-16.15.0~dfsg/apps/app_dial.c
Examining data/asterisk-16.15.0~dfsg/apps/app_dictate.c
Examining data/asterisk-16.15.0~dfsg/apps/app_directed_pickup.c
Examining data/asterisk-16.15.0~dfsg/apps/app_directory.c
Examining data/asterisk-16.15.0~dfsg/apps/app_disa.c
Examining data/asterisk-16.15.0~dfsg/apps/app_dumpchan.c
Examining data/asterisk-16.15.0~dfsg/apps/app_echo.c
Examining data/asterisk-16.15.0~dfsg/apps/app_exec.c
Examining data/asterisk-16.15.0~dfsg/apps/app_externalivr.c
Examining data/asterisk-16.15.0~dfsg/apps/app_fax.c
Examining data/asterisk-16.15.0~dfsg/apps/app_festival.c
Examining data/asterisk-16.15.0~dfsg/apps/app_flash.c
Examining data/asterisk-16.15.0~dfsg/apps/app_followme.c
Examining data/asterisk-16.15.0~dfsg/apps/app_forkcdr.c
Examining data/asterisk-16.15.0~dfsg/apps/app_getcpeid.c
Examining data/asterisk-16.15.0~dfsg/apps/app_ices.c
Examining data/asterisk-16.15.0~dfsg/apps/app_image.c
Examining data/asterisk-16.15.0~dfsg/apps/app_ivrdemo.c
Examining data/asterisk-16.15.0~dfsg/apps/app_jack.c
Examining data/asterisk-16.15.0~dfsg/apps/app_macro.c
Examining data/asterisk-16.15.0~dfsg/apps/app_meetme.c
Examining data/asterisk-16.15.0~dfsg/apps/app_milliwatt.c
Examining data/asterisk-16.15.0~dfsg/apps/app_minivm.c
Examining data/asterisk-16.15.0~dfsg/apps/app_mixmonitor.c
Examining data/asterisk-16.15.0~dfsg/apps/app_morsecode.c
Examining data/asterisk-16.15.0~dfsg/apps/app_mp3.c
Examining data/asterisk-16.15.0~dfsg/apps/app_nbscat.c
Examining data/asterisk-16.15.0~dfsg/apps/app_originate.c
Examining data/asterisk-16.15.0~dfsg/apps/app_osplookup.c
Examining data/asterisk-16.15.0~dfsg/apps/app_page.c
Examining data/asterisk-16.15.0~dfsg/apps/app_playback.c
Examining data/asterisk-16.15.0~dfsg/apps/app_playtones.c
Examining data/asterisk-16.15.0~dfsg/apps/app_privacy.c
Examining data/asterisk-16.15.0~dfsg/apps/app_queue.c
Examining data/asterisk-16.15.0~dfsg/apps/app_read.c
Examining data/asterisk-16.15.0~dfsg/apps/app_readexten.c
Examining data/asterisk-16.15.0~dfsg/apps/app_record.c
Examining data/asterisk-16.15.0~dfsg/apps/app_saycounted.c
Examining data/asterisk-16.15.0~dfsg/apps/app_sayunixtime.c
Examining data/asterisk-16.15.0~dfsg/apps/app_senddtmf.c
Examining data/asterisk-16.15.0~dfsg/apps/app_sendtext.c
Examining data/asterisk-16.15.0~dfsg/apps/app_skel.c
Examining data/asterisk-16.15.0~dfsg/apps/app_sms.c
Examining data/asterisk-16.15.0~dfsg/apps/app_softhangup.c
Examining data/asterisk-16.15.0~dfsg/apps/app_speech_utils.c
Examining data/asterisk-16.15.0~dfsg/apps/app_stack.c
Examining data/asterisk-16.15.0~dfsg/apps/app_stasis.c
Examining data/asterisk-16.15.0~dfsg/apps/app_statsd.c
Examining data/asterisk-16.15.0~dfsg/apps/app_stream_echo.c
Examining data/asterisk-16.15.0~dfsg/apps/app_system.c
Examining data/asterisk-16.15.0~dfsg/apps/app_talkdetect.c
Examining data/asterisk-16.15.0~dfsg/apps/app_test.c
Examining data/asterisk-16.15.0~dfsg/apps/app_transfer.c
Examining data/asterisk-16.15.0~dfsg/apps/app_url.c
Examining data/asterisk-16.15.0~dfsg/apps/app_userevent.c
Examining data/asterisk-16.15.0~dfsg/apps/app_verbose.c
Examining data/asterisk-16.15.0~dfsg/apps/app_voicemail.c
Examining data/asterisk-16.15.0~dfsg/apps/app_waitforring.c
Examining data/asterisk-16.15.0~dfsg/apps/app_waitforsilence.c
Examining data/asterisk-16.15.0~dfsg/apps/app_waituntil.c
Examining data/asterisk-16.15.0~dfsg/apps/app_while.c
Examining data/asterisk-16.15.0~dfsg/apps/app_zapateller.c
Examining data/asterisk-16.15.0~dfsg/apps/confbridge/conf_chan_announce.c
Examining data/asterisk-16.15.0~dfsg/apps/confbridge/conf_chan_record.c
Examining data/asterisk-16.15.0~dfsg/apps/confbridge/conf_config_parser.c
Examining data/asterisk-16.15.0~dfsg/apps/confbridge/conf_state.c
Examining data/asterisk-16.15.0~dfsg/apps/confbridge/conf_state_empty.c
Examining data/asterisk-16.15.0~dfsg/apps/confbridge/conf_state_inactive.c
Examining data/asterisk-16.15.0~dfsg/apps/confbridge/conf_state_multi.c
Examining data/asterisk-16.15.0~dfsg/apps/confbridge/conf_state_multi_marked.c
Examining data/asterisk-16.15.0~dfsg/apps/confbridge/conf_state_single.c
Examining data/asterisk-16.15.0~dfsg/apps/confbridge/conf_state_single_marked.c
Examining data/asterisk-16.15.0~dfsg/apps/confbridge/confbridge_manager.c
Examining data/asterisk-16.15.0~dfsg/apps/confbridge/include/conf_state.h
Examining data/asterisk-16.15.0~dfsg/apps/confbridge/include/confbridge.h
Examining data/asterisk-16.15.0~dfsg/apps/enter.h
Examining data/asterisk-16.15.0~dfsg/apps/leave.h
Examining data/asterisk-16.15.0~dfsg/bridges/bridge_builtin_features.c
Examining data/asterisk-16.15.0~dfsg/bridges/bridge_builtin_interval_features.c
Examining data/asterisk-16.15.0~dfsg/bridges/bridge_holding.c
Examining data/asterisk-16.15.0~dfsg/bridges/bridge_native_rtp.c
Examining data/asterisk-16.15.0~dfsg/bridges/bridge_simple.c
Examining data/asterisk-16.15.0~dfsg/bridges/bridge_softmix.c
Examining data/asterisk-16.15.0~dfsg/bridges/bridge_softmix/bridge_softmix_binaural.c
Examining data/asterisk-16.15.0~dfsg/bridges/bridge_softmix/include/bridge_softmix_internal.h
Examining data/asterisk-16.15.0~dfsg/bridges/bridge_softmix/include/hrirs.h
Examining data/asterisk-16.15.0~dfsg/bridges/bridge_softmix/include/hrirs_configuration.h
Examining data/asterisk-16.15.0~dfsg/cdr/cdr_adaptive_odbc.c
Examining data/asterisk-16.15.0~dfsg/cdr/cdr_beanstalkd.c
Examining data/asterisk-16.15.0~dfsg/cdr/cdr_csv.c
Examining data/asterisk-16.15.0~dfsg/cdr/cdr_custom.c
Examining data/asterisk-16.15.0~dfsg/cdr/cdr_manager.c
Examining data/asterisk-16.15.0~dfsg/cdr/cdr_odbc.c
Examining data/asterisk-16.15.0~dfsg/cdr/cdr_pgsql.c
Examining data/asterisk-16.15.0~dfsg/cdr/cdr_radius.c
Examining data/asterisk-16.15.0~dfsg/cdr/cdr_sqlite3_custom.c
Examining data/asterisk-16.15.0~dfsg/cdr/cdr_syslog.c
Examining data/asterisk-16.15.0~dfsg/cdr/cdr_tds.c
Examining data/asterisk-16.15.0~dfsg/cel/cel_beanstalkd.c
Examining data/asterisk-16.15.0~dfsg/cel/cel_custom.c
Examining data/asterisk-16.15.0~dfsg/cel/cel_manager.c
Examining data/asterisk-16.15.0~dfsg/cel/cel_odbc.c
Examining data/asterisk-16.15.0~dfsg/cel/cel_pgsql.c
Examining data/asterisk-16.15.0~dfsg/cel/cel_radius.c
Examining data/asterisk-16.15.0~dfsg/cel/cel_sqlite3_custom.c
Examining data/asterisk-16.15.0~dfsg/cel/cel_tds.c
Examining data/asterisk-16.15.0~dfsg/channels/chan_alsa.c
Examining data/asterisk-16.15.0~dfsg/channels/chan_bridge_media.c
Examining data/asterisk-16.15.0~dfsg/channels/chan_console.c
Examining data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c
Examining data/asterisk-16.15.0~dfsg/channels/chan_dahdi.h
Examining data/asterisk-16.15.0~dfsg/channels/chan_iax2.c
Examining data/asterisk-16.15.0~dfsg/channels/chan_misdn.c
Examining data/asterisk-16.15.0~dfsg/channels/chan_motif.c
Examining data/asterisk-16.15.0~dfsg/channels/chan_nbs.c
Examining data/asterisk-16.15.0~dfsg/channels/chan_oss.c
Examining data/asterisk-16.15.0~dfsg/channels/chan_phone.c
Examining data/asterisk-16.15.0~dfsg/channels/chan_phone.h
Examining data/asterisk-16.15.0~dfsg/channels/chan_pjsip.c
Examining data/asterisk-16.15.0~dfsg/channels/chan_rtp.c
Examining data/asterisk-16.15.0~dfsg/channels/chan_sip.c
Examining data/asterisk-16.15.0~dfsg/channels/chan_skinny.c
Examining data/asterisk-16.15.0~dfsg/channels/chan_unistim.c
Examining data/asterisk-16.15.0~dfsg/channels/console_board.c
Examining data/asterisk-16.15.0~dfsg/channels/console_gui.c
Examining data/asterisk-16.15.0~dfsg/channels/console_video.c
Examining data/asterisk-16.15.0~dfsg/channels/dahdi/bridge_native_dahdi.c
Examining data/asterisk-16.15.0~dfsg/channels/dahdi/bridge_native_dahdi.h
Examining data/asterisk-16.15.0~dfsg/channels/iax2/codec_pref.c
Examining data/asterisk-16.15.0~dfsg/channels/iax2/firmware.c
Examining data/asterisk-16.15.0~dfsg/channels/iax2/format_compatibility.c
Examining data/asterisk-16.15.0~dfsg/channels/iax2/include/astobj.h
Examining data/asterisk-16.15.0~dfsg/channels/iax2/include/codec_pref.h
Examining data/asterisk-16.15.0~dfsg/channels/iax2/include/firmware.h
Examining data/asterisk-16.15.0~dfsg/channels/iax2/include/format_compatibility.h
Examining data/asterisk-16.15.0~dfsg/channels/iax2/include/iax2.h
Examining data/asterisk-16.15.0~dfsg/channels/iax2/include/netsock.h
Examining data/asterisk-16.15.0~dfsg/channels/iax2/include/parser.h
Examining data/asterisk-16.15.0~dfsg/channels/iax2/include/provision.h
Examining data/asterisk-16.15.0~dfsg/channels/iax2/netsock.c
Examining data/asterisk-16.15.0~dfsg/channels/iax2/parser.c
Examining data/asterisk-16.15.0~dfsg/channels/iax2/provision.c
Examining data/asterisk-16.15.0~dfsg/channels/misdn/chan_misdn_config.h
Examining data/asterisk-16.15.0~dfsg/channels/misdn/ie.c
Examining data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c
Examining data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.h
Examining data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib_intern.h
Examining data/asterisk-16.15.0~dfsg/channels/misdn/isdn_msg_parser.c
Examining data/asterisk-16.15.0~dfsg/channels/misdn/portinfo.c
Examining data/asterisk-16.15.0~dfsg/channels/misdn_config.c
Examining data/asterisk-16.15.0~dfsg/channels/pjsip/cli_commands.c
Examining data/asterisk-16.15.0~dfsg/channels/pjsip/dialplan_functions.c
Examining data/asterisk-16.15.0~dfsg/channels/pjsip/include/chan_pjsip.h
Examining data/asterisk-16.15.0~dfsg/channels/pjsip/include/cli_functions.h
Examining data/asterisk-16.15.0~dfsg/channels/pjsip/include/dialplan_functions.h
Examining data/asterisk-16.15.0~dfsg/channels/sig_analog.c
Examining data/asterisk-16.15.0~dfsg/channels/sig_analog.h
Examining data/asterisk-16.15.0~dfsg/channels/sig_pri.c
Examining data/asterisk-16.15.0~dfsg/channels/sig_pri.h
Examining data/asterisk-16.15.0~dfsg/channels/sig_ss7.c
Examining data/asterisk-16.15.0~dfsg/channels/sig_ss7.h
Examining data/asterisk-16.15.0~dfsg/channels/sip/config_parser.c
Examining data/asterisk-16.15.0~dfsg/channels/sip/dialplan_functions.c
Examining data/asterisk-16.15.0~dfsg/channels/sip/include/config_parser.h
Examining data/asterisk-16.15.0~dfsg/channels/sip/include/dialog.h
Examining data/asterisk-16.15.0~dfsg/channels/sip/include/dialplan_functions.h
Examining data/asterisk-16.15.0~dfsg/channels/sip/include/globals.h
Examining data/asterisk-16.15.0~dfsg/channels/sip/include/reqresp_parser.h
Examining data/asterisk-16.15.0~dfsg/channels/sip/include/route.h
Examining data/asterisk-16.15.0~dfsg/channels/sip/include/security_events.h
Examining data/asterisk-16.15.0~dfsg/channels/sip/include/sip.h
Examining data/asterisk-16.15.0~dfsg/channels/sip/include/sip_utils.h
Examining data/asterisk-16.15.0~dfsg/channels/sip/reqresp_parser.c
Examining data/asterisk-16.15.0~dfsg/channels/sip/route.c
Examining data/asterisk-16.15.0~dfsg/channels/sip/security_events.c
Examining data/asterisk-16.15.0~dfsg/channels/sip/utils.c
Examining data/asterisk-16.15.0~dfsg/channels/vcodecs.c
Examining data/asterisk-16.15.0~dfsg/channels/vgrabbers.c
Examining data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc
Examining data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c
Examining data/asterisk-16.15.0~dfsg/channels/console_video.h
Examining data/asterisk-16.15.0~dfsg/codecs/codec_a_mu.c
Examining data/asterisk-16.15.0~dfsg/codecs/codec_adpcm.c
Examining data/asterisk-16.15.0~dfsg/codecs/codec_alaw.c
Examining data/asterisk-16.15.0~dfsg/codecs/codec_codec2.c
Examining data/asterisk-16.15.0~dfsg/codecs/codec_dahdi.c
Examining data/asterisk-16.15.0~dfsg/codecs/codec_g722.c
Examining data/asterisk-16.15.0~dfsg/codecs/codec_g726.c
Examining data/asterisk-16.15.0~dfsg/codecs/codec_gsm.c
Examining data/asterisk-16.15.0~dfsg/codecs/codec_lpc10.c
Examining data/asterisk-16.15.0~dfsg/codecs/codec_resample.c
Examining data/asterisk-16.15.0~dfsg/codecs/codec_speex.c
Examining data/asterisk-16.15.0~dfsg/codecs/codec_ulaw.c
Examining data/asterisk-16.15.0~dfsg/codecs/ex_adpcm.h
Examining data/asterisk-16.15.0~dfsg/codecs/ex_alaw.h
Examining data/asterisk-16.15.0~dfsg/codecs/ex_codec2.h
Examining data/asterisk-16.15.0~dfsg/codecs/ex_g722.h
Examining data/asterisk-16.15.0~dfsg/codecs/ex_g726.h
Examining data/asterisk-16.15.0~dfsg/codecs/ex_gsm.h
Examining data/asterisk-16.15.0~dfsg/codecs/ex_ilbc.h
Examining data/asterisk-16.15.0~dfsg/codecs/ex_lpc10.h
Examining data/asterisk-16.15.0~dfsg/codecs/ex_speex.h
Examining data/asterisk-16.15.0~dfsg/codecs/ex_ulaw.h
Examining data/asterisk-16.15.0~dfsg/codecs/g722/g722.h
Examining data/asterisk-16.15.0~dfsg/codecs/g722/g722_decode.c
Examining data/asterisk-16.15.0~dfsg/codecs/g722/g722_encode.c
Examining data/asterisk-16.15.0~dfsg/codecs/gsm/inc/config.h
Examining data/asterisk-16.15.0~dfsg/codecs/gsm/inc/gsm.h
Examining data/asterisk-16.15.0~dfsg/codecs/gsm/inc/private.h
Examining data/asterisk-16.15.0~dfsg/codecs/gsm/inc/proto.h
Examining data/asterisk-16.15.0~dfsg/codecs/gsm/inc/unproto.h
Examining data/asterisk-16.15.0~dfsg/codecs/gsm/src/add.c
Examining data/asterisk-16.15.0~dfsg/codecs/gsm/src/code.c
Examining data/asterisk-16.15.0~dfsg/codecs/gsm/src/debug.c
Examining data/asterisk-16.15.0~dfsg/codecs/gsm/src/decode.c
Examining data/asterisk-16.15.0~dfsg/codecs/gsm/src/gsm_create.c
Examining data/asterisk-16.15.0~dfsg/codecs/gsm/src/gsm_decode.c
Examining data/asterisk-16.15.0~dfsg/codecs/gsm/src/gsm_destroy.c
Examining data/asterisk-16.15.0~dfsg/codecs/gsm/src/gsm_encode.c
Examining data/asterisk-16.15.0~dfsg/codecs/gsm/src/gsm_explode.c
Examining data/asterisk-16.15.0~dfsg/codecs/gsm/src/gsm_implode.c
Examining data/asterisk-16.15.0~dfsg/codecs/gsm/src/gsm_option.c
Examining data/asterisk-16.15.0~dfsg/codecs/gsm/src/gsm_print.c
Examining data/asterisk-16.15.0~dfsg/codecs/gsm/src/k6opt.h
Examining data/asterisk-16.15.0~dfsg/codecs/gsm/src/long_term.c
Examining data/asterisk-16.15.0~dfsg/codecs/gsm/src/lpc.c
Examining data/asterisk-16.15.0~dfsg/codecs/gsm/src/preprocess.c
Examining data/asterisk-16.15.0~dfsg/codecs/gsm/src/rpe.c
Examining data/asterisk-16.15.0~dfsg/codecs/gsm/src/short_term.c
Examining data/asterisk-16.15.0~dfsg/codecs/gsm/src/table.c
Examining data/asterisk-16.15.0~dfsg/codecs/log2comp.h
Examining data/asterisk-16.15.0~dfsg/codecs/lpc10/analys.c
Examining data/asterisk-16.15.0~dfsg/codecs/lpc10/bsynz.c
Examining data/asterisk-16.15.0~dfsg/codecs/lpc10/chanwr.c
Examining data/asterisk-16.15.0~dfsg/codecs/lpc10/dcbias.c
Examining data/asterisk-16.15.0~dfsg/codecs/lpc10/decode.c
Examining data/asterisk-16.15.0~dfsg/codecs/lpc10/deemp.c
Examining data/asterisk-16.15.0~dfsg/codecs/lpc10/difmag.c
Examining data/asterisk-16.15.0~dfsg/codecs/lpc10/dyptrk.c
Examining data/asterisk-16.15.0~dfsg/codecs/lpc10/encode.c
Examining data/asterisk-16.15.0~dfsg/codecs/lpc10/energy.c
Examining data/asterisk-16.15.0~dfsg/codecs/lpc10/f2c.h
Examining data/asterisk-16.15.0~dfsg/codecs/lpc10/f2clib.c
Examining data/asterisk-16.15.0~dfsg/codecs/lpc10/ham84.c
Examining data/asterisk-16.15.0~dfsg/codecs/lpc10/hp100.c
Examining data/asterisk-16.15.0~dfsg/codecs/lpc10/invert.c
Examining data/asterisk-16.15.0~dfsg/codecs/lpc10/irc2pc.c
Examining data/asterisk-16.15.0~dfsg/codecs/lpc10/ivfilt.c
Examining data/asterisk-16.15.0~dfsg/codecs/lpc10/lpc10.h
Examining data/asterisk-16.15.0~dfsg/codecs/lpc10/lpcdec.c
Examining data/asterisk-16.15.0~dfsg/codecs/lpc10/lpcenc.c
Examining data/asterisk-16.15.0~dfsg/codecs/lpc10/lpcini.c
Examining data/asterisk-16.15.0~dfsg/codecs/lpc10/lpfilt.c
Examining data/asterisk-16.15.0~dfsg/codecs/lpc10/median.c
Examining data/asterisk-16.15.0~dfsg/codecs/lpc10/mload.c
Examining data/asterisk-16.15.0~dfsg/codecs/lpc10/onset.c
Examining data/asterisk-16.15.0~dfsg/codecs/lpc10/pitsyn.c
Examining data/asterisk-16.15.0~dfsg/codecs/lpc10/placea.c
Examining data/asterisk-16.15.0~dfsg/codecs/lpc10/placev.c
Examining data/asterisk-16.15.0~dfsg/codecs/lpc10/preemp.c
Examining data/asterisk-16.15.0~dfsg/codecs/lpc10/prepro.c
Examining data/asterisk-16.15.0~dfsg/codecs/lpc10/random.c
Examining data/asterisk-16.15.0~dfsg/codecs/lpc10/rcchk.c
Examining data/asterisk-16.15.0~dfsg/codecs/lpc10/synths.c
Examining data/asterisk-16.15.0~dfsg/codecs/lpc10/tbdm.c
Examining data/asterisk-16.15.0~dfsg/codecs/lpc10/voicin.c
Examining data/asterisk-16.15.0~dfsg/codecs/lpc10/vparms.c
Examining data/asterisk-16.15.0~dfsg/codecs/speex/arch.h
Examining data/asterisk-16.15.0~dfsg/codecs/speex/fixed_generic.h
Examining data/asterisk-16.15.0~dfsg/codecs/speex/resample.c
Examining data/asterisk-16.15.0~dfsg/codecs/speex/resample_sse.h
Examining data/asterisk-16.15.0~dfsg/codecs/speex/speex_resampler.h
Examining data/asterisk-16.15.0~dfsg/codecs/speex/stack_alloc.h
Examining data/asterisk-16.15.0~dfsg/codecs/codec_ilbc.c
Examining data/asterisk-16.15.0~dfsg/codecs/codec_amr.c
Examining data/asterisk-16.15.0~dfsg/codecs/ex_amr.h
Examining data/asterisk-16.15.0~dfsg/contrib/utils/eagi_proxy.c
Examining data/asterisk-16.15.0~dfsg/contrib/utils/rawplayer.c
Examining data/asterisk-16.15.0~dfsg/contrib/utils/zones2indications.c
Examining data/asterisk-16.15.0~dfsg/formats/format_g719.c
Examining data/asterisk-16.15.0~dfsg/formats/format_g723.c
Examining data/asterisk-16.15.0~dfsg/formats/format_g726.c
Examining data/asterisk-16.15.0~dfsg/formats/format_g729.c
Examining data/asterisk-16.15.0~dfsg/formats/format_gsm.c
Examining data/asterisk-16.15.0~dfsg/formats/format_h263.c
Examining data/asterisk-16.15.0~dfsg/formats/format_h264.c
Examining data/asterisk-16.15.0~dfsg/formats/format_ilbc.c
Examining data/asterisk-16.15.0~dfsg/formats/format_ogg_speex.c
Examining data/asterisk-16.15.0~dfsg/formats/format_ogg_vorbis.c
Examining data/asterisk-16.15.0~dfsg/formats/format_pcm.c
Examining data/asterisk-16.15.0~dfsg/formats/format_siren14.c
Examining data/asterisk-16.15.0~dfsg/formats/format_siren7.c
Examining data/asterisk-16.15.0~dfsg/formats/format_sln.c
Examining data/asterisk-16.15.0~dfsg/formats/format_vox.c
Examining data/asterisk-16.15.0~dfsg/formats/format_wav.c
Examining data/asterisk-16.15.0~dfsg/formats/format_wav_gsm.c
Examining data/asterisk-16.15.0~dfsg/formats/msgsm.h
Examining data/asterisk-16.15.0~dfsg/funcs/func_aes.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_base64.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_blacklist.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_callcompletion.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_callerid.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_cdr.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_channel.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_config.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_curl.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_cut.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_db.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_devstate.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_dialgroup.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_dialplan.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_enum.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_env.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_extstate.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_frame_trace.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_global.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_groupcount.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_hangupcause.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_holdintercept.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_iconv.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_jitterbuffer.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_lock.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_logic.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_math.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_md5.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_module.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_odbc.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_periodic_hook.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_pitchshift.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_pjsip_aor.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_pjsip_contact.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_pjsip_endpoint.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_presencestate.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_rand.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_realtime.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_sha1.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_shell.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_sorcery.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_speex.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_sprintf.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_srv.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_strings.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_sysinfo.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_talkdetect.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_timeout.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_uri.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_version.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_vmcount.c
Examining data/asterisk-16.15.0~dfsg/funcs/func_volume.c
Examining data/asterisk-16.15.0~dfsg/include/asterisk.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/_private.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/abstract_jb.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/acl.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/adsi.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/ael_structs.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/agi.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/alaw.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/alertpipe.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/aoc.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/app.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/ari.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/ast_expr.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/ast_version.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/astdb.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/astmm.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/astobj2.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/audiohook.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/autochan.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/backtrace.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/beep.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/bridge.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/bridge_after.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/bridge_basic.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/bridge_channel.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/bridge_channel_internal.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/bridge_features.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/bridge_internal.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/bridge_roles.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/bridge_technology.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/bucket.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/buildinfo.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/calendar.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/callerid.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/causes.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/ccss.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/cdr.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/cel.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/celt.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/channel.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/channel_internal.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/channelstate.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/chanvars.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/cli.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/codec.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/compat.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/compiler.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/config.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/config_options.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/conversions.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/core_local.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/core_unreal.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/crypto.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/data_buffer.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/datastore.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/devicestate.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/dial.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/dlinkedlists.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/dns.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/dns_core.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/dns_internal.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/dns_naptr.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/dns_query_set.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/dns_recurring.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/dns_resolver.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/dns_srv.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/dns_test.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/dns_tlsa.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/dns_txt.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/dnsmgr.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/doxygen/architecture.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/doxygen/licensing.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/doxyref.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/dsp.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/dundi.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/endian.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/endpoints.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/enum.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/event.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/event_defs.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/extconf.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/features.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/features_config.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/file.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/format.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/format_cap.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/format_compatibility.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/frame.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/framehook.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/fskmodem.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/fskmodem_float.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/fskmodem_int.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/global_datastores.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/hashtab.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/heap.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/http.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/http_websocket.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/ilbc.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/image.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/indications.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/inline_api.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/io.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/iostream.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/json.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/linkedlists.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/localtime.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/lock.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/logger.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/logger_category.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/manager.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/max_forwards.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/md5.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/media_cache.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/media_index.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/message.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/mixmonitor.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/mod_format.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/module.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/monitor.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/multicast_rtp.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/musiconhold.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/mwi.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/named_locks.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/netsock2.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/network.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/optional_api.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/options.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/opus.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/parking.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/paths.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/pbx.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/phoneprov.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/pickup.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/pktccops.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/plc.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/poll-compat.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/presencestate.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/privacy.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/pval.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/res_fax.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/res_hep.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/res_mwi_external.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/res_odbc.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/res_odbc_transaction.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/res_pjproject.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/res_pjsip.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/res_pjsip_body_generator_types.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/res_pjsip_cli.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/res_pjsip_outbound_publish.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/res_pjsip_presence_xml.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/res_pjsip_pubsub.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/res_pjsip_session.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/res_srtp.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/res_stir_shaken.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/rtp_engine.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/say.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/sched.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/sdp_srtp.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/security_events.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/security_events_defs.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/select.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/sem.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/serializer.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/sha1.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/silk.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/sip_api.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/slin.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/slinfactory.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/smdi.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/smoother.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/sorcery.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/sounds_index.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/speech.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/spinlock.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/srv.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/stasis.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/stasis_app.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/stasis_app_device_state.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/stasis_app_impl.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/stasis_app_mailbox.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/stasis_app_playback.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/stasis_app_recording.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/stasis_app_snoop.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/stasis_bridges.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/stasis_cache_pattern.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/stasis_channels.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/stasis_endpoints.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/stasis_internal.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/stasis_message_router.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/stasis_system.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/stasis_test.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/statsd.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/stream.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/stringfields.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/strings.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/stun.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/syslog.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/taskprocessor.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/tcptls.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/tdd.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/term.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/test.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/threadpool.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/threadstorage.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/time.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/timing.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/transcap.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/translate.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/udptl.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/ulaw.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/unaligned.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/uri.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/utf8.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/utils.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/uuid.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/vector.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/version.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/xml.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/xmldoc.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/xmpp.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/amr.h
Examining data/asterisk-16.15.0~dfsg/include/asterisk/format_cache.h
Examining data/asterisk-16.15.0~dfsg/include/jitterbuf.h
Examining data/asterisk-16.15.0~dfsg/include/solaris-compat/compat.h
Examining data/asterisk-16.15.0~dfsg/include/solaris-compat/sys/cdefs.h
Examining data/asterisk-16.15.0~dfsg/include/solaris-compat/sys/queue.h
Examining data/asterisk-16.15.0~dfsg/main/abstract_jb.c
Examining data/asterisk-16.15.0~dfsg/main/acl.c
Examining data/asterisk-16.15.0~dfsg/main/adsi.c
Examining data/asterisk-16.15.0~dfsg/main/alaw.c
Examining data/asterisk-16.15.0~dfsg/main/alertpipe.c
Examining data/asterisk-16.15.0~dfsg/main/aoc.c
Examining data/asterisk-16.15.0~dfsg/main/app.c
Examining data/asterisk-16.15.0~dfsg/main/ast_expr2.c
Examining data/asterisk-16.15.0~dfsg/main/ast_expr2.h
Examining data/asterisk-16.15.0~dfsg/main/ast_expr2f.c
Examining data/asterisk-16.15.0~dfsg/main/asterisk.c
Examining data/asterisk-16.15.0~dfsg/main/astfd.c
Examining data/asterisk-16.15.0~dfsg/main/astmm.c
Examining data/asterisk-16.15.0~dfsg/main/astobj2.c
Examining data/asterisk-16.15.0~dfsg/main/astobj2_container.c
Examining data/asterisk-16.15.0~dfsg/main/astobj2_container_private.h
Examining data/asterisk-16.15.0~dfsg/main/astobj2_global.c
Examining data/asterisk-16.15.0~dfsg/main/astobj2_hash.c
Examining data/asterisk-16.15.0~dfsg/main/astobj2_private.h
Examining data/asterisk-16.15.0~dfsg/main/astobj2_rbtree.c
Examining data/asterisk-16.15.0~dfsg/main/audiohook.c
Examining data/asterisk-16.15.0~dfsg/main/autochan.c
Examining data/asterisk-16.15.0~dfsg/main/autoservice.c
Examining data/asterisk-16.15.0~dfsg/main/backtrace.c
Examining data/asterisk-16.15.0~dfsg/main/bridge.c
Examining data/asterisk-16.15.0~dfsg/main/bridge_after.c
Examining data/asterisk-16.15.0~dfsg/main/bridge_basic.c
Examining data/asterisk-16.15.0~dfsg/main/bridge_channel.c
Examining data/asterisk-16.15.0~dfsg/main/bridge_roles.c
Examining data/asterisk-16.15.0~dfsg/main/bucket.c
Examining data/asterisk-16.15.0~dfsg/main/buildinfo.c
Examining data/asterisk-16.15.0~dfsg/main/callerid.c
Examining data/asterisk-16.15.0~dfsg/main/ccss.c
Examining data/asterisk-16.15.0~dfsg/main/cdr.c
Examining data/asterisk-16.15.0~dfsg/main/cel.c
Examining data/asterisk-16.15.0~dfsg/main/channel.c
Examining data/asterisk-16.15.0~dfsg/main/channel_internal_api.c
Examining data/asterisk-16.15.0~dfsg/main/chanvars.c
Examining data/asterisk-16.15.0~dfsg/main/cli.c
Examining data/asterisk-16.15.0~dfsg/main/codec.c
Examining data/asterisk-16.15.0~dfsg/main/config.c
Examining data/asterisk-16.15.0~dfsg/main/config_options.c
Examining data/asterisk-16.15.0~dfsg/main/conversions.c
Examining data/asterisk-16.15.0~dfsg/main/core_local.c
Examining data/asterisk-16.15.0~dfsg/main/core_unreal.c
Examining data/asterisk-16.15.0~dfsg/main/crypt.c
Examining data/asterisk-16.15.0~dfsg/main/cygload.c
Examining data/asterisk-16.15.0~dfsg/main/data_buffer.c
Examining data/asterisk-16.15.0~dfsg/main/datastore.c
Examining data/asterisk-16.15.0~dfsg/main/db.c
Examining data/asterisk-16.15.0~dfsg/main/devicestate.c
Examining data/asterisk-16.15.0~dfsg/main/dial.c
Examining data/asterisk-16.15.0~dfsg/main/dns.c
Examining data/asterisk-16.15.0~dfsg/main/dns_core.c
Examining data/asterisk-16.15.0~dfsg/main/dns_naptr.c
Examining data/asterisk-16.15.0~dfsg/main/dns_query_set.c
Examining data/asterisk-16.15.0~dfsg/main/dns_recurring.c
Examining data/asterisk-16.15.0~dfsg/main/dns_srv.c
Examining data/asterisk-16.15.0~dfsg/main/dns_system_resolver.c
Examining data/asterisk-16.15.0~dfsg/main/dns_test.c
Examining data/asterisk-16.15.0~dfsg/main/dns_tlsa.c
Examining data/asterisk-16.15.0~dfsg/main/dns_txt.c
Examining data/asterisk-16.15.0~dfsg/main/dnsmgr.c
Examining data/asterisk-16.15.0~dfsg/main/dsp.c
Examining data/asterisk-16.15.0~dfsg/main/ecdisa.h
Examining data/asterisk-16.15.0~dfsg/main/endpoints.c
Examining data/asterisk-16.15.0~dfsg/main/enum.c
Examining data/asterisk-16.15.0~dfsg/main/event.c
Examining data/asterisk-16.15.0~dfsg/main/features.c
Examining data/asterisk-16.15.0~dfsg/main/features_config.c
Examining data/asterisk-16.15.0~dfsg/main/features_config.h
Examining data/asterisk-16.15.0~dfsg/main/file.c
Examining data/asterisk-16.15.0~dfsg/main/fixedjitterbuf.c
Examining data/asterisk-16.15.0~dfsg/main/fixedjitterbuf.h
Examining data/asterisk-16.15.0~dfsg/main/format.c
Examining data/asterisk-16.15.0~dfsg/main/format_cap.c
Examining data/asterisk-16.15.0~dfsg/main/format_compatibility.c
Examining data/asterisk-16.15.0~dfsg/main/frame.c
Examining data/asterisk-16.15.0~dfsg/main/framehook.c
Examining data/asterisk-16.15.0~dfsg/main/fskmodem.c
Examining data/asterisk-16.15.0~dfsg/main/fskmodem_float.c
Examining data/asterisk-16.15.0~dfsg/main/fskmodem_int.c
Examining data/asterisk-16.15.0~dfsg/main/global_datastores.c
Examining data/asterisk-16.15.0~dfsg/main/hashtab.c
Examining data/asterisk-16.15.0~dfsg/main/heap.c
Examining data/asterisk-16.15.0~dfsg/main/http.c
Examining data/asterisk-16.15.0~dfsg/main/image.c
Examining data/asterisk-16.15.0~dfsg/main/indications.c
Examining data/asterisk-16.15.0~dfsg/main/io.c
Examining data/asterisk-16.15.0~dfsg/main/iostream.c
Examining data/asterisk-16.15.0~dfsg/main/jitterbuf.c
Examining data/asterisk-16.15.0~dfsg/main/json.c
Examining data/asterisk-16.15.0~dfsg/main/libasteriskpj.c
Examining data/asterisk-16.15.0~dfsg/main/libasteriskssl.c
Examining data/asterisk-16.15.0~dfsg/main/loader.c
Examining data/asterisk-16.15.0~dfsg/main/lock.c
Examining data/asterisk-16.15.0~dfsg/main/logger.c
Examining data/asterisk-16.15.0~dfsg/main/logger_category.c
Examining data/asterisk-16.15.0~dfsg/main/manager.c
Examining data/asterisk-16.15.0~dfsg/main/manager_bridges.c
Examining data/asterisk-16.15.0~dfsg/main/manager_channels.c
Examining data/asterisk-16.15.0~dfsg/main/manager_endpoints.c
Examining data/asterisk-16.15.0~dfsg/main/manager_mwi.c
Examining data/asterisk-16.15.0~dfsg/main/manager_system.c
Examining data/asterisk-16.15.0~dfsg/main/max_forwards.c
Examining data/asterisk-16.15.0~dfsg/main/md5.c
Examining data/asterisk-16.15.0~dfsg/main/media_cache.c
Examining data/asterisk-16.15.0~dfsg/main/media_index.c
Examining data/asterisk-16.15.0~dfsg/main/message.c
Examining data/asterisk-16.15.0~dfsg/main/mixmonitor.c
Examining data/asterisk-16.15.0~dfsg/main/mwi.c
Examining data/asterisk-16.15.0~dfsg/main/named_acl.c
Examining data/asterisk-16.15.0~dfsg/main/named_locks.c
Examining data/asterisk-16.15.0~dfsg/main/netsock2.c
Examining data/asterisk-16.15.0~dfsg/main/optional_api.c
Examining data/asterisk-16.15.0~dfsg/main/options.c
Examining data/asterisk-16.15.0~dfsg/main/parking.c
Examining data/asterisk-16.15.0~dfsg/main/pbx.c
Examining data/asterisk-16.15.0~dfsg/main/pbx_app.c
Examining data/asterisk-16.15.0~dfsg/main/pbx_builtins.c
Examining data/asterisk-16.15.0~dfsg/main/pbx_functions.c
Examining data/asterisk-16.15.0~dfsg/main/pbx_hangup_handler.c
Examining data/asterisk-16.15.0~dfsg/main/pbx_ignorepat.c
Examining data/asterisk-16.15.0~dfsg/main/pbx_include.c
Examining data/asterisk-16.15.0~dfsg/main/pbx_private.h
Examining data/asterisk-16.15.0~dfsg/main/pbx_sw.c
Examining data/asterisk-16.15.0~dfsg/main/pbx_switch.c
Examining data/asterisk-16.15.0~dfsg/main/pbx_timing.c
Examining data/asterisk-16.15.0~dfsg/main/pbx_variables.c
Examining data/asterisk-16.15.0~dfsg/main/pickup.c
Examining data/asterisk-16.15.0~dfsg/main/plc.c
Examining data/asterisk-16.15.0~dfsg/main/poll.c
Examining data/asterisk-16.15.0~dfsg/main/presencestate.c
Examining data/asterisk-16.15.0~dfsg/main/privacy.c
Examining data/asterisk-16.15.0~dfsg/main/say.c
Examining data/asterisk-16.15.0~dfsg/main/sched.c
Examining data/asterisk-16.15.0~dfsg/main/sdp_srtp.c
Examining data/asterisk-16.15.0~dfsg/main/security_events.c
Examining data/asterisk-16.15.0~dfsg/main/sem.c
Examining data/asterisk-16.15.0~dfsg/main/serializer.c
Examining data/asterisk-16.15.0~dfsg/main/sha1.c
Examining data/asterisk-16.15.0~dfsg/main/sip_api.c
Examining data/asterisk-16.15.0~dfsg/main/slinfactory.c
Examining data/asterisk-16.15.0~dfsg/main/smoother.c
Examining data/asterisk-16.15.0~dfsg/main/sorcery.c
Examining data/asterisk-16.15.0~dfsg/main/sounds.c
Examining data/asterisk-16.15.0~dfsg/main/srv.c
Examining data/asterisk-16.15.0~dfsg/main/stasis.c
Examining data/asterisk-16.15.0~dfsg/main/stasis_bridges.c
Examining data/asterisk-16.15.0~dfsg/main/stasis_cache.c
Examining data/asterisk-16.15.0~dfsg/main/stasis_cache_pattern.c
Examining data/asterisk-16.15.0~dfsg/main/stasis_channels.c
Examining data/asterisk-16.15.0~dfsg/main/stasis_endpoints.c
Examining data/asterisk-16.15.0~dfsg/main/stasis_message.c
Examining data/asterisk-16.15.0~dfsg/main/stasis_message_router.c
Examining data/asterisk-16.15.0~dfsg/main/stasis_system.c
Examining data/asterisk-16.15.0~dfsg/main/stdtime/localtime.c
Examining data/asterisk-16.15.0~dfsg/main/stdtime/private.h
Examining data/asterisk-16.15.0~dfsg/main/stdtime/test.c
Examining data/asterisk-16.15.0~dfsg/main/stdtime/tzfile.h
Examining data/asterisk-16.15.0~dfsg/main/strcompat.c
Examining data/asterisk-16.15.0~dfsg/main/stream.c
Examining data/asterisk-16.15.0~dfsg/main/stringfields.c
Examining data/asterisk-16.15.0~dfsg/main/strings.c
Examining data/asterisk-16.15.0~dfsg/main/stun.c
Examining data/asterisk-16.15.0~dfsg/main/syslog.c
Examining data/asterisk-16.15.0~dfsg/main/taskprocessor.c
Examining data/asterisk-16.15.0~dfsg/main/tcptls.c
Examining data/asterisk-16.15.0~dfsg/main/tdd.c
Examining data/asterisk-16.15.0~dfsg/main/term.c
Examining data/asterisk-16.15.0~dfsg/main/test.c
Examining data/asterisk-16.15.0~dfsg/main/threadpool.c
Examining data/asterisk-16.15.0~dfsg/main/threadstorage.c
Examining data/asterisk-16.15.0~dfsg/main/timing.c
Examining data/asterisk-16.15.0~dfsg/main/translate.c
Examining data/asterisk-16.15.0~dfsg/main/udptl.c
Examining data/asterisk-16.15.0~dfsg/main/ulaw.c
Examining data/asterisk-16.15.0~dfsg/main/uri.c
Examining data/asterisk-16.15.0~dfsg/main/utf8.c
Examining data/asterisk-16.15.0~dfsg/main/utils.c
Examining data/asterisk-16.15.0~dfsg/main/uuid.c
Examining data/asterisk-16.15.0~dfsg/main/xml.c
Examining data/asterisk-16.15.0~dfsg/main/xmldoc.c
Examining data/asterisk-16.15.0~dfsg/main/codec_builtin.c
Examining data/asterisk-16.15.0~dfsg/main/format_cache.c
Examining data/asterisk-16.15.0~dfsg/main/rtp_engine.c
Examining data/asterisk-16.15.0~dfsg/menuselect/linkedlists.h
Examining data/asterisk-16.15.0~dfsg/menuselect/menuselect.c
Examining data/asterisk-16.15.0~dfsg/menuselect/menuselect.h
Examining data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c
Examining data/asterisk-16.15.0~dfsg/menuselect/menuselect_gtk.c
Examining data/asterisk-16.15.0~dfsg/menuselect/menuselect_newt.c
Examining data/asterisk-16.15.0~dfsg/menuselect/menuselect_stub.c
Examining data/asterisk-16.15.0~dfsg/menuselect/strcompat.c
Examining data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c
Examining data/asterisk-16.15.0~dfsg/pbx/dundi-parser.h
Examining data/asterisk-16.15.0~dfsg/pbx/pbx_ael.c
Examining data/asterisk-16.15.0~dfsg/pbx/pbx_config.c
Examining data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c
Examining data/asterisk-16.15.0~dfsg/pbx/pbx_loopback.c
Examining data/asterisk-16.15.0~dfsg/pbx/pbx_lua.c
Examining data/asterisk-16.15.0~dfsg/pbx/pbx_realtime.c
Examining data/asterisk-16.15.0~dfsg/pbx/pbx_spool.c
Examining data/asterisk-16.15.0~dfsg/res/ael/ael.tab.c
Examining data/asterisk-16.15.0~dfsg/res/ael/ael.tab.h
Examining data/asterisk-16.15.0~dfsg/res/ael/ael_lex.c
Examining data/asterisk-16.15.0~dfsg/res/ael/pval.c
Examining data/asterisk-16.15.0~dfsg/res/ari/ari_model_validators.c
Examining data/asterisk-16.15.0~dfsg/res/ari/ari_model_validators.h
Examining data/asterisk-16.15.0~dfsg/res/ari/ari_websockets.c
Examining data/asterisk-16.15.0~dfsg/res/ari/cli.c
Examining data/asterisk-16.15.0~dfsg/res/ari/config.c
Examining data/asterisk-16.15.0~dfsg/res/ari/internal.h
Examining data/asterisk-16.15.0~dfsg/res/ari/resource_applications.c
Examining data/asterisk-16.15.0~dfsg/res/ari/resource_applications.h
Examining data/asterisk-16.15.0~dfsg/res/ari/resource_asterisk.c
Examining data/asterisk-16.15.0~dfsg/res/ari/resource_asterisk.h
Examining data/asterisk-16.15.0~dfsg/res/ari/resource_bridges.c
Examining data/asterisk-16.15.0~dfsg/res/ari/resource_bridges.h
Examining data/asterisk-16.15.0~dfsg/res/ari/resource_channels.c
Examining data/asterisk-16.15.0~dfsg/res/ari/resource_channels.h
Examining data/asterisk-16.15.0~dfsg/res/ari/resource_device_states.c
Examining data/asterisk-16.15.0~dfsg/res/ari/resource_device_states.h
Examining data/asterisk-16.15.0~dfsg/res/ari/resource_endpoints.c
Examining data/asterisk-16.15.0~dfsg/res/ari/resource_endpoints.h
Examining data/asterisk-16.15.0~dfsg/res/ari/resource_events.c
Examining data/asterisk-16.15.0~dfsg/res/ari/resource_events.h
Examining data/asterisk-16.15.0~dfsg/res/ari/resource_mailboxes.c
Examining data/asterisk-16.15.0~dfsg/res/ari/resource_mailboxes.h
Examining data/asterisk-16.15.0~dfsg/res/ari/resource_playbacks.c
Examining data/asterisk-16.15.0~dfsg/res/ari/resource_playbacks.h
Examining data/asterisk-16.15.0~dfsg/res/ari/resource_recordings.c
Examining data/asterisk-16.15.0~dfsg/res/ari/resource_recordings.h
Examining data/asterisk-16.15.0~dfsg/res/ari/resource_sounds.c
Examining data/asterisk-16.15.0~dfsg/res/ari/resource_sounds.h
Examining data/asterisk-16.15.0~dfsg/res/parking/parking_applications.c
Examining data/asterisk-16.15.0~dfsg/res/parking/parking_bridge.c
Examining data/asterisk-16.15.0~dfsg/res/parking/parking_bridge_features.c
Examining data/asterisk-16.15.0~dfsg/res/parking/parking_controller.c
Examining data/asterisk-16.15.0~dfsg/res/parking/parking_devicestate.c
Examining data/asterisk-16.15.0~dfsg/res/parking/parking_manager.c
Examining data/asterisk-16.15.0~dfsg/res/parking/parking_tests.c
Examining data/asterisk-16.15.0~dfsg/res/parking/parking_ui.c
Examining data/asterisk-16.15.0~dfsg/res/parking/res_parking.h
Examining data/asterisk-16.15.0~dfsg/res/res_adsi.c
Examining data/asterisk-16.15.0~dfsg/res/res_ael_share.c
Examining data/asterisk-16.15.0~dfsg/res/res_agi.c
Examining data/asterisk-16.15.0~dfsg/res/res_ari.c
Examining data/asterisk-16.15.0~dfsg/res/res_ari_applications.c
Examining data/asterisk-16.15.0~dfsg/res/res_ari_asterisk.c
Examining data/asterisk-16.15.0~dfsg/res/res_ari_bridges.c
Examining data/asterisk-16.15.0~dfsg/res/res_ari_channels.c
Examining data/asterisk-16.15.0~dfsg/res/res_ari_device_states.c
Examining data/asterisk-16.15.0~dfsg/res/res_ari_endpoints.c
Examining data/asterisk-16.15.0~dfsg/res/res_ari_events.c
Examining data/asterisk-16.15.0~dfsg/res/res_ari_mailboxes.c
Examining data/asterisk-16.15.0~dfsg/res/res_ari_model.c
Examining data/asterisk-16.15.0~dfsg/res/res_ari_playbacks.c
Examining data/asterisk-16.15.0~dfsg/res/res_ari_recordings.c
Examining data/asterisk-16.15.0~dfsg/res/res_ari_sounds.c
Examining data/asterisk-16.15.0~dfsg/res/res_calendar.c
Examining data/asterisk-16.15.0~dfsg/res/res_calendar_caldav.c
Examining data/asterisk-16.15.0~dfsg/res/res_calendar_ews.c
Examining data/asterisk-16.15.0~dfsg/res/res_calendar_exchange.c
Examining data/asterisk-16.15.0~dfsg/res/res_calendar_icalendar.c
Examining data/asterisk-16.15.0~dfsg/res/res_chan_stats.c
Examining data/asterisk-16.15.0~dfsg/res/res_clialiases.c
Examining data/asterisk-16.15.0~dfsg/res/res_clioriginate.c
Examining data/asterisk-16.15.0~dfsg/res/res_config_curl.c
Examining data/asterisk-16.15.0~dfsg/res/res_config_ldap.c
Examining data/asterisk-16.15.0~dfsg/res/res_config_odbc.c
Examining data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c
Examining data/asterisk-16.15.0~dfsg/res/res_config_sqlite.c
Examining data/asterisk-16.15.0~dfsg/res/res_config_sqlite3.c
Examining data/asterisk-16.15.0~dfsg/res/res_convert.c
Examining data/asterisk-16.15.0~dfsg/res/res_corosync.c
Examining data/asterisk-16.15.0~dfsg/res/res_crypto.c
Examining data/asterisk-16.15.0~dfsg/res/res_curl.c
Examining data/asterisk-16.15.0~dfsg/res/res_endpoint_stats.c
Examining data/asterisk-16.15.0~dfsg/res/res_fax.c
Examining data/asterisk-16.15.0~dfsg/res/res_fax_spandsp.c
Examining data/asterisk-16.15.0~dfsg/res/res_format_attr_celt.c
Examining data/asterisk-16.15.0~dfsg/res/res_format_attr_g729.c
Examining data/asterisk-16.15.0~dfsg/res/res_format_attr_h263.c
Examining data/asterisk-16.15.0~dfsg/res/res_format_attr_h264.c
Examining data/asterisk-16.15.0~dfsg/res/res_format_attr_ilbc.c
Examining data/asterisk-16.15.0~dfsg/res/res_format_attr_opus.c
Examining data/asterisk-16.15.0~dfsg/res/res_format_attr_silk.c
Examining data/asterisk-16.15.0~dfsg/res/res_format_attr_siren14.c
Examining data/asterisk-16.15.0~dfsg/res/res_format_attr_siren7.c
Examining data/asterisk-16.15.0~dfsg/res/res_format_attr_vp8.c
Examining data/asterisk-16.15.0~dfsg/res/res_hep.c
Examining data/asterisk-16.15.0~dfsg/res/res_hep_pjsip.c
Examining data/asterisk-16.15.0~dfsg/res/res_hep_rtcp.c
Examining data/asterisk-16.15.0~dfsg/res/res_http_media_cache.c
Examining data/asterisk-16.15.0~dfsg/res/res_http_post.c
Examining data/asterisk-16.15.0~dfsg/res/res_http_websocket.c
Examining data/asterisk-16.15.0~dfsg/res/res_limit.c
Examining data/asterisk-16.15.0~dfsg/res/res_manager_devicestate.c
Examining data/asterisk-16.15.0~dfsg/res/res_manager_presencestate.c
Examining data/asterisk-16.15.0~dfsg/res/res_monitor.c
Examining data/asterisk-16.15.0~dfsg/res/res_musiconhold.c
Examining data/asterisk-16.15.0~dfsg/res/res_mutestream.c
Examining data/asterisk-16.15.0~dfsg/res/res_mwi_devstate.c
Examining data/asterisk-16.15.0~dfsg/res/res_mwi_external.c
Examining data/asterisk-16.15.0~dfsg/res/res_mwi_external_ami.c
Examining data/asterisk-16.15.0~dfsg/res/res_odbc.c
Examining data/asterisk-16.15.0~dfsg/res/res_odbc_transaction.c
Examining data/asterisk-16.15.0~dfsg/res/res_parking.c
Examining data/asterisk-16.15.0~dfsg/res/res_phoneprov.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjproject.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip/config_auth.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip/config_domain_aliases.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip/config_global.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip/config_system.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip/config_transport.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip/include/res_pjsip_private.h
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip/location.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_cli.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_configuration.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_distributor.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_global_headers.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_message_filter.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_options.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_resolver.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_scheduler.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_session.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_transport_events.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_transport_management.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip/presence_xml.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip/security_events.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_acl.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_authenticator_digest.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_caller_id.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_config_wizard.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_dialog_info_body_generator.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_diversion.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_dlg_options.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_dtmf_info.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_empty_info.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_endpoint_identifier_anonymous.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_endpoint_identifier_ip.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_endpoint_identifier_user.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_exten_state.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_header_funcs.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_history.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_logger.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_messaging.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_mwi.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_mwi_body_generator.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_nat.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_notify.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_one_touch_record_info.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_outbound_authenticator_digest.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_outbound_publish.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_outbound_registration.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_path.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_phoneprov_provider.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_pidf_body_generator.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_pidf_digium_body_supplement.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_pidf_eyebeam_body_supplement.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_publish_asterisk.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_refer.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_registrar.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_rfc3326.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_sdp_rtp.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_send_to_voicemail.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_session.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_sips_contact.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_stir_shaken.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_t38.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_transport_websocket.c
Examining data/asterisk-16.15.0~dfsg/res/res_pjsip_xpidf_body_generator.c
Examining data/asterisk-16.15.0~dfsg/res/res_pktccops.c
Examining data/asterisk-16.15.0~dfsg/res/res_realtime.c
Examining data/asterisk-16.15.0~dfsg/res/res_remb_modifier.c
Examining data/asterisk-16.15.0~dfsg/res/res_resolver_unbound.c
Examining data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c
Examining data/asterisk-16.15.0~dfsg/res/res_rtp_multicast.c
Examining data/asterisk-16.15.0~dfsg/res/res_security_log.c
Examining data/asterisk-16.15.0~dfsg/res/res_smdi.c
Examining data/asterisk-16.15.0~dfsg/res/res_snmp.c
Examining data/asterisk-16.15.0~dfsg/res/res_sorcery_astdb.c
Examining data/asterisk-16.15.0~dfsg/res/res_sorcery_config.c
Examining data/asterisk-16.15.0~dfsg/res/res_sorcery_memory.c
Examining data/asterisk-16.15.0~dfsg/res/res_sorcery_memory_cache.c
Examining data/asterisk-16.15.0~dfsg/res/res_sorcery_realtime.c
Examining data/asterisk-16.15.0~dfsg/res/res_speech.c
Examining data/asterisk-16.15.0~dfsg/res/res_srtp.c
Examining data/asterisk-16.15.0~dfsg/res/res_stasis.c
Examining data/asterisk-16.15.0~dfsg/res/res_stasis_answer.c
Examining data/asterisk-16.15.0~dfsg/res/res_stasis_device_state.c
Examining data/asterisk-16.15.0~dfsg/res/res_stasis_mailbox.c
Examining data/asterisk-16.15.0~dfsg/res/res_stasis_playback.c
Examining data/asterisk-16.15.0~dfsg/res/res_stasis_recording.c
Examining data/asterisk-16.15.0~dfsg/res/res_stasis_snoop.c
Examining data/asterisk-16.15.0~dfsg/res/res_stasis_test.c
Examining data/asterisk-16.15.0~dfsg/res/res_statsd.c
Examining data/asterisk-16.15.0~dfsg/res/res_stir_shaken.c
Examining data/asterisk-16.15.0~dfsg/res/res_stir_shaken/certificate.c
Examining data/asterisk-16.15.0~dfsg/res/res_stir_shaken/certificate.h
Examining data/asterisk-16.15.0~dfsg/res/res_stir_shaken/curl.c
Examining data/asterisk-16.15.0~dfsg/res/res_stir_shaken/curl.h
Examining data/asterisk-16.15.0~dfsg/res/res_stir_shaken/general.c
Examining data/asterisk-16.15.0~dfsg/res/res_stir_shaken/general.h
Examining data/asterisk-16.15.0~dfsg/res/res_stir_shaken/stir_shaken.c
Examining data/asterisk-16.15.0~dfsg/res/res_stir_shaken/stir_shaken.h
Examining data/asterisk-16.15.0~dfsg/res/res_stir_shaken/store.c
Examining data/asterisk-16.15.0~dfsg/res/res_stir_shaken/store.h
Examining data/asterisk-16.15.0~dfsg/res/res_stun_monitor.c
Examining data/asterisk-16.15.0~dfsg/res/res_timing_dahdi.c
Examining data/asterisk-16.15.0~dfsg/res/res_timing_kqueue.c
Examining data/asterisk-16.15.0~dfsg/res/res_timing_pthread.c
Examining data/asterisk-16.15.0~dfsg/res/res_timing_timerfd.c
Examining data/asterisk-16.15.0~dfsg/res/res_xmpp.c
Examining data/asterisk-16.15.0~dfsg/res/snmp/agent.c
Examining data/asterisk-16.15.0~dfsg/res/snmp/agent.h
Examining data/asterisk-16.15.0~dfsg/res/srtp/srtp_compat.h
Examining data/asterisk-16.15.0~dfsg/res/stasis/app.c
Examining data/asterisk-16.15.0~dfsg/res/stasis/app.h
Examining data/asterisk-16.15.0~dfsg/res/stasis/command.c
Examining data/asterisk-16.15.0~dfsg/res/stasis/command.h
Examining data/asterisk-16.15.0~dfsg/res/stasis/control.c
Examining data/asterisk-16.15.0~dfsg/res/stasis/control.h
Examining data/asterisk-16.15.0~dfsg/res/stasis/messaging.c
Examining data/asterisk-16.15.0~dfsg/res/stasis/messaging.h
Examining data/asterisk-16.15.0~dfsg/res/stasis/stasis_bridge.c
Examining data/asterisk-16.15.0~dfsg/res/stasis/stasis_bridge.h
Examining data/asterisk-16.15.0~dfsg/res/stasis_recording/stored.c
Examining data/asterisk-16.15.0~dfsg/res/res_format_attr_amr.c
Examining data/asterisk-16.15.0~dfsg/tests/test_abstract_jb.c
Examining data/asterisk-16.15.0~dfsg/tests/test_acl.c
Examining data/asterisk-16.15.0~dfsg/tests/test_amihooks.c
Examining data/asterisk-16.15.0~dfsg/tests/test_aoc.c
Examining data/asterisk-16.15.0~dfsg/tests/test_app.c
Examining data/asterisk-16.15.0~dfsg/tests/test_ari.c
Examining data/asterisk-16.15.0~dfsg/tests/test_ari_model.c
Examining data/asterisk-16.15.0~dfsg/tests/test_ast_format_str_reduce.c
Examining data/asterisk-16.15.0~dfsg/tests/test_astobj2.c
Examining data/asterisk-16.15.0~dfsg/tests/test_astobj2_thrash.c
Examining data/asterisk-16.15.0~dfsg/tests/test_astobj2_weaken.c
Examining data/asterisk-16.15.0~dfsg/tests/test_bridging.c
Examining data/asterisk-16.15.0~dfsg/tests/test_bucket.c
Examining data/asterisk-16.15.0~dfsg/tests/test_callerid.c
Examining data/asterisk-16.15.0~dfsg/tests/test_cdr.c
Examining data/asterisk-16.15.0~dfsg/tests/test_cel.c
Examining data/asterisk-16.15.0~dfsg/tests/test_channel.c
Examining data/asterisk-16.15.0~dfsg/tests/test_channel_feature_hooks.c
Examining data/asterisk-16.15.0~dfsg/tests/test_config.c
Examining data/asterisk-16.15.0~dfsg/tests/test_conversions.c
Examining data/asterisk-16.15.0~dfsg/tests/test_core_codec.c
Examining data/asterisk-16.15.0~dfsg/tests/test_core_format.c
Examining data/asterisk-16.15.0~dfsg/tests/test_data_buffer.c
Examining data/asterisk-16.15.0~dfsg/tests/test_db.c
Examining data/asterisk-16.15.0~dfsg/tests/test_devicestate.c
Examining data/asterisk-16.15.0~dfsg/tests/test_dlinklists.c
Examining data/asterisk-16.15.0~dfsg/tests/test_dns.c
Examining data/asterisk-16.15.0~dfsg/tests/test_dns_naptr.c
Examining data/asterisk-16.15.0~dfsg/tests/test_dns_query_set.c
Examining data/asterisk-16.15.0~dfsg/tests/test_dns_recurring.c
Examining data/asterisk-16.15.0~dfsg/tests/test_dns_srv.c
Examining data/asterisk-16.15.0~dfsg/tests/test_endpoints.c
Examining data/asterisk-16.15.0~dfsg/tests/test_event.c
Examining data/asterisk-16.15.0~dfsg/tests/test_expr.c
Examining data/asterisk-16.15.0~dfsg/tests/test_file.c
Examining data/asterisk-16.15.0~dfsg/tests/test_format_cache.c
Examining data/asterisk-16.15.0~dfsg/tests/test_format_cap.c
Examining data/asterisk-16.15.0~dfsg/tests/test_func_file.c
Examining data/asterisk-16.15.0~dfsg/tests/test_gosub.c
Examining data/asterisk-16.15.0~dfsg/tests/test_hashtab_thrash.c
Examining data/asterisk-16.15.0~dfsg/tests/test_heap.c
Examining data/asterisk-16.15.0~dfsg/tests/test_http_media_cache.c
Examining data/asterisk-16.15.0~dfsg/tests/test_jitterbuf.c
Examining data/asterisk-16.15.0~dfsg/tests/test_json.c
Examining data/asterisk-16.15.0~dfsg/tests/test_linkedlists.c
Examining data/asterisk-16.15.0~dfsg/tests/test_locale.c
Examining data/asterisk-16.15.0~dfsg/tests/test_logger.c
Examining data/asterisk-16.15.0~dfsg/tests/test_media_cache.c
Examining data/asterisk-16.15.0~dfsg/tests/test_message.c
Examining data/asterisk-16.15.0~dfsg/tests/test_named_lock.c
Examining data/asterisk-16.15.0~dfsg/tests/test_netsock2.c
Examining data/asterisk-16.15.0~dfsg/tests/test_optional_api.c
Examining data/asterisk-16.15.0~dfsg/tests/test_pbx.c
Examining data/asterisk-16.15.0~dfsg/tests/test_poll.c
Examining data/asterisk-16.15.0~dfsg/tests/test_res_pjsip_scheduler.c
Examining data/asterisk-16.15.0~dfsg/tests/test_res_rtp.c
Examining data/asterisk-16.15.0~dfsg/tests/test_res_stasis.c
Examining data/asterisk-16.15.0~dfsg/tests/test_sched.c
Examining data/asterisk-16.15.0~dfsg/tests/test_scope_trace.c
Examining data/asterisk-16.15.0~dfsg/tests/test_scoped_lock.c
Examining data/asterisk-16.15.0~dfsg/tests/test_security_events.c
Examining data/asterisk-16.15.0~dfsg/tests/test_skel.c
Examining data/asterisk-16.15.0~dfsg/tests/test_sorcery.c
Examining data/asterisk-16.15.0~dfsg/tests/test_sorcery_astdb.c
Examining data/asterisk-16.15.0~dfsg/tests/test_sorcery_memory_cache_thrash.c
Examining data/asterisk-16.15.0~dfsg/tests/test_sorcery_realtime.c
Examining data/asterisk-16.15.0~dfsg/tests/test_stasis.c
Examining data/asterisk-16.15.0~dfsg/tests/test_stasis_channels.c
Examining data/asterisk-16.15.0~dfsg/tests/test_stasis_endpoints.c
Examining data/asterisk-16.15.0~dfsg/tests/test_stream.c
Examining data/asterisk-16.15.0~dfsg/tests/test_stringfields.c
Examining data/asterisk-16.15.0~dfsg/tests/test_strings.c
Examining data/asterisk-16.15.0~dfsg/tests/test_substitution.c
Examining data/asterisk-16.15.0~dfsg/tests/test_taskprocessor.c
Examining data/asterisk-16.15.0~dfsg/tests/test_threadpool.c
Examining data/asterisk-16.15.0~dfsg/tests/test_time.c
Examining data/asterisk-16.15.0~dfsg/tests/test_uri.c
Examining data/asterisk-16.15.0~dfsg/tests/test_utils.c
Examining data/asterisk-16.15.0~dfsg/tests/test_uuid.c
Examining data/asterisk-16.15.0~dfsg/tests/test_vector.c
Examining data/asterisk-16.15.0~dfsg/tests/test_voicemail_api.c
Examining data/asterisk-16.15.0~dfsg/tests/test_websocket_client.c
Examining data/asterisk-16.15.0~dfsg/tests/test_xml_escape.c
Examining data/asterisk-16.15.0~dfsg/third-party/pjproject/patches/asterisk_malloc_debug.c
Examining data/asterisk-16.15.0~dfsg/third-party/pjproject/patches/asterisk_malloc_debug.h
Examining data/asterisk-16.15.0~dfsg/third-party/pjproject/patches/config_site.h
Examining data/asterisk-16.15.0~dfsg/utils/ael_main.c
Examining data/asterisk-16.15.0~dfsg/utils/astcanary.c
Examining data/asterisk-16.15.0~dfsg/utils/astdb2bdb.c
Examining data/asterisk-16.15.0~dfsg/utils/astdb2sqlite3.c
Examining data/asterisk-16.15.0~dfsg/utils/astman.c
Examining data/asterisk-16.15.0~dfsg/utils/check_expr.c
Examining data/asterisk-16.15.0~dfsg/utils/clicompat.c
Examining data/asterisk-16.15.0~dfsg/utils/conf2ael.c
Examining data/asterisk-16.15.0~dfsg/utils/conf_bridge_binaural_hrir_importer.c
Examining data/asterisk-16.15.0~dfsg/utils/conf_bridge_binaural_hrir_importer.h
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/btree/bt_close.c
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/btree/bt_conv.c
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/btree/bt_debug.c
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/btree/bt_delete.c
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/btree/bt_get.c
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/btree/bt_open.c
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/btree/bt_overflow.c
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/btree/bt_page.c
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/btree/bt_put.c
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/btree/bt_search.c
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/btree/bt_seq.c
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/btree/bt_split.c
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/btree/bt_utils.c
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/btree/btree.h
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/btree/extern.h
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/db/db.c
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/hash/extern.h
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/hash/hash.c
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/hash/hash.h
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/hash/hash_bigkey.c
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/hash/hash_buf.c
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/hash/hash_func.c
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/hash/hash_log2.c
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/hash/hash_page.c
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/hash/hsearch.c
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/hash/ndbm.c
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/hash/page.h
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/hash/search.h
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/include/circ-queue.h
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/include/compat.h
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/include/db.h
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/include/mpool.h
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/include/ndbm.h
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/mpool/mpool.c
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/recno/extern.h
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/recno/rec_close.c
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/recno/rec_delete.c
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/recno/rec_get.c
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/recno/rec_open.c
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/recno/rec_put.c
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/recno/rec_search.c
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/recno/rec_seq.c
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/recno/rec_utils.c
Examining data/asterisk-16.15.0~dfsg/utils/db1-ast/recno/recno.h
Examining data/asterisk-16.15.0~dfsg/utils/extconf.c
Examining data/asterisk-16.15.0~dfsg/utils/frame.c
Examining data/asterisk-16.15.0~dfsg/utils/frame.h
Examining data/asterisk-16.15.0~dfsg/utils/muted.c
Examining data/asterisk-16.15.0~dfsg/utils/smsq.c
Examining data/asterisk-16.15.0~dfsg/utils/stereorize.c
Examining data/asterisk-16.15.0~dfsg/utils/streamplayer.c

FINAL RESULTS:

data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:2020:2:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
	chmod(template, VOICEMAIL_FILE_MODE & ~my_umask);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6476:3:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
		chmod(tmptxtfile, VOICEMAIL_FILE_MODE & ~my_umask);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6634:6:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
	if (chmod(desttxtfile, VOICEMAIL_FILE_MODE) < 0) {
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7015:3:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
		chmod(tmptxtfile, VOICEMAIL_FILE_MODE & ~my_umask);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7161:10:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
					if (chmod(txtfile, VOICEMAIL_FILE_MODE) < 0)
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8081:4:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
			strncat(textfile, ".txt", sizeof(textfile) - 1);
data/asterisk-16.15.0~dfsg/main/asterisk.c:1624:6:  [5] (race) chown:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchown( ) instead.
	if (chown(ast_config_AST_SOCKET, uid, gid) < 0)
data/asterisk-16.15.0~dfsg/main/asterisk.c:1632:8:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
		if ((chmod(ast_config_AST_SOCKET, p)) < 0)
data/asterisk-16.15.0~dfsg/main/asterisk.c:3781:25:  [5] (race) chown:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchown( ) instead.
		if (!rundir_exists && chown(ast_config_AST_RUN_DIR, -1, gr->gr_gid)) {
data/asterisk-16.15.0~dfsg/main/asterisk.c:3804:7:  [5] (race) chown:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchown( ) instead.
		if (chown(ast_config_AST_RUN_DIR, pw->pw_uid, -1)) {
data/asterisk-16.15.0~dfsg/main/stdtime/localtime.c:437:7:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
		if (readlink(path, fullpath, sizeof(fullpath) - 1) != -1) {
data/asterisk-16.15.0~dfsg/main/stdtime/localtime.c:625:6:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
	if (readlink(path, watchdir, sizeof(watchdir) - 1) != -1 && (sp->fds = open(path, O_RDONLY | O_SYMLINK
data/asterisk-16.15.0~dfsg/main/stdtime/localtime.c:643:6:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
	if (readlink(path, watchdir, sizeof(watchdir) - 1) != -1) {
data/asterisk-16.15.0~dfsg/tests/test_voicemail_api.c:521:6:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
	if (chmod(msg_path, VOICEMAIL_FILE_MODE) < 0) {
data/asterisk-16.15.0~dfsg/addons/app_mysql.c:308:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(var, "MYSQL_%s", args.variable);
data/asterisk-16.15.0~dfsg/addons/cdr_mysql.c:565:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(entry->name, row[0]);
data/asterisk-16.15.0~dfsg/addons/cdr_mysql.c:569:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(entry->cdrname, cdrvar);
data/asterisk-16.15.0~dfsg/addons/cdr_mysql.c:576:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(entry->staticvalue, staticvalue);
data/asterisk-16.15.0~dfsg/addons/cdr_mysql.c:582:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(entry->type, row[1]);
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:2862:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(gCallerID, DEFAULT_H323ID);
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:2877:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(gAccountcode, DEFAULT_H323ACCNT);
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:2881:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(gContext, DEFAULT_CONTEXT);
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:3225:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(ip_port, "%s:%d", peer->ip, peer->port);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/errmgmt.c:94:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (tmpstr, errprm_p);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/errmgmt.c:164:19:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                  strcpy (&bufp[j], pErrInfo->parms[pcnt]);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/errmgmt.c:197:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
   sprintf (lbuf, "%s\nStack trace:", errFmtMsg (&pctxt->errInfo, lbuf));
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/errmgmt.c:198:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
   strcat(pBuf, lbuf);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/errmgmt.c:202:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf (lbuf, "  Module: %s, Line %d\n",
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/errmgmt.c:205:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(pBuf, lbuf);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCalls.c:73:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
   sprintf(call->callToken, "%s", callToken);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCalls.c:74:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
   sprintf(call->callType, "%s", type);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCalls.c:129:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(call->callingPartyNumber, gH323ep.callingPartyNumber);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCalls.c:145:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy(call->localIP, gH323ep.signallingIP);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCalls.c:405:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
     strcpy(call->callingPartyNumber, number);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCalls.c:427:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
         strcpy(buffer, call->callingPartyNumber);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCalls.c:444:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
     strcpy(call->calledPartyNumber, number);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCalls.c:461:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
         strcpy(buffer, call->calledPartyNumber);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCalls.c:498:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy(psNewAlias->value, value);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c:73:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(pGkClient->localRASIP, szRasAddr);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c:75:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(pGkClient->localRASIP, gH323ep.signallingIP);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c:97:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
         strcpy(pGkClient->localRASIP, cur->addr);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c:240:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
         strcpy(pGkClient->gkRasIP, szGkAddr);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c:2005:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(pCallAdmInfo->call->remoteIP, ip);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooLogChan.c:50:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy(pNewChannel->dir, dir);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooLogChan.c:87:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
         strcpy(pNewChannel->localIP, call->localIP);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooLogChan.c:89:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
         strcpy(pNewChannel->localIP, pMediaInfo->lMediaIP);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooLogChan.c:103:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(pNewChannel->localIP, call->localIP);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooSocket.c:350:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(ip, host);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooSocket.c:494:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
         strcpy(remotehost, host);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooSocket.c:553:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(pIPAddrs, (inet_ntop(AF_INET6, &i,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooSocket.c:559:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			  	strcpy(pIPAddrs, (ast_inet_ntoa(i) == NULL) ? "127.0.0.1" : ast_inet_ntoa(i));
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooSocket.c:705:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
         strcpy(ifReq.ifr_name, ifName->ifr_name);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooSocket.c:706:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
         strcpy(pName, ifName->ifr_name);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooSocket.c:735:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	 strcpy(addr, ast_inet_ntoa(sin.sin_addr));
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooSocket.c:746:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
         strcpy(pIf->addr, addr);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooSocket.c:759:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	 strcpy(mask, ast_inet_ntoa(sin.sin_addr));
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooSocket.c:771:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
         strcpy(pIf->mask, mask);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:43:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (callToken, aCallToken);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:87:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy((char*)cmd.param1, dest);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:97:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy((char*)cmd.param2, callToken);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:157:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy((char*)cmd.param1, dest);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:168:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy((char*)cmd.param2, callToken);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:231:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy((char*)cmd.param1, callToken);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:275:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy((char*)cmd.param1, callToken);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:317:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy((char*)cmd.param1, callToken);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:361:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy((char*)cmd.param1, callToken);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:363:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy((char*)cmd.param2, dest);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:412:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy((char*)cmd.param1, callToken);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:484:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy((char*)cmd.param1, callToken);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:486:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy((char*)cmd.param2, dtmf);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:532:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy((char*)cmd.param1, callToken);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:534:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy((char*)cmd.param2, ani);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:590:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy((char*)cmd.param1, callToken);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:592:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy((char*)cmd.param2, localIP);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:642:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy((char*)cmd.param1, callToken);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh245.c:1968:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy(pLogicalChannel->remoteIP, remoteip);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh245.c:2303:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
         strcpy(pMediaInfo->lMediaIP, lIP);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh245.c:3551:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy(*(char**)&indication->u.userInput->u.alphanumeric, data);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh245.c:3614:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy(*(char**)&indication->u.userInput->u.signal->signalType, data);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:436:22:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                     strcpy(call->callingPartyNumber, pAlias->value);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:466:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                    strcpy(call->calledPartyNumber, pAlias->value);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:2382:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(*(char**)&pPrefixEntry->prefix.u.dialedDigits, pAlias->value);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:2440:14:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
             strcpy(*(char**)&pAliasEntry->u.dialedDigits, pAlias->value);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:2469:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(*(char**)&pAliasEntry->u.url_ID, pAlias->value);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:2482:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(*(char**)&pAliasEntry->u.email_ID, pAlias->value);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:2561:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(newAlias->value, pAliasAddress->u.dialedDigits);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:2582:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(newAlias->value, pAliasAddress->u.url_ID);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:2616:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(newAlias->value, pAliasAddress->u.email_ID);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323ep.c:53:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(gH323ep.traceFile, tracefile);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323ep.c:56:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(gH323ep.traceFile, DEFAULT_TRACEFILE);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323ep.c:164:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(gH323ep.signallingIP, localip);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323ep.c:195:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy(psNewAlias->value, h323id);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323ep.c:222:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy(psNewAlias->value, dialedDigits);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323ep.c:248:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy(psNewAlias->value, url);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323ep.c:274:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy(psNewAlias->value, email);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323ep.c:301:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy(psNewAlias->value, ipaddress);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323ep.c:490:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (pstr, productID);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323ep.c:503:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (pstr, versionID);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323ep.c:516:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (pstr, callerID);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:437:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (callToken, aCallToken);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:1216:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(pChannel->remoteIP, remoteMediaControlIP);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:1236:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(pChannel->remoteIP, remoteMediaIP);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:2433:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(fwdedCall->remoteIP, call->pCallFwdData->ip);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:2455:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
         strcpy(pNewAlias->value, alias->value);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:2581:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(call->remoteIP, ip);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:2590:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy(callToken, call->callToken);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:2766:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
         strcpy(call->calledPartyNumber, pAlias->value);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:3332:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(call->pCallFwdData->ip, ip);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:3983:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(parsedIP, buf);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:3995:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(parsedIP, ast_sockaddr_stringify_addr(&tmpaddr));
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:3997:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(parsedIP, ast_sockaddr_stringify_port(&tmpaddr));
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:4054:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(psNewAlias->value, alias);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:4081:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
         strcpy(psNewAlias->value, alias);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:4117:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(psNewAlias->value, alias);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:4148:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy(psNewAlias->value, alias);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ootrace.c:42:84:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
void ooTrace(OOUINT32 traceLevel, const char * fmtspec, ...) __attribute__((format(printf, 2, 3)));
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ootrace.c:50:4:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
   vsprintf(logMessage, fmtspec, arglist);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/printHandler.c:273:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat (&buffer[(i*2)+1], lbuf);
data/asterisk-16.15.0~dfsg/addons/res_config_mysql.c:221:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(table->name, tablename); /* SAFE */
data/asterisk-16.15.0~dfsg/addons/res_config_mysql.c:256:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(column->name, fname);
data/asterisk-16.15.0~dfsg/addons/res_config_mysql.c:257:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(column->type, ftype);
data/asterisk-16.15.0~dfsg/addons/res_config_mysql.c:258:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(column->dflt, fdflt);
data/asterisk-16.15.0~dfsg/addons/res_config_mysql.c:938:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(last, row[0]);
data/asterisk-16.15.0~dfsg/addons/res_config_mysql.c:1227:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(cur->unique_name, catg); /* SAFE */
data/asterisk-16.15.0~dfsg/apps/app_alarmreceiver.c:569:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(signalling_type, "%s", ADEMCO_CONTACT_ID);
data/asterisk-16.15.0~dfsg/apps/app_alarmreceiver.c:573:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(signalling_type, "%s", ADEMCO_EXPRESS_4_1);
data/asterisk-16.15.0~dfsg/apps/app_alarmreceiver.c:578:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(signalling_type, "%s", ADEMCO_EXPRESS_4_2);
data/asterisk-16.15.0~dfsg/apps/app_alarmreceiver.c:583:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(signalling_type, "%s", ADEMCO_HIGH_SPEED);
data/asterisk-16.15.0~dfsg/apps/app_alarmreceiver.c:587:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(signalling_type, "%s", ADEMCO_SUPER_FAST);
data/asterisk-16.15.0~dfsg/apps/app_alarmreceiver.c:634:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(signalling_type, "%s", UNKNOWN_FORMAT);
data/asterisk-16.15.0~dfsg/apps/app_alarmreceiver.c:710:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(signalling_type, "%s", UNKNOWN_FORMAT);
data/asterisk-16.15.0~dfsg/apps/app_bridgewait.c:330:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(bridge_wrapper->name, bridge_name);
data/asterisk-16.15.0~dfsg/apps/app_chanspy.c:888:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(mailbox_id, "%s@%s", mailbox, context); /* Safe */
data/asterisk-16.15.0~dfsg/apps/app_confbridge.c:2121:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(aptd->filename, filename);
data/asterisk-16.15.0~dfsg/apps/app_confbridge.c:2428:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(atd->filename, filename);
data/asterisk-16.15.0~dfsg/apps/app_dahdiras.c:123:2:  [4] (shell) execv:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	execv(PPP_EXEC, argv);
data/asterisk-16.15.0~dfsg/apps/app_dial.c:1193:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(buf, sizeof(buf), "%" PRId64, duration / 1000);
data/asterisk-16.15.0~dfsg/apps/app_dial.c:1197:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(buf, sizeof(buf), "%" PRId64, duration);
data/asterisk-16.15.0~dfsg/apps/app_dial.c:2531:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(cur, tech);
data/asterisk-16.15.0~dfsg/apps/app_dial.c:2534:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(cur, tech);
data/asterisk-16.15.0~dfsg/apps/app_dial.c:2538:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(cur, number);
data/asterisk-16.15.0~dfsg/apps/app_directed_pickup.c:204:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(chkchan, channame);/* Safe */
data/asterisk-16.15.0~dfsg/apps/app_directory.c:293:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(mailbox_id, "%s@%s", ext, context); /* Safe */
data/asterisk-16.15.0~dfsg/apps/app_externalivr.c:387:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(entry->filename, filename);
data/asterisk-16.15.0~dfsg/apps/app_externalivr.c:564:4:  [4] (shell) execv:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
			execv(app_args[0], app_args);
data/asterisk-16.15.0~dfsg/apps/app_festival.c:373:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(&newfestivalcommand[j], "%s", args.text); /* we know it is big enough */
data/asterisk-16.15.0~dfsg/apps/app_followme.c:542:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(copy, var->value); /* safe */
data/asterisk-16.15.0~dfsg/apps/app_ices.c:95:2:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	execl(path_LOCAL "ices2", "ices", filename, SENTINEL);
data/asterisk-16.15.0~dfsg/apps/app_ices.c:96:2:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	execl(path_BIN "ices2", "ices", filename, SENTINEL);
data/asterisk-16.15.0~dfsg/apps/app_ices.c:97:2:  [4] (shell) execlp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	execlp("ices2", "ices", filename, SENTINEL);
data/asterisk-16.15.0~dfsg/apps/app_ices.c:101:2:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	execl(path_LOCAL "ices", "ices", filename, SENTINEL);
data/asterisk-16.15.0~dfsg/apps/app_ices.c:102:2:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	execl(path_BIN "ices", "ices", filename, SENTINEL);
data/asterisk-16.15.0~dfsg/apps/app_ices.c:103:2:  [4] (shell) execlp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	execlp("ices", "ices", filename, SENTINEL);
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2013:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(logbuf, sizeof(logbuf),
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2658:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(varname, var->value); /* safe */
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2896:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(global_mailcmd, SENDMAIL);
data/asterisk-16.15.0~dfsg/apps/app_mixmonitor.c:1020:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(build, "%s/%s", ast_config_AST_MONITOR_DIR, filename);
data/asterisk-16.15.0~dfsg/apps/app_mp3.c:103:6:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	    execl(LOCAL_MPG_123, "mpg123", "-q", "-s", "-b", buffer_size_str, "-f", "8192", "--mono", "-r", sampling_rate_str, "-@", filename, (char *)NULL);
data/asterisk-16.15.0~dfsg/apps/app_mp3.c:105:6:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	    execl(MPG_123, "mpg123", "-q", "-s", "-b", buffer_size_str, "-f", "8192", "--mono", "-r", sampling_rate_str, "-@", filename, (char *)NULL);
data/asterisk-16.15.0~dfsg/apps/app_mp3.c:107:6:  [4] (shell) execlp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	    execlp("mpg123", "mpg123", "-q", "-s", "-b", buffer_size_str, "-f", "8192", "--mono", "-r", sampling_rate_str, "-@", filename, (char *)NULL);
data/asterisk-16.15.0~dfsg/apps/app_mp3.c:113:6:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	    execl(LOCAL_MPG_123, "mpg123", "-q", "-s", "-b", buffer_size_str, "-f", "8192", "--mono", "-r", sampling_rate_str, filename, (char *)NULL);
data/asterisk-16.15.0~dfsg/apps/app_mp3.c:115:6:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	    execl(MPG_123, "mpg123", "-q", "-s", "-b", buffer_size_str, "-f", "8192", "--mono", "-r", sampling_rate_str, filename, (char *)NULL);
data/asterisk-16.15.0~dfsg/apps/app_mp3.c:117:6:  [4] (shell) execlp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	    execlp("mpg123", "mpg123", "-q", "-s", "-b", buffer_size_str, "-f", "8192", "--mono", "-r", sampling_rate_str, filename, (char *)NULL);
data/asterisk-16.15.0~dfsg/apps/app_mp3.c:121:6:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	    execl(LOCAL_MPG_123, "mpg123", "-q", "-z", "-s", "-f", "8192", "--mono", "-r", sampling_rate_str, "-@", filename, (char *)NULL);
data/asterisk-16.15.0~dfsg/apps/app_mp3.c:123:6:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	    execl(MPG_123, "mpg123", "-q", "-z", "-s", "-f", "8192", "--mono", "-r", sampling_rate_str, "-@", filename, (char *)NULL);
data/asterisk-16.15.0~dfsg/apps/app_mp3.c:125:6:  [4] (shell) execlp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	    execlp("mpg123", "mpg123", "-q", "-z", "-s",  "-f", "8192", "--mono", "-r", sampling_rate_str, "-@", filename, (char *)NULL);
data/asterisk-16.15.0~dfsg/apps/app_mp3.c:129:6:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	    execl(MPG_123, "mpg123", "-q", "-s", "-f", "8192", "--mono", "-r", sampling_rate_str, filename, (char *)NULL);
data/asterisk-16.15.0~dfsg/apps/app_mp3.c:131:6:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	    execl(LOCAL_MPG_123, "mpg123", "-q", "-s", "-f", "8192", "--mono", "-r", sampling_rate_str, filename, (char *)NULL);
data/asterisk-16.15.0~dfsg/apps/app_mp3.c:133:6:  [4] (shell) execlp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	    execlp("mpg123", "mpg123", "-q", "-s", "-f", "8192", "--mono", "-r", sampling_rate_str, filename, (char *)NULL);
data/asterisk-16.15.0~dfsg/apps/app_nbscat.c:90:2:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	execl(NBSCAT, "nbscat8k", "-d", (char *)NULL);
data/asterisk-16.15.0~dfsg/apps/app_nbscat.c:91:2:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	execl(LOCAL_NBSCAT, "nbscat8k", "-d", (char *)NULL);
data/asterisk-16.15.0~dfsg/apps/app_playback.c:263:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(fn2, ast_skip_blanks(p+1));	/* make a full copy */
data/asterisk-16.15.0~dfsg/apps/app_playback.c:275:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(fn2, fn); /* copy everything */
data/asterisk-16.15.0~dfsg/apps/app_playback.c:278:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(fn2 + l, data);
data/asterisk-16.15.0~dfsg/apps/app_stack.c:289:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(local_buffer, "LOCAL(%s)", var);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1520:4:  [4] (shell) execv:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
			execv(arg.v[0], arg.v);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1895:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
						sprintf(new, "%s", newpassword);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1898:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
						sprintf(new, "%s%s", newpassword, value);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1939:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
					sprintf(new, "%s", newpassword);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:2316:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(copy, attachment); /* safe */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5229:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf(p, "Date: %s" ENDL, date);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5247:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
					fprintf(p, "%s %s" ENDL, first_line ? "From:" : "", ast_str_buffer(str2));
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5252:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
				fprintf(p, "%s %s <%s>" ENDL, first_line ? "From:" : "", ast_str_buffer(str2), who);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5254:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
				fprintf(p, "From: %s <%s>" ENDL, ast_str_quote(&str2, 0, ast_str_buffer(str1)), who);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5261:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(p, "From: Asterisk PBX <%s>" ENDL, who);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5274:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
				fprintf(p, " %s" ENDL, ast_str_buffer(str2));
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5278:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf(p, " %s <%s>%s" ENDL, ast_str_buffer(str2), email, next ? "," : "");
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5280:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf(p, " %s <%s>%s" ENDL, ast_str_quote(&str2, 0, vmu->fullname), email, next ? "," : "");
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5286:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(p, "Subject: New greeting '%s' on %s." ENDL, greeting_attachment, date);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5299:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
					fprintf(p, "%s %s" ENDL, first_line ? "Subject:" : "", ast_str_buffer(str2));
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5304:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
				fprintf(p, "%s %s" ENDL, first_line ? "Subject:" : "", ast_str_buffer(str2));
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5306:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
				fprintf(p, "Subject: %s" ENDL, ast_str_buffer(str1));
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5314:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf(p, "Subject: New message %d in mailbox %s" ENDL, msgnum + 1, mailbox);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5316:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf(p, "Subject: New %s message %d in mailbox %s" ENDL, flag, msgnum + 1, mailbox);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5320:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf(p, "Subject: [PBX]: New message %d in mailbox %s" ENDL, msgnum + 1, mailbox);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5322:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf(p, "Subject: [PBX]: New %s message %d in mailbox %s" ENDL, flag, msgnum + 1, mailbox);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5326:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf(p, "Message-ID: <Asterisk-%d-%u-%s-%d@%s>" ENDL, msgnum + 1,
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5330:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(p, "X-Asterisk-VM-Message-Num: %d" ENDL, msgnum + 1);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5332:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(p, "X-Asterisk-VM-Server-Name: %s" ENDL, fromstring);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5333:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(p, "X-Asterisk-VM-Context: %s" ENDL, context);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5335:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(p, "X-Asterisk-VM-Extension: %s" ENDL, (!ast_strlen_zero(vmu->imapvmshareid) ? vmu->imapvmshareid : mailbox));
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5337:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(p, "X-Asterisk-VM-Extension: %s" ENDL, mailbox);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5340:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(p, "X-Asterisk-VM-Flag: %s" ENDL, S_OR(flag, ""));
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5341:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(p, "X-Asterisk-VM-Priority: %d" ENDL, chan ? ast_channel_priority(chan) : 0);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5342:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(p, "X-Asterisk-VM-Caller-ID-Num: %s" ENDL, enc_cidnum);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5343:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(p, "X-Asterisk-VM-Caller-ID-Name: %s" ENDL, enc_cidname);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5344:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(p, "X-Asterisk-VM-Duration: %d" ENDL, duration);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5346:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf(p, "X-Asterisk-VM-Category: %s" ENDL, category);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5348:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf(p, "X-Asterisk-VM-Category: " ENDL);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5350:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(p, "X-Asterisk-VM-Message-Type: %s" ENDL, msgnum > -1 ? "Message" : greeting_attachment);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5351:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(p, "X-Asterisk-VM-Orig-date: %s" ENDL, date);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5352:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(p, "X-Asterisk-VM-Orig-time: %ld" ENDL, (long) time(NULL));
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5353:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(p, "X-Asterisk-VM-Message-ID: %s" ENDL, msg_id);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5356:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(p, "X-Asterisk-CallerID: %s" ENDL, enc_cidnum);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5359:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(p, "X-Asterisk-CallerIDName: %s" ENDL, enc_cidname);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5361:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf(p, "MIME-Version: 1.0" ENDL);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5367:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(p, "Content-Type: multipart/mixed; boundary=\"%s\"" ENDL, bound);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5368:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(p, ENDL ENDL "This is a multi-part message in MIME format." ENDL ENDL);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5369:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(p, "--%s" ENDL, bound);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5371:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf(p, "Content-Type: text/plain; charset=%s" ENDL "Content-Transfer-Encoding: 8bit" ENDL ENDL, charset);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5373:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(p, "This message is to let you know that your greeting '%s' was changed on %s." ENDL
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5391:7:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
						fprintf(p, "%s" ENDL, line);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5396:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf(p, "%s" ENDL, ast_str_buffer(str1));
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5429:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
				fprintf(p, "Dear %s:" ENDL ENDL "\tJust wanted to let you know you were just forwarded"
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5441:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf(p, "Dear %s:" ENDL ENDL "\tJust wanted to let you know you were just left a "
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5577:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf(p, "--%s" ENDL, bound);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5579:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(p, "Content-Type: %s%s; name=\"%s\"" ENDL, mime_type, format, filename);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5581:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(p, "Content-Type: %s%s; name=\"%s.%s\"" ENDL, mime_type, format, greeting_attachment, format);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5582:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf(p, "Content-Transfer-Encoding: base64" ENDL);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5583:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf(p, "Content-Description: Voicemail sound attachment." ENDL);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5585:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(p, "Content-Disposition: attachment; filename=\"%s\"" ENDL ENDL, filename);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5587:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(p, "Content-Disposition: attachment; filename=\"%s.%s\"" ENDL ENDL, greeting_attachment, format);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5590:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(p, ENDL ENDL "--%s--" ENDL "." ENDL, bound);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5711:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
					fprintf(p, "%s %s" ENDL, first_line ? "From:" : "", ast_str_buffer(str2));
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5716:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
				fprintf(p, "%s %s <%s>" ENDL, first_line ? "From:" : "", ast_str_buffer(str2), who);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5718:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
				fprintf(p, "From: %s <%s>" ENDL, ast_str_quote(&str2, 0, ast_str_buffer(str1)), who);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5725:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(p, "From: Asterisk PBX <%s>" ENDL, who);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5734:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf(p, "%s %s" ENDL, first_line ? "To:" : "", ast_str_buffer(str2));
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5739:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(p, "%s %s <%s>" ENDL, first_line ? "To:" : "", ast_str_buffer(str2), pager);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5741:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(p, "To: %s <%s>" ENDL, ast_str_quote(&str2, 0, vmu->fullname), pager);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5755:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
					fprintf(p, "%s %s" ENDL, first_line ? "Subject:" : "", ast_str_buffer(str2));
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5760:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
				fprintf(p, "%s %s" ENDL, first_line ? "Subject:" : "", ast_str_buffer(str2));
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5762:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
				fprintf(p, "Subject: %s" ENDL, ast_str_buffer(str1));
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5781:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf(p, "%s" ENDL, ast_str_buffer(str1));
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8042:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(textfile, msgfile);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8043:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(backup, msgfile);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8044:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(backup_textfile, msgfile);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8080:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(textfile, msgfile);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8205:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(alias, mapping->alias); /* safe */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8433:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(old_context, ast_channel_context(chan)); /* safe */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8434:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(old_exten, ast_channel_exten(chan)); /* safe */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8651:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(textfile, msgfile);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8652:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(backup, msgfile);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8653:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(backup_textfile, msgfile);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8667:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(textfile, msgfile);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8668:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(backup_textfile, msgfile);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:9146:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(copy, attachment); /* safe */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:9349:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(buf, box);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:12876:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(mailbox_id, "%s@%s", mailbox, context);/* Safe */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:13869:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(storage, var->value); /* safe */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:13924:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(listen_control_forward_key, DEFAULT_LISTEN_CONTROL_FORWARD_KEY);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:13925:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(listen_control_reverse_key, DEFAULT_LISTEN_CONTROL_REVERSE_KEY);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:13926:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(listen_control_pause_key, DEFAULT_LISTEN_CONTROL_PAUSE_KEY);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:13927:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(listen_control_restart_key, DEFAULT_LISTEN_CONTROL_RESTART_KEY);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:13928:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(listen_control_stop_key, DEFAULT_LISTEN_CONTROL_STOP_KEY);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:13984:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(mailcmd, SENDMAIL);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:15060:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(test_items[which].location, test_items[which].u.strval);
data/asterisk-16.15.0~dfsg/apps/confbridge/conf_config_parser.c:2644:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(user->menu_name, menu->name); /* Safe */
data/asterisk-16.15.0~dfsg/cdr/cdr_adaptive_odbc.c:224:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(entry->cdrname, cdrvar);
data/asterisk-16.15.0~dfsg/cdr/cdr_adaptive_odbc.c:225:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(entry->filtervalue, var->value);
data/asterisk-16.15.0~dfsg/cdr/cdr_adaptive_odbc.c:269:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(entry->name, columnname);
data/asterisk-16.15.0~dfsg/cdr/cdr_adaptive_odbc.c:273:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(entry->cdrname, cdrvar);
data/asterisk-16.15.0~dfsg/cdr/cdr_adaptive_odbc.c:280:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(entry->staticvalue, staticvalue);
data/asterisk-16.15.0~dfsg/cdr/cdr_pgsql.c:755:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cur->name, fname);
data/asterisk-16.15.0~dfsg/cdr/cdr_pgsql.c:756:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cur->type, ftype);
data/asterisk-16.15.0~dfsg/cdr/cdr_sqlite3_custom.c:146:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(value->expression, v); /* SAFE */
data/asterisk-16.15.0~dfsg/cdr/cdr_tds.c:104:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	__attribute__((format(printf, 2, 3)));
data/asterisk-16.15.0~dfsg/cel/cel_odbc.c:210:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(entry->celname, celvar);
data/asterisk-16.15.0~dfsg/cel/cel_odbc.c:211:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(entry->filtervalue, var->value);
data/asterisk-16.15.0~dfsg/cel/cel_odbc.c:253:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(entry->name, columnname);
data/asterisk-16.15.0~dfsg/cel/cel_odbc.c:257:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(entry->celname, celvar);
data/asterisk-16.15.0~dfsg/cel/cel_odbc.c:264:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(entry->staticvalue, staticvalue);
data/asterisk-16.15.0~dfsg/cel/cel_pgsql.c:642:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cur->name, fname);
data/asterisk-16.15.0~dfsg/cel/cel_pgsql.c:643:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cur->type, ftype);
data/asterisk-16.15.0~dfsg/cel/cel_tds.c:108:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	__attribute__((format(printf, 2, 3)));
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:2736:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(new_chan->dialstring, old_chan->dialstring);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:3959:25:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	__attribute__((format (printf, 3, 0)));
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:3965:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(logmsg, sizeof(logmsg), fmt, ap);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:3966:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(completemsg, sizeof(completemsg), CONTEXT_TAG "%s", logmsg);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:3972:25:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	__attribute__((format (printf, 3, 0)));
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:3978:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(logmsg, sizeof(logmsg), fmt, ap);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:3979:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(completemsg, sizeof(completemsg), CHAN_TAG "%d - %s", openr2_chan_get_number(r2chan), logmsg);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:7774:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(p->echorest + (p->echotraining / 401) + 1, p->dop.dialstr + strlen(p->dop.dialstr) - 2);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:17774:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(confp->chan.echocancel.params[confp->chan.echocancel.head.param_count].name, param.name);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:18146:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(varname, v->value); /* safe */
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:19100:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(copy, v->value); /* safe */
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:1208:35:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
static void __attribute__((format(printf, 1, 2))) jb_error_output(const char *fmt, ...)
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:1214:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, sizeof(buf), fmt, args);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:1220:35:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
static void __attribute__((format(printf, 1, 2))) jb_warning_output(const char *fmt, ...)
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:1226:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, sizeof(buf), fmt, args);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:1232:35:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
static void __attribute__((format(printf, 1, 2))) jb_debug_output(const char *fmt, ...)
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:1238:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, sizeof(buf), fmt, args);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:8783:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(reg->hostname, hostname); /* Note: This is safe */
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:676:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	__attribute__((format(printf, 3, 4)));
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:5246:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy((char *) tmp->bc->fac_out.u.CallDeflection.Component.Invoke.Deflection.Party.Number, nr);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:5262:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy((char *) tmp->bc->fac_out.u.CDeflection.DeflectedToNumber, nr);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:5304:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy((char *) tmp->bc->fac_out.u.CallRerouteing.Component.Invoke.CalledAddress.Party.Number, nr);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:12150:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(subcommand.name, misdn_commands[index].name);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:12219:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy((char *) ch->bc->fac_out.u.CallDeflection.Component.Invoke.Deflection.Party.Number, args.arg[0]);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:12234:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy((char *) ch->bc->fac_out.u.CDeflection.DeflectedToNumber, args.arg[0]);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:12263:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy((char *) ch->bc->fac_out.u.CallRerouteing.Component.Invoke.CalledAddress.Party.Number, args.arg[0]);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:12792:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, sizeof(buf), tmpl, ap);
data/asterisk-16.15.0~dfsg/channels/chan_oss.c:1403:8:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
			if (system(cmd) < 0) {
data/asterisk-16.15.0~dfsg/channels/chan_phone.c:319:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(cid.name, DEFAULT_CALLER_ID);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:3419:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	__attribute__((format(printf, 2, 3)));
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:3985:30:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
static __attribute__((format(printf, 2, 0))) void append_history_va(struct sip_pvt *p, const char *fmt, va_list ap)
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:3991:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, sizeof(buf), fmt, ap);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:10460:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(offer->decline_m_line, "m=audio 0 %s %s\r\n", protocol, codecs);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:10570:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(offer->decline_m_line, "m=video 0 %s %s\r\n", protocol, codecs);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:10649:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(offer->decline_m_line, "m=text 0 %s %s\r\n", protocol, codecs);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:10754:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(offer->decline_m_line, "m=image 0 %s t38\r\n", protocol);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:10773:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(offer->decline_m_line, "m=%s 0 %s\r\n", type, m + len);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:11306:18:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	if (!o_copy || !sscanf(token, "%30" SCNd64, &sess_version)) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:11852:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(supported_value, "replaces%s%s",
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:12910:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(pos, hdr_name);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:12913:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(pos, hdr_value);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:24485:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(quoted_rest, "\"%s\"", rest);/* Safe */
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:31650:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(mailbox->id, mbox); /* SAFE */
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:2084:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(pte->macaddr, addrmac);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:3739:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(buf, buf2);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:3941:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
						strcpy(d->id, pte->macaddr);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:4180:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(tmpbuf, ast_inet_ntoa(pte->sin.sin_addr));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:4242:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(pte->device->id, pte->device->extension_number);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:4439:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(tmp, pte->macaddr);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:4625:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(tmpbuf, ast_inet_ntoa(pte->sin.sin_addr));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:4640:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(tmpbuf, ast_inet_ntoa(addr_from->sin_addr));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:5641:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(pte->device->softkeylabel[pos], label);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:5642:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(pte->device->softkeynumber[pos], number);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:6811:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(d->maintext1, d->name);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:6823:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
				strcat(d->titledefault, tm.tm_zone);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:6826:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
				strcat(d->titledefault, tm.tm_zone);
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:710:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
					strcpy(p->cid_num, cli_struct->cldn);
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:711:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
					strcpy(p->cid_name, cli_struct->cn);
data/asterisk-16.15.0~dfsg/channels/console_video.c:306:2:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	system(in);
data/asterisk-16.15.0~dfsg/channels/console_video.c:412:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(name, supported_codecs[i]->name);
data/asterisk-16.15.0~dfsg/channels/iax2/codec_pref.c:231:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(cur, "%s%s", x ? "|" : "", name);
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:296:22:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		if (MISDN_IE_DEBG) printf(debug+(i*3), " %02hhx", (unsigned char)callid[i]);
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:342:22:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		if (MISDN_IE_DEBG) printf(debug+(i*3), " %02hhx", (unsigned char)callid[i]);
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:33:26:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	__attribute__ ((format (printf, 3, 4)));
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:179:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(buf, "* Port %2d Type %s Prot. %s L2Link %s L1Link:%s Blocked:%d",
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.h:524:6:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	int crypt;		/* Initialized, Not used */
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.h:724:26:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	__attribute__ ((format (printf, 3, 4)));
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.h:731:27:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		__attribute__ ((format (printf, 3, 4)));
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_msg_parser.c:1311:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(bc->redirecting.to.number, number);
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_msg_parser.c:1492:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(bc->redirecting.to.number, number);
data/asterisk-16.15.0~dfsg/channels/misdn_config.c:794:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(ports, tmp);
data/asterisk-16.15.0~dfsg/channels/pjsip/dialplan_functions.c:1297:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(buf + accum, ast_format_get_name(fmt));/* Safe */
data/asterisk-16.15.0~dfsg/channels/sig_analog.c:1222:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(p->echorest + (p->echotraining / 400) + 1, p->dop.dialstr + strlen(p->dop.dialstr) - 2);
data/asterisk-16.15.0~dfsg/channels/sig_analog.c:2983:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(p->echorest + (p->echotraining / 401) + 1, p->dop.dialstr + strlen(p->dop.dialstr) - 2);
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:1715:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(new_chan->keypad_digits, old_chan->keypad_digits);
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:1717:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(new_chan->deferred_digits, old_chan->deferred_digits);
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:1718:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(new_chan->moh_suggested, old_chan->moh_suggested);
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:1730:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(new_chan->user_tag, old_chan->user_tag);
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:1742:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(new_chan->context, old_chan->context);
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:1743:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(new_chan->mohinterpret, old_chan->mohinterpret);
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:2934:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(monitor_instance->name, device_name);
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:9386:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(line, sizeof(line), SIG_PRI_SC_LINE,
data/asterisk-16.15.0~dfsg/channels/sig_ss7.c:3340:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(line, sizeof(line), SIG_SS7_SC_LINE,
data/asterisk-16.15.0~dfsg/channels/sip/reqresp_parser.c:1296:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(orig_uri, buf);
data/asterisk-16.15.0~dfsg/contrib/utils/zones2indications.c:109:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  fprintf(stderr,
data/asterisk-16.15.0~dfsg/funcs/func_channel.c:690:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
				strcat(buf, ast_channel_name(c));
data/asterisk-16.15.0~dfsg/funcs/func_channel.c:726:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(template, "${%s}", data); /* SAFE */
data/asterisk-16.15.0~dfsg/funcs/func_config.c:143:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(cur->filename, args.filename);
data/asterisk-16.15.0~dfsg/funcs/func_config.c:172:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(cur->filename, args.filename);
data/asterisk-16.15.0~dfsg/funcs/func_curl.c:386:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(new->value, value);
data/asterisk-16.15.0~dfsg/funcs/func_env.c:506:3:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
		sscanf(args.offset, "%" SCNd64, &offset);
data/asterisk-16.15.0~dfsg/funcs/func_env.c:509:3:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
		sscanf(args.length, "%" SCNd64, &length);
data/asterisk-16.15.0~dfsg/funcs/func_env.c:763:3:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
		sscanf(args.offset, "%" SCNd64, &offset);
data/asterisk-16.15.0~dfsg/funcs/func_env.c:766:3:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
		sscanf(args.length, "%" SCNd64, &length);
data/asterisk-16.15.0~dfsg/funcs/func_global.c:168:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(prefix, "%s-", args.chan);
data/asterisk-16.15.0~dfsg/funcs/func_global.c:231:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(prefix, "%s-", args.chan);
data/asterisk-16.15.0~dfsg/funcs/func_global.c:292:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(shared_buffer, "SHARED(%s)", args.var);
data/asterisk-16.15.0~dfsg/funcs/func_lock.c:279:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(current->name, lockname); /* SAFE */
data/asterisk-16.15.0~dfsg/funcs/func_logic.c:119:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(buf, data && *data ? "0" : "1");
data/asterisk-16.15.0~dfsg/funcs/func_logic.c:127:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(buf, data && *data ? "1" : "0");
data/asterisk-16.15.0~dfsg/funcs/func_logic.c:252:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(s, "${%s}", args.varname);
data/asterisk-16.15.0~dfsg/funcs/func_odbc.c:239:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dsn->name, name);
data/asterisk-16.15.0~dfsg/funcs/func_odbc.c:956:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
					strcpy((char *)resultset + sizeof(*resultset), ast_str_buffer(colnames));
data/asterisk-16.15.0~dfsg/funcs/func_odbc.c:1010:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy((char *)row + sizeof(*row), buf);
data/asterisk-16.15.0~dfsg/funcs/func_shell.c:58:9:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
		ptr = popen(data, "r");
data/asterisk-16.15.0~dfsg/funcs/func_sprintf.c:138:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
				snprintf(bufptr, buf + len - bufptr, formatbuf, tmpi);
data/asterisk-16.15.0~dfsg/funcs/func_sprintf.c:161:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
				snprintf(bufptr, buf + len - bufptr, formatbuf, tmpd);
data/asterisk-16.15.0~dfsg/funcs/func_sprintf.c:173:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
				snprintf(bufptr, buf + len - bufptr, formatbuf, arg.var[argcount++]);
data/asterisk-16.15.0~dfsg/funcs/func_srv.c:113:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(srds->id, service);
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:463:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(varsubst, "${%s}", args.varname);
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:528:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(varsubst, "${%s}", args.varname);
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:612:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(varsubst, "${%s}", args.listname);
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:824:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(varsubst, "${%s}", args.varname);
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:910:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(varsubstr, "${%s}", args.varname);
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:978:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(buf, regexec(&regexbuf, args.str, 0, NULL, 0) ? "0" : "1");
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:1012:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(prefix, sizeof(prefix), HASH_PREFIX, data ? (char *)data : "null");
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:1065:7:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
						snprintf(varname, sizeof(varname), "__" HASH_FORMAT, origvar + 2, arg1.var[i]);
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:1067:7:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
						snprintf(varname, sizeof(varname), "_" HASH_FORMAT, origvar + 1, arg1.var[i]);
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:1070:6:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
					snprintf(varname, sizeof(varname), HASH_FORMAT, origvar, arg1.var[i]);
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:1081:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
				snprintf(varname, sizeof(varname), HASH_FORMAT, origvar, arg1.var[i]);
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:1190:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			snprintf(varname, sizeof(varname), "__" HASH_FORMAT, arg.hashname + 2, arg.hashkey);
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:1192:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			snprintf(varname, sizeof(varname), "_" HASH_FORMAT, arg.hashname + 1, arg.hashkey);
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:1195:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(varname, sizeof(varname), HASH_FORMAT, arg.hashname, arg.hashkey);
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:1213:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(varname, sizeof(varname), HASH_FORMAT, arg.hashname, arg.hashkey);
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:1240:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			snprintf(varname, sizeof(varname), HASH_FORMAT, arg.hashname, arg2.col[i]);
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:1592:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(varsubst, "${%s}", args.var);
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:1664:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(varsubst, "${%s}", stripped_var);
data/asterisk-16.15.0~dfsg/include/asterisk/agi.h:140:35:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
AST_OPTIONAL_API_ATTR(int, format(printf, 3, 4), ast_agi_send,
data/asterisk-16.15.0~dfsg/include/asterisk/ari.h:234:23:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 4, 5)));
data/asterisk-16.15.0~dfsg/include/asterisk/astmm.h:55:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	__attribute__((format(printf, 5, 6)));
data/asterisk-16.15.0~dfsg/include/asterisk/astmm.h:57:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	__attribute__((format(printf, 2, 0)));
data/asterisk-16.15.0~dfsg/include/asterisk/astmm.h:67:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	__attribute__((format(printf, 5, 6)));
data/asterisk-16.15.0~dfsg/include/asterisk/astmm.h:69:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	__attribute__((format(printf, 2, 0)));
data/asterisk-16.15.0~dfsg/include/asterisk/astobj2.h:1476:85:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
typedef void (ao2_prnt_fn)(void *where, const char *fmt, ...) __attribute__((format(printf, 2, 3)));
data/asterisk-16.15.0~dfsg/include/asterisk/ccss.h:1129:27:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
int __attribute__((format(printf, 2, 3))) ast_cc_agent_accept_request(int core_id, const char * const debug, ...);
data/asterisk-16.15.0~dfsg/include/asterisk/ccss.h:1144:27:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
int __attribute__((format(printf, 2, 3))) ast_cc_monitor_request_acked(int core_id, const char * const debug, ...);
data/asterisk-16.15.0~dfsg/include/asterisk/ccss.h:1163:27:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
int __attribute__((format(printf, 2, 3))) ast_cc_agent_caller_busy(int core_id, const char * const debug, ...);
data/asterisk-16.15.0~dfsg/include/asterisk/ccss.h:1178:27:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
int __attribute__((format(printf, 2, 3))) ast_cc_agent_caller_available(int core_id, const char * const debug, ...);
data/asterisk-16.15.0~dfsg/include/asterisk/ccss.h:1194:27:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
int __attribute__((format(printf, 2, 3))) ast_cc_agent_recalling(int core_id, const char * const debug, ...);
data/asterisk-16.15.0~dfsg/include/asterisk/ccss.h:1209:27:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
int __attribute__((format(printf, 2, 3))) ast_cc_completed(struct ast_channel *chan, const char * const debug, ...);
data/asterisk-16.15.0~dfsg/include/asterisk/ccss.h:1224:27:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
int __attribute__((format(printf, 2, 3))) ast_cc_failed(int core_id, const char * const debug, ...);
data/asterisk-16.15.0~dfsg/include/asterisk/ccss.h:1247:27:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
int __attribute__((format(printf, 3, 4))) ast_cc_monitor_failed(int core_id, const char * const monitor_name, const char * const debug, ...);
data/asterisk-16.15.0~dfsg/include/asterisk/ccss.h:1373:27:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
int __attribute__((format(printf, 2, 3))) ast_cc_monitor_callee_available(const int core_id, const char * const debug, ...);
data/asterisk-16.15.0~dfsg/include/asterisk/channel.h:1213:44:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
struct ast_channel * __attribute__((format(printf, 15, 16)))
data/asterisk-16.15.0~dfsg/include/asterisk/channel.h:4131:115:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	void ast_channel_##field##_build_va(struct ast_channel *chan, const char *fmt, va_list ap) __attribute__((format(printf, 2, 0))); \
data/asterisk-16.15.0~dfsg/include/asterisk/channel.h:4132:105:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	void ast_channel_##field##_build(struct ast_channel *chan, const char *fmt, ...) __attribute__((format(printf, 2, 3)))
data/asterisk-16.15.0~dfsg/include/asterisk/cli.h:34:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	__attribute__((format(printf, 2, 3)));
data/asterisk-16.15.0~dfsg/include/asterisk/compat.h:68:27:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
int __attribute__((format(printf, 2, 3))) asprintf(char **str, const char *fmt, ...);
data/asterisk-16.15.0~dfsg/include/asterisk/compat.h:120:27:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
int __attribute__((format(printf, 2, 0))) vasprintf(char **strp, const char *fmt, va_list ap);
data/asterisk-16.15.0~dfsg/include/asterisk/devicestate.h:150:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	__attribute__((format(printf, 3, 4)));
data/asterisk-16.15.0~dfsg/include/asterisk/iostream.h:232:31:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
ssize_t __attribute__((format(printf, 2, 3))) ast_iostream_printf(
data/asterisk-16.15.0~dfsg/include/asterisk/json.h:343:82:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
struct ast_json *ast_json_stringf(const char *format, ...) __attribute__((format(printf, 1, 2)));
data/asterisk-16.15.0~dfsg/include/asterisk/json.h:355:92:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
struct ast_json *ast_json_vstringf(const char *format, va_list args) __attribute__((format(printf, 1, 0)));
data/asterisk-16.15.0~dfsg/include/asterisk/logger.h:70:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	__attribute__((format(printf, 5, 6)));
data/asterisk-16.15.0~dfsg/include/asterisk/logger.h:73:25:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	 __attribute__((format(printf, 5, 0)));
data/asterisk-16.15.0~dfsg/include/asterisk/logger.h:84:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	__attribute__((format(printf, 5, 6)));
data/asterisk-16.15.0~dfsg/include/asterisk/logger.h:102:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	__attribute__((format(printf, 6, 7)));
data/asterisk-16.15.0~dfsg/include/asterisk/logger.h:149:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
void __attribute__((format(printf, 5, 6))) ast_queue_log(const char *queuename, const char *callid, const char *agent, const char *event, const char *fmt, ...);
data/asterisk-16.15.0~dfsg/include/asterisk/logger.h:165:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
void __attribute__((format(printf, 5, 6))) __ast_verbose(const char *file, int line, const char *func, int level, const char *fmt, ...);
data/asterisk-16.15.0~dfsg/include/asterisk/logger.h:175:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
void __attribute__((format(printf, 6, 7))) __ast_verbose_callid(const char *file, int line, const char *func, int level, ast_callid callid, const char *fmt, ...);
data/asterisk-16.15.0~dfsg/include/asterisk/logger.h:180:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
void __attribute__((format(printf, 6, 0))) __ast_verbose_ap(const char *file, int line, const char *func, int level, ast_callid callid, const char *fmt, va_list ap);
data/asterisk-16.15.0~dfsg/include/asterisk/logger.h:182:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
void __attribute__((format(printf, 2, 3))) ast_child_verbose(int level, const char *fmt, ...);
data/asterisk-16.15.0~dfsg/include/asterisk/logger.h:652:29:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
void __attribute__((format (printf, 6, 7))) __ast_trace(const char *file, int line, const char *func,
data/asterisk-16.15.0~dfsg/include/asterisk/manager.h:270:52:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		const char *contents, ...) __attribute__((format(printf, 8, 9)));
data/asterisk-16.15.0~dfsg/include/asterisk/manager.h:294:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
void __attribute__((format(printf, 3, 4))) astman_send_error_va(struct mansession *s, const struct message *m, const char *fmt, ...);
data/asterisk-16.15.0~dfsg/include/asterisk/manager.h:354:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
void __attribute__((format(printf, 2, 3))) astman_append(struct mansession *s, const char *fmt, ...);
data/asterisk-16.15.0~dfsg/include/asterisk/manager.h:514:23:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 3, 4)))
data/asterisk-16.15.0~dfsg/include/asterisk/message.h:186:27:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
int __attribute__((format(printf, 2, 3)))
data/asterisk-16.15.0~dfsg/include/asterisk/message.h:195:27:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
int __attribute__((format(printf, 2, 3)))
data/asterisk-16.15.0~dfsg/include/asterisk/message.h:204:27:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
int __attribute__((format(printf, 2, 3)))
data/asterisk-16.15.0~dfsg/include/asterisk/message.h:213:27:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
int __attribute__((format(printf, 2, 3)))
data/asterisk-16.15.0~dfsg/include/asterisk/message.h:222:27:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
int __attribute__((format(printf, 2, 3)))
data/asterisk-16.15.0~dfsg/include/asterisk/message.h:233:27:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
int __attribute__((format(printf, 2, 3)))
data/asterisk-16.15.0~dfsg/include/asterisk/message.h:244:27:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
int __attribute__((format(printf, 2, 3)))
data/asterisk-16.15.0~dfsg/include/asterisk/presencestate.h:109:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	__attribute__((format(printf, 4, 5)));
data/asterisk-16.15.0~dfsg/include/asterisk/res_pjproject.h:51:94:  [4] (buffer) scanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
int ast_pjproject_get_buildopt(char *option, char *format_string, ...) __attribute__((format(scanf, 2, 3)));
data/asterisk-16.15.0~dfsg/include/asterisk/statsd.h:82:36:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
AST_OPTIONAL_API_ATTR(void, format(printf, 1, 5), ast_statsd_log_string_va,
data/asterisk-16.15.0~dfsg/include/asterisk/statsd.h:120:36:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
AST_OPTIONAL_API_ATTR(void, format(printf, 1, 5), ast_statsd_log_full_va,
data/asterisk-16.15.0~dfsg/include/asterisk/stringfields.h:278:72:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	ast_string_field *ptr, const char *format, ...) __attribute__((format(printf, 7, 8)));
data/asterisk-16.15.0~dfsg/include/asterisk/stringfields.h:293:72:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	const char *file, int lineno, const char *func) __attribute__((format(printf, 4, 0)));
data/asterisk-16.15.0~dfsg/include/asterisk/strings.h:417:96:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
int ast_build_string(char **buffer, size_t *space, const char *fmt, ...) __attribute__((format(printf, 3, 4)));
data/asterisk-16.15.0~dfsg/include/asterisk/strings.h:431:106:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
int ast_build_string_va(char **buffer, size_t *space, const char *fmt, va_list ap) __attribute__((format(printf, 3, 0)));
data/asterisk-16.15.0~dfsg/include/asterisk/strings.h:925:27:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
int __attribute__((format(printf, 4, 0))) __ast_str_helper(struct ast_str **buf,
data/asterisk-16.15.0~dfsg/include/asterisk/strings.h:978:42:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
AST_INLINE_API(int __attribute__((format(printf, 3, 0))) ast_str_set_va(struct ast_str **buf, ssize_t max_len, const char *fmt, va_list ap),
data/asterisk-16.15.0~dfsg/include/asterisk/strings.h:996:42:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
AST_INLINE_API(int __attribute__((format(printf, 3, 0))) ast_str_append_va(struct ast_str **buf, ssize_t max_len, const char *fmt, va_list ap),
data/asterisk-16.15.0~dfsg/include/asterisk/strings.h:1053:27:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
int __attribute__((format(printf, 3, 4))) ast_str_set(
data/asterisk-16.15.0~dfsg/include/asterisk/strings.h:1079:27:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
int __attribute__((format(printf, 3, 4))) ast_str_append(
data/asterisk-16.15.0~dfsg/include/asterisk/taskprocessor.h:330:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
void __attribute__((format(printf, 3, 4))) ast_taskprocessor_build_name(char *buf, unsigned int size, const char *format, ...);
data/asterisk-16.15.0~dfsg/include/asterisk/test.h:186:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	__attribute__((format(printf, 5, 6)));
data/asterisk-16.15.0~dfsg/include/asterisk/test.h:355:88:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
void ast_test_debug(struct ast_test *test, const char *fmt, ...) __attribute__((format(printf, 2, 3)));
data/asterisk-16.15.0~dfsg/include/asterisk/test.h:377:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	__attribute__((format(printf, 5, 6)));
data/asterisk-16.15.0~dfsg/include/asterisk/udptl.h:66:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
void __attribute__((format(printf, 2, 3))) ast_udptl_set_tag(struct ast_udptl *udptl, const char *format, ...);
data/asterisk-16.15.0~dfsg/include/asterisk/xmldoc.h:91:53:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
struct ast_xml_xpath_results *__attribute__((format(printf, 1, 2))) ast_xmldoc_query(const char *fmt, ...);
data/asterisk-16.15.0~dfsg/include/jitterbuf.h:166:36:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
typedef void __attribute__((format(printf, 1, 2))) (*jb_output_function_t)(const char *fmt, ...);
data/asterisk-16.15.0~dfsg/main/abstract_jb.c:132:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(jb->logfile, __VA_ARGS__); \
data/asterisk-16.15.0~dfsg/main/acl.c:1093:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(addr, ast_sockaddr_stringify_addr(&ha->addr));
data/asterisk-16.15.0~dfsg/main/aoc.c:1463:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(prefix, rate_str);
data/asterisk-16.15.0~dfsg/main/aoc.c:1483:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(prefix, rate_str);
data/asterisk-16.15.0~dfsg/main/aoc.c:1492:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(prefix, rate_str);
data/asterisk-16.15.0~dfsg/main/app.c:1098:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(breaks, stop);
data/asterisk-16.15.0~dfsg/main/app.c:1101:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(breaks, suspend);
data/asterisk-16.15.0~dfsg/main/app.c:1104:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(breaks, restart);
data/asterisk-16.15.0~dfsg/main/app.c:1991:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(gi->group, group);
data/asterisk-16.15.0~dfsg/main/app.c:1994:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(gi->category, category);
data/asterisk-16.15.0~dfsg/main/app.c:3051:8:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	res = sscanf(timestr, FMT, &amount, u);
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:322:121:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
void ast_log(int level, const char *file, int line, const char *function, const char *fmt, ...) __attribute__ ((format (printf,5,6)));
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:1048:21:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define YYFPRINTF fprintf
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:2675:2:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	vprintf(fmt, vars);
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:2689:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if( access(argv[1],F_OK)== 0 )
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:2778:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
				sprintf(numbuf,FP___PRINTF,t->val->u.i);
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:2779:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
				strcat(argbuf,numbuf);
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:2781:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
				strcat(argbuf,t->val->u.s);
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:3127:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(buffer,"Converting '%s' and '%s' ", a->u.s, b->u.s);
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:3675:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(vs,a->u.s);
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:3676:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(vs,b->u.s);
data/asterisk-16.15.0~dfsg/main/ast_expr2f.c:2427:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			res_length = snprintf(buf, length, FP___PRINTF, io.val->u.i);
data/asterisk-16.15.0~dfsg/main/ast_expr2f.c:2480:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
       strcpy(extra_error_message, message);
data/asterisk-16.15.0~dfsg/main/asterisk.c:1182:3:  [4] (shell) execvp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
		execvp(file, argv);
data/asterisk-16.15.0~dfsg/main/asterisk.c:1195:3:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
		execl("/bin/sh", "/bin/sh", "-c", s, (char *) NULL);
data/asterisk-16.15.0~dfsg/main/asterisk.c:1683:3:  [4] (shell) execvp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
		execvp(_argv[0], _argv);
data/asterisk-16.15.0~dfsg/main/asterisk.c:2086:4:  [4] (shell) execvp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
			execvp(_argv[0], _argv);
data/asterisk-16.15.0~dfsg/main/asterisk.c:3169:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(tmp, "%s%s", prefix, data);
data/asterisk-16.15.0~dfsg/main/asterisk.c:4008:4:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
			execl(canary_binary, "astcanary", canary_filename, ppid, (char *)NULL);
data/asterisk-16.15.0~dfsg/main/astfd.c:88:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(tmp->callargs, sizeof(tmp->callargs), __VA_ARGS__); \
data/asterisk-16.15.0~dfsg/main/astmm.c:184:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(stderr, __VA_ARGS__);        \
data/asterisk-16.15.0~dfsg/main/astmm.c:186:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf(mmlog, __VA_ARGS__); \
data/asterisk-16.15.0~dfsg/main/astmm.c:617:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(ptr, s);
data/asterisk-16.15.0~dfsg/main/astmm.c:646:9:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	size = vsnprintf(&s, 1, fmt, ap2);
data/asterisk-16.15.0~dfsg/main/astmm.c:654:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(ptr, size + 1, fmt, ap);
data/asterisk-16.15.0~dfsg/main/astmm.c:669:9:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	size = vsnprintf(&s, 1, fmt, ap2);
data/asterisk-16.15.0~dfsg/main/astmm.c:676:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(ptr, size + 1, fmt, ap);
data/asterisk-16.15.0~dfsg/main/astobj2_container.c:974:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(reg->name, name);/* safe */
data/asterisk-16.15.0~dfsg/main/astobj2_container.c:1036:81:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
static void cli_output(void *where, const char *fmt, ...) __attribute__((format(printf, 2, 3)));
data/asterisk-16.15.0~dfsg/main/backtrace.c:166:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(data->msg, MSG_BUFF_LEN, inlined ? FMT_INLINED : FMT_NOT_INLINED,
data/asterisk-16.15.0~dfsg/main/bridge_basic.c:505:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(run_data->app_name, pvt->app_name);/* Safe */
data/asterisk-16.15.0~dfsg/main/bridge_basic.c:507:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(&run_data->app_name[run_data->app_args_offset],
data/asterisk-16.15.0~dfsg/main/bridge_basic.c:511:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(&run_data->app_name[run_data->moh_offset],
data/asterisk-16.15.0~dfsg/main/bridge_basic.c:514:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(&run_data->app_name[run_data->feature_offset],
data/asterisk-16.15.0~dfsg/main/bridge_basic.c:516:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(&run_data->app_name[run_data->activated_offset], activated_name);/* Safe */
data/asterisk-16.15.0~dfsg/main/bridge_basic.c:563:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(hook_data->app_name, app_name);/* Safe */
data/asterisk-16.15.0~dfsg/main/bridge_basic.c:565:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(&hook_data->app_name[hook_data->app_args_offset], app_args);/* Safe */
data/asterisk-16.15.0~dfsg/main/bridge_basic.c:568:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(&hook_data->app_name[hook_data->moh_offset], moh_class);/* Safe */
data/asterisk-16.15.0~dfsg/main/bridge_basic.c:570:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(&hook_data->app_name[hook_data->feature_offset], feature_name);/* Safe */
data/asterisk-16.15.0~dfsg/main/bridge_channel.c:1294:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(app_data->app_name, app_name);/* Safe */
data/asterisk-16.15.0~dfsg/main/bridge_channel.c:1296:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(&app_data->app_name[app_data->app_args_offset], app_args);/* Safe */
data/asterisk-16.15.0~dfsg/main/bridge_channel.c:1299:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(&app_data->app_name[app_data->moh_offset], moh_class);/* Safe */
data/asterisk-16.15.0~dfsg/main/bridge_channel.c:1386:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(payload->playfile, playfile);/* Safe */
data/asterisk-16.15.0~dfsg/main/bridge_channel.c:1388:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(&payload->playfile[payload->moh_offset], moh_class);/* Safe */
data/asterisk-16.15.0~dfsg/main/bridge_channel.c:1542:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(payload->parkee_uuid, parkee_uuid);
data/asterisk-16.15.0~dfsg/main/bridge_channel.c:1543:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(&payload->parkee_uuid[payload->parker_uuid_offset], parker_uuid);
data/asterisk-16.15.0~dfsg/main/bridge_channel.c:1545:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(&payload->parkee_uuid[payload->app_data_offset], app_data);
data/asterisk-16.15.0~dfsg/main/bucket.c:299:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(scheme->name, name);
data/asterisk-16.15.0~dfsg/main/bucket.c:326:19:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	metadata->name = strcpy(dst, name);
data/asterisk-16.15.0~dfsg/main/bucket.c:328:20:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	metadata->value = strcpy(dst, value);
data/asterisk-16.15.0~dfsg/main/bucket.c:780:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dst_file->path, src_file->path); /* safe */
data/asterisk-16.15.0~dfsg/main/callerid.c:1039:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(instr, tmp); /* safe, because tmp will always be the same size or smaller than instr */
data/asterisk-16.15.0~dfsg/main/ccss.c:358:34:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
static int __attribute__((format(printf, 3, 0))) cc_request_state_change(enum cc_state state, const int core_id, const char *debug, va_list ap);
data/asterisk-16.15.0~dfsg/main/ccss.c:2116:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(cc_interface->device_name, ast_str_buffer(str));
data/asterisk-16.15.0~dfsg/main/ccss.c:2284:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(cc_interface->device_name, device_name);
data/asterisk-16.15.0~dfsg/main/ccss.c:2567:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(agent->device_name, caller_name);
data/asterisk-16.15.0~dfsg/main/ccss.c:3343:13:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	debuglen = vsnprintf(dummy, sizeof(dummy), debug, aq) + 1;
data/asterisk-16.15.0~dfsg/main/ccss.c:3361:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(args->debug, debuglen, debug, ap);
data/asterisk-16.15.0~dfsg/main/ccss.c:3740:30:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
static __attribute__((format(printf, 2, 3))) int cc_offer(const int core_id, const char * const debug, ...)
data/asterisk-16.15.0~dfsg/main/cdr.c:802:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dst->userfield, src->userfield);
data/asterisk-16.15.0~dfsg/main/cdr.c:3704:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(new_cdr->party_b.userfield, cdr_obj->party_b.userfield);
data/asterisk-16.15.0~dfsg/main/cel.c:771:30:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	ast_channel_appl_set(tchan, strcpy(app_data, record.application_name));
data/asterisk-16.15.0~dfsg/main/cel.c:772:30:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	ast_channel_data_set(tchan, strcpy(app_data + strlen(record.application_name) + 1,
data/asterisk-16.15.0~dfsg/main/cel.c:808:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(lid->id, linkedid);/* Safe */
data/asterisk-16.15.0~dfsg/main/cel.c:1766:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(backend->name, name);/* Safe */
data/asterisk-16.15.0~dfsg/main/channel.c:772:50:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
static struct ast_channel *__attribute__((format(printf, 15, 0)))
data/asterisk-16.15.0~dfsg/main/channel.c:5595:34:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	const struct set_format_access *access;
data/asterisk-16.15.0~dfsg/main/channel.c:7679:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(member->name, piece);/* Safe */
data/asterisk-16.15.0~dfsg/main/channel.c:7844:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(mcv->name, var); /* SAFE */
data/asterisk-16.15.0~dfsg/main/cli.c:537:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(ml->module, mod);
data/asterisk-16.15.0~dfsg/main/cli.c:1435:12:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				len += sprintf( buf + len, "%s ", matches[x]);
data/asterisk-16.15.0~dfsg/main/config.c:160:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(x->cmt, ast_str_buffer(buffer)); /* SAFE */
data/asterisk-16.15.0~dfsg/main/config.c:306:20:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		variable->file = strcpy(dst, filename);
data/asterisk-16.15.0~dfsg/main/config.c:308:20:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		variable->name = strcpy(dst, name);
data/asterisk-16.15.0~dfsg/main/config.c:310:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		variable->value = strcpy(dst, value);
data/asterisk-16.15.0~dfsg/main/config.c:409:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(incl->include_location_file, to_file);
data/asterisk-16.15.0~dfsg/main/config.c:427:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cat->file, to_file);
data/asterisk-16.15.0~dfsg/main/config.c:450:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(str, to_file);/* SAFE */
data/asterisk-16.15.0~dfsg/main/config.c:1376:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(x->name, base->name);
data/asterisk-16.15.0~dfsg/main/config.c:1573:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dst, filename); /* Safe */
data/asterisk-16.15.0~dfsg/main/config.c:1575:23:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	cfmtime->who_asked = strcpy(dst, who_asked); /* Safe */
data/asterisk-16.15.0~dfsg/main/config.c:1724:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(cfinclude->include, filename); /* Safe */
data/asterisk-16.15.0~dfsg/main/config.c:2538:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access(fn, F_OK)) {
data/asterisk-16.15.0~dfsg/main/config.c:2541:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		if (access(dn, R_OK | W_OK)) {
data/asterisk-16.15.0~dfsg/main/config.c:2546:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		if (access(fn, R_OK | W_OK)) {
data/asterisk-16.15.0~dfsg/main/config.c:2888:14:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	map->name = strcpy(dst, name);
data/asterisk-16.15.0~dfsg/main/config.c:2890:16:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	map->driver = strcpy(dst, driver);
data/asterisk-16.15.0~dfsg/main/config.c:2892:18:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	map->database = strcpy(dst, database);
data/asterisk-16.15.0~dfsg/main/config.c:2895:16:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		map->table = strcpy(dst, table);
data/asterisk-16.15.0~dfsg/main/config.c:4009:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(buf, "module reload %s", cfmtime->who_asked);
data/asterisk-16.15.0~dfsg/main/core_unreal.c:1092:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(uniqueid2, id1.uniqueid);/* Safe */
data/asterisk-16.15.0~dfsg/main/crypt.c:124:24:  [4] (crypto) crypt_r:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	const char *crypted = crypt_r(key, salt, &data);
data/asterisk-16.15.0~dfsg/main/crypt.c:139:26:  [4] (crypto) crypt_r:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	return strcmp(expected, crypt_r(key, expected, &data)) == 0;
data/asterisk-16.15.0~dfsg/main/crypt.c:154:12:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	crypted = crypt(key, salt);
data/asterisk-16.15.0~dfsg/main/crypt.c:169:26:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	return strcmp(expected, crypt(key, expected)) == 0;
data/asterisk-16.15.0~dfsg/main/db.c:247:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dbname, ast_config_AST_DB);
data/asterisk-16.15.0~dfsg/main/devicestate.c:499:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(change->device, device);
data/asterisk-16.15.0~dfsg/main/devicestate.c:516:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, sizeof(buf), fmt, ap);
data/asterisk-16.15.0~dfsg/main/devicestate.c:574:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(pos, device);/* Safe */
data/asterisk-16.15.0~dfsg/main/dns_core.c:231:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(query->name, name); /* SAFE */
data/asterisk-16.15.0~dfsg/main/dns_core.c:491:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(buf_ptr, canonical); /* SAFE */
data/asterisk-16.15.0~dfsg/main/dns_naptr.c:514:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(ptr, replacement);
data/asterisk-16.15.0~dfsg/main/dns_recurring.c:127:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(recurring->name, name); /* SAFE */
data/asterisk-16.15.0~dfsg/main/dnsmgr.c:117:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(entry->name, name);
data/asterisk-16.15.0~dfsg/main/dnsmgr.c:120:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(entry->service, service);
data/asterisk-16.15.0~dfsg/main/enum.c:227:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(p1, suffix);
data/asterisk-16.15.0~dfsg/main/enum.c:356:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(p1, suffix);
data/asterisk-16.15.0~dfsg/main/event.c:354:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(str_payload->str, str);
data/asterisk-16.15.0~dfsg/main/file.c:408:4:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
			execl("/bin/mv", "mv", "-f", f->filename, f->realfilename, SENTINEL);
data/asterisk-16.15.0~dfsg/main/file.c:533:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(storage, f->exts); /* safe - this is in the stack so does not need to be freed */
data/asterisk-16.15.0~dfsg/main/file.c:674:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(buf, filename);	/* first copy the full string */
data/asterisk-16.15.0~dfsg/main/file.c:1161:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(full_path, "%s/%s", path, entry->d_name);
data/asterisk-16.15.0~dfsg/main/file.c:1199:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(full_path, "%s/%s", path, entry->d_name);
data/asterisk-16.15.0~dfsg/main/file.c:1427:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(buf, record_cache_dir);
data/asterisk-16.15.0~dfsg/main/file.c:1429:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(buf, fn);
data/asterisk-16.15.0~dfsg/main/format.c:113:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(format_interface->codec, codec); /* Safe */
data/asterisk-16.15.0~dfsg/main/frame.c:374:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(src, f->src);
data/asterisk-16.15.0~dfsg/main/http.c:298:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(path, "%s/static-http/%s", ast_config_AST_DATA_DIR, uri);
data/asterisk-16.15.0~dfsg/main/http.c:1567:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(auth->userid, userid);
data/asterisk-16.15.0~dfsg/main/http.c:1571:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(auth->password, password);
data/asterisk-16.15.0~dfsg/main/http.c:1684:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(res, buf);
data/asterisk-16.15.0~dfsg/main/http.c:2049:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(redirect->target, target);
data/asterisk-16.15.0~dfsg/main/iostream.c:498:8:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	len = vsnprintf(buf, sizeof(sbuf), format, va);
data/asterisk-16.15.0~dfsg/main/iostream.c:510:10:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		len2 = vsnprintf(buf, buf_len, format, va);
data/asterisk-16.15.0~dfsg/main/loader.c:178:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(new_entry->name, name); /* SAFE */
data/asterisk-16.15.0~dfsg/main/loader.c:267:30:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
static __attribute__((format(printf, 1, 2))) void module_load_error(const char *fmt, ...)
data/asterisk-16.15.0~dfsg/main/loader.c:669:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(mod->resource, info->name); /* safe */
data/asterisk-16.15.0~dfsg/main/loader.c:1080:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(mod->resource, "%s%s", resource_in, so_ext); /* safe */
data/asterisk-16.15.0~dfsg/main/loader.c:1462:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(item->module, module);
data/asterisk-16.15.0~dfsg/main/lock.c:62:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf(stderr, __VA_ARGS__); \
data/asterisk-16.15.0~dfsg/main/logger.c:626:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(chan->components, components);
data/asterisk-16.15.0~dfsg/main/logger.c:828:14:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	if ((size = vsnprintf(msg, 0, fmt, ap)) < 0) {
data/asterisk-16.15.0~dfsg/main/logger.c:840:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(msg, size + 1, fmt, aq);
data/asterisk-16.15.0~dfsg/main/logger.c:887:3:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		vsnprintf(qlog_msg, sizeof(qlog_msg), fmt, ap);
data/asterisk-16.15.0~dfsg/main/logger.c:933:3:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		vsnprintf(qlog_msg + qlog_len, sizeof(qlog_msg) - qlog_len, fmt, ap);
data/asterisk-16.15.0~dfsg/main/logger.c:1652:46:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
static struct logmsg * __attribute__((format(printf, 7, 0))) format_log_message_ap(int level,
data/asterisk-16.15.0~dfsg/main/logger.c:1711:46:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
static struct logmsg * __attribute__((format(printf, 7, 0))) format_log_message(int level,
data/asterisk-16.15.0~dfsg/main/logger.c:2018:35:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
static void __attribute__((format(printf, 7, 0))) ast_log_full(int level, int sublevel,
data/asterisk-16.15.0~dfsg/main/logger_category.c:89:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(category->name, name); /* Safe */
data/asterisk-16.15.0~dfsg/main/manager.c:1675:34:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
static int __attribute__((format(printf, 9, 0))) __manager_event_sessions(
data/asterisk-16.15.0~dfsg/main/manager.c:3874:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(copy, options); /* safe */
data/asterisk-16.15.0~dfsg/main/manager.c:7088:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(tmp->eventdata, str);
data/asterisk-16.15.0~dfsg/main/manager.c:7117:34:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
static int __attribute__((format(printf, 9, 0))) __manager_event_sessions_va(
data/asterisk-16.15.0~dfsg/main/manager.c:7216:34:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
static int __attribute__((format(printf, 9, 0))) __manager_event_sessions(
data/asterisk-16.15.0~dfsg/main/manager.c:9732:23:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 3, 4)))
data/asterisk-16.15.0~dfsg/main/media_cache.c:332:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(bucket_file->path, file_path);
data/asterisk-16.15.0~dfsg/main/media_cache.c:427:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(bucket_file->path, db_entry->data);
data/asterisk-16.15.0~dfsg/main/media_index.c:604:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(search_dir, "%s%s%s", index->base_dir, ast_strlen_zero(variant) ? "" : "/",
data/asterisk-16.15.0~dfsg/main/named_locks.c:78:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(concat_key, "%s-%s", keyspace, key); /* Safe */
data/asterisk-16.15.0~dfsg/main/named_locks.c:109:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(proxy->key, concat_key); /* Safe */
data/asterisk-16.15.0~dfsg/main/optional_api.c:108:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(user->module, module); /* SAFE */
data/asterisk-16.15.0~dfsg/main/optional_api.c:146:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(api->symname, symname); /* SAFE */
data/asterisk-16.15.0~dfsg/main/pbx.c:590:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(device->hintdevice, cur);
data/asterisk-16.15.0~dfsg/main/pbx.c:1470:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(m->x, pattern->buf);
data/asterisk-16.15.0~dfsg/main/pbx.c:1677:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(extenbuf, "%s/%s", e1->exten, e1->cidmatch);/* Safe.  We just checked. */
data/asterisk-16.15.0~dfsg/main/pbx.c:3102:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(obj->device_name, cur);
data/asterisk-16.15.0~dfsg/main/pbx.c:3646:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(cmpdevice->hintdevice, dev_state->device);
data/asterisk-16.15.0~dfsg/main/pbx.c:5348:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(buf, "%s@%s",
data/asterisk-16.15.0~dfsg/main/pbx.c:6240:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(tmp->name, name);
data/asterisk-16.15.0~dfsg/main/pbx.c:6559:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(saved_hint->data, hint->exten->parent->name);
data/asterisk-16.15.0~dfsg/main/pbx.c:7424:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(p, label);
data/asterisk-16.15.0~dfsg/main/pbx.c:7454:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(p, registrar_file);
data/asterisk-16.15.0~dfsg/main/pbx.c:7461:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(p, application);
data/asterisk-16.15.0~dfsg/main/pbx.c:8358:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(cmpdevice->hintdevice, presence_state->provider);
data/asterisk-16.15.0~dfsg/main/pbx_app.c:133:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(tmp->name, app);
data/asterisk-16.15.0~dfsg/main/pbx_builtins.c:1448:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(s, "${%s}", value);
data/asterisk-16.15.0~dfsg/main/pbx_hangup_handler.c:157:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(h_handler->args, expanded_handler);/* Safe */
data/asterisk-16.15.0~dfsg/main/pbx_ignorepat.c:71:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(pattern, value);
data/asterisk-16.15.0~dfsg/main/pbx_include.c:92:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(p, value);
data/asterisk-16.15.0~dfsg/main/pbx_include.c:95:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(p, value);
data/asterisk-16.15.0~dfsg/main/pbx_sw.c:89:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(p, value);
data/asterisk-16.15.0~dfsg/main/pbx_sw.c:93:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(p, data);
data/asterisk-16.15.0~dfsg/main/presencestate.c:359:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, sizeof(buf), fmt, ap);
data/asterisk-16.15.0~dfsg/main/say.c:2012:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(buffer, str);
data/asterisk-16.15.0~dfsg/main/say.c:2020:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(file_name, fn);
data/asterisk-16.15.0~dfsg/main/say.c:9199:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(new_string, "digits/%s", remaining);
data/asterisk-16.15.0~dfsg/main/serializer.c:90:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(pool->name, name); /* safe */
data/asterisk-16.15.0~dfsg/main/sorcery.c:618:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(proxy->module_name, module_name); /* Safe */
data/asterisk-16.15.0~dfsg/main/sorcery.c:931:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(object_wizard->wizard_args, wizard_args); /* Safe */
data/asterisk-16.15.0~dfsg/main/srv.c:106:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(entry->host, repl);
data/asterisk-16.15.0~dfsg/main/stasis.c:490:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(statistics->name, topic->name); /* SAFE */
data/asterisk-16.15.0~dfsg/main/stasis.c:532:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(proxy->name, name); /* SAFE */
data/asterisk-16.15.0~dfsg/main/stasis.c:846:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(statistics->uniqueid, sub->uniqueid); /* SAFE */
data/asterisk-16.15.0~dfsg/main/stasis.c:1635:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(change->description, description); /* SAFE */
data/asterisk-16.15.0~dfsg/main/stasis.c:1730:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(topic_pool_entry->name, topic_name); /* Safe */
data/asterisk-16.15.0~dfsg/main/stasis.c:1748:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(container_name, "%s-pool", stasis_topic_name(pool->pool_topic));
data/asterisk-16.15.0~dfsg/main/stasis.c:1849:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(container_name, "%s-pool", stasis_topic_name(pooled_topic));
data/asterisk-16.15.0~dfsg/main/stdtime/localtime.c:725:12:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				(void) strcpy(fullname, TZDIR "/");
data/asterisk-16.15.0~dfsg/main/stdtime/localtime.c:726:12:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
				(void) strcat(fullname, name);
data/asterisk-16.15.0~dfsg/main/stdtime/localtime.c:888:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			(void) strcpy(fullname, p);
data/asterisk-16.15.0~dfsg/main/stdtime/localtime.c:890:11:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			(void) strcat(fullname, name);
data/asterisk-16.15.0~dfsg/main/stdtime/localtime.c:898:19:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		if (doaccess && access(name, R_OK) != 0)
data/asterisk-16.15.0~dfsg/main/stdtime/localtime.c:2408:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
						strcpy(cur->name, name); /* SAFE */
data/asterisk-16.15.0~dfsg/main/stdtime/localtime.c:2437:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(cur->name, locale); /* SAFE */
data/asterisk-16.15.0~dfsg/main/strcompat.c:168:9:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	size = vsnprintf(&s, 1, fmt, ap2);
data/asterisk-16.15.0~dfsg/main/strcompat.c:173:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(*strp, size + 1, fmt, ap);
data/asterisk-16.15.0~dfsg/main/stream.c:119:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(stream->name, S_OR(name, "")); /* Safe */
data/asterisk-16.15.0~dfsg/main/stream.c:148:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(new_stream->name, stream_name); /* Safe */
data/asterisk-16.15.0~dfsg/main/stringfields.c:322:8:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	res = vsnprintf(target, available, format, ap2);
data/asterisk-16.15.0~dfsg/main/stringfields.c:345:3:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
		vsprintf(target, format, ap);
data/asterisk-16.15.0~dfsg/main/strings.c:71:9:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		res = vsnprintf((*buf)->__AST_STR_STR + offset, (*buf)->__AST_STR_LEN - offset, fmt, aq);
data/asterisk-16.15.0~dfsg/main/strings.c:215:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(ao2_add, add);/* Safe */
data/asterisk-16.15.0~dfsg/main/taskprocessor.c:678:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(alert->subsystem, subsystem); /* Safe */
data/asterisk-16.15.0~dfsg/main/taskprocessor.c:723:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(alert_copy->subsystem, alert->subsystem); /* Safe */
data/asterisk-16.15.0~dfsg/main/taskprocessor.c:1006:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(p->name, name); /* Safe */
data/asterisk-16.15.0~dfsg/main/taskprocessor.c:1304:14:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	user_size = vsnprintf(buf, size - (SEQ_STR_SIZE - 1), format, ap);
data/asterisk-16.15.0~dfsg/main/tcptls.c:367:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access(cert_file, F_OK) == 0) {
data/asterisk-16.15.0~dfsg/main/threadpool.c:940:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(fullname, "%s/pool", name); /* Safe */
data/asterisk-16.15.0~dfsg/main/uri.c:273:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(with_scheme, "%s://%s", scheme, uri);
data/asterisk-16.15.0~dfsg/main/utils.c:163:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(pbuf, *p); /* copy alias strings */
data/asterisk-16.15.0~dfsg/main/utils.c:170:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(pbuf, ph->h_name); /* copy alias strings */
data/asterisk-16.15.0~dfsg/main/utils.c:641:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(dst, entity);
data/asterisk-16.15.0~dfsg/main/utils.c:1778:11:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	result = vsnprintf(*buffer, *space, fmt, ap);
data/asterisk-16.15.0~dfsg/main/utils.c:2129:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(fullpath, pieces[x]);
data/asterisk-16.15.0~dfsg/main/xmldoc.c:516:35:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
static void __attribute__((format(printf, 4, 5))) xmldoc_reverse_helper(int reverse, int *len, char **syntax, const char *fmt, ...)
data/asterisk-16.15.0~dfsg/main/xmldoc.c:546:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(*syntax, tmpfmt);
data/asterisk-16.15.0~dfsg/main/xmldoc.c:551:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(*syntax + *len, tmpfmt);
data/asterisk-16.15.0~dfsg/main/xmldoc.c:2545:53:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
struct ast_xml_xpath_results *__attribute__((format(printf, 1, 2))) ast_xmldoc_query(const char *fmt, ...)
data/asterisk-16.15.0~dfsg/main/xmldoc.c:2895:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(documentation_language, sizeof(documentation_language), default_documentation_language);
data/asterisk-16.15.0~dfsg/menuselect/menuselect.c:130:35:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
static void __attribute__((format(printf, 2, 3))) __print_debug(int line, const char *format, ...)
data/asterisk-16.15.0~dfsg/menuselect/menuselect.c:138:2:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	vfprintf(debug, format, ap);
data/asterisk-16.15.0~dfsg/menuselect/menuselect.c:1610:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
					strcpy(&touchcommand[9], file);
data/asterisk-16.15.0~dfsg/menuselect/menuselect.c:1611:6:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
					system(touchcommand);
data/asterisk-16.15.0~dfsg/menuselect/menuselect.c:1619:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
					strcpy(&rmcommand[7], file);
data/asterisk-16.15.0~dfsg/menuselect/menuselect.c:1620:6:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
					system(rmcommand);
data/asterisk-16.15.0~dfsg/menuselect/menuselect.c:1629:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(&touchcommand[9], file);
data/asterisk-16.15.0~dfsg/menuselect/menuselect.c:1630:5:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
				system(touchcommand);
data/asterisk-16.15.0~dfsg/menuselect/menuselect.c:1638:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(&rmcommand[7], file);
data/asterisk-16.15.0~dfsg/menuselect/menuselect.c:1639:5:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
				system(rmcommand);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:238:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(buf + strlen(buf), "%*.*s%s", new_line ? 0 : 1, new_line ? 0 : 1, " ", word);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_gtk.c:136:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(mem_num_str, path);
data/asterisk-16.15.0~dfsg/menuselect/strcompat.c:164:9:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	size = vsnprintf(&s, 1, fmt, ap2);
data/asterisk-16.15.0~dfsg/menuselect/strcompat.c:169:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(*strp, size + 1, fmt, ap);
data/asterisk-16.15.0~dfsg/pbx/pbx_ael.c:160:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(rfilename, "%s/%s", ast_config_AST_CONFIG_DIR, config);
data/asterisk-16.15.0~dfsg/pbx/pbx_ael.c:162:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access(rfilename,R_OK) != 0) {
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:1854:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
						strcpy(appl, orig_appl);
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:1971:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(iface + len + 1, add);
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:1973:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(iface, add);
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:1570:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(perm->name, cur->name);
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:1580:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(perm->name, cur->name);
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:2767:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(srch, sizeof(srch), FORMAT, ast_eid_to_str(eid_str, sizeof(eid_str),
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:3250:8:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
							sprintf(peer->lookups[0], "%s@%s", trans->parent->number, trans->parent->dcontext);
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:3957:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(qe->number, number);
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:4449:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(perm->name, s);
data/asterisk-16.15.0~dfsg/pbx/pbx_lua.c:1097:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(path, "%s/%s", ast_config_AST_CONFIG_DIR, config);
data/asterisk-16.15.0~dfsg/pbx/pbx_realtime.c:276:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(ce->exten, exten); /* SAFE */
data/asterisk-16.15.0~dfsg/pbx/pbx_realtime.c:277:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(ce->context, context); /* SAFE */
data/asterisk-16.15.0~dfsg/pbx/pbx_spool.c:569:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(fn, "%s/%s", qdir, filename); /* SAFE */
data/asterisk-16.15.0~dfsg/pbx/pbx_spool.c:601:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(new->name, filename);
data/asterisk-16.15.0~dfsg/pbx/pbx_spool.c:637:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(cur->name, filename);
data/asterisk-16.15.0~dfsg/res/ael/ael.tab.c:1044:21:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define YYFPRINTF fprintf
data/asterisk-16.15.0~dfsg/res/ael/ael.tab.c:2652:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy((yyval.pval)->u1.str,(yyvsp[(1) - (5)].str));
data/asterisk-16.15.0~dfsg/res/ael/ael.tab.c:2654:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat((yyval.pval)->u1.str,(yyvsp[(3) - (5)].str));
data/asterisk-16.15.0~dfsg/res/ael/ael.tab.c:3116:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(bufx,(yyvsp[(1) - (5)].pval)->u1.str);
data/asterisk-16.15.0~dfsg/res/ael/ael.tab.c:3122:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(bufx,pptr->u1.str);
data/asterisk-16.15.0~dfsg/res/ael/pval.c:2898:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(rfilename, "%s/applist", ast_config_AST_VAR_DIR);
data/asterisk-16.15.0~dfsg/res/ael/pval.c:2958:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(p2, prio->appargs);
data/asterisk-16.15.0~dfsg/res/ael/pval.c:2961:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
				strcat(p2, p1+8);
data/asterisk-16.15.0~dfsg/res/ael/pval.c:2968:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(p2, prio->appargs);
data/asterisk-16.15.0~dfsg/res/ael/pval.c:2971:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
				strcat(p2, p1+8);
data/asterisk-16.15.0~dfsg/res/ael/pval.c:3517:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(buf2,p->u1.for_init);
data/asterisk-16.15.0~dfsg/res/ael/pval.c:3535:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
					strcpy(buf2, strp3);
data/asterisk-16.15.0~dfsg/res/ael/pval.c:3548:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
					strcpy(buf2, strp2);
data/asterisk-16.15.0~dfsg/res/ael/pval.c:3562:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(buf2,p->u3.for_inc);
data/asterisk-16.15.0~dfsg/res/ael/pval.c:3581:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
					strcpy(buf2, strp3);
data/asterisk-16.15.0~dfsg/res/ael/pval.c:3595:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
					strcpy(buf2, strp2);
data/asterisk-16.15.0~dfsg/res/ael/pval.c:3976:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
				strcat(buf1,p2->u1.str);
data/asterisk-16.15.0~dfsg/res/ael/pval.c:3994:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
				strcat(buf1,p2->u1.str);
data/asterisk-16.15.0~dfsg/res/ael/pval.c:4247:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(app, pr->app);
data/asterisk-16.15.0~dfsg/res/ael/pval.c:4251:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(appargs, pr->appargs);
data/asterisk-16.15.0~dfsg/res/ari/resource_bridges.c:485:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(thread_data->bridge_id, bridge->uniqueid);
data/asterisk-16.15.0~dfsg/res/ari/resource_channels.c:1143:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(origination->appdata, ast_str_buffer(appdata));
data/asterisk-16.15.0~dfsg/res/res_agi.c:2294:3:  [4] (shell) execv:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
		execv(script, argv);
data/asterisk-16.15.0~dfsg/res/res_calendar.c:1108:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(buf, calendar_is_busy(cal) ? "1" : "0");
data/asterisk-16.15.0~dfsg/res/res_clialiases.c:228:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(alias->alias, v1->name);
data/asterisk-16.15.0~dfsg/res/res_clialiases.c:229:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(alias->real_cmd, v1->value);
data/asterisk-16.15.0~dfsg/res/res_config_ldap.c:1313:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(new_buffer, new_value);
data/asterisk-16.15.0~dfsg/res/res_config_odbc.c:1058:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(last, q.category);
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:321:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(table->name, orig_tablename); /* SAFE */
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:351:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(column->name, fname);
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:352:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(column->type, ftype);
data/asterisk-16.15.0~dfsg/res/res_config_sqlite.c:616:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(col->name, fie.ld[i]); /* SAFE */
data/asterisk-16.15.0~dfsg/res/res_config_sqlite.c:617:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(col->type, type); /* SAFE */
data/asterisk-16.15.0~dfsg/res/res_config_sqlite.c:663:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(tblptr->name, tablename); /* SAFE */
data/asterisk-16.15.0~dfsg/res/res_config_sqlite3.c:1162:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(column, values[1]);
data/asterisk-16.15.0~dfsg/res/res_fax.c:2199:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(doc->filename, args.filename);
data/asterisk-16.15.0~dfsg/res/res_fax.c:2700:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		if (access(c, (F_OK | R_OK)) < 0) {
data/asterisk-16.15.0~dfsg/res/res_fax.c:2716:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(doc->filename, c);
data/asterisk-16.15.0~dfsg/res/res_http_websocket.c:1373:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(protocols, "Sec-WebSocket-Protocol: %s\r\n",
data/asterisk-16.15.0~dfsg/res/res_musiconhold.c:705:4:  [4] (shell) execv:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
			execv(argv[0], argv);
data/asterisk-16.15.0~dfsg/res/res_musiconhold.c:708:4:  [4] (shell) execv:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
			execv(LOCAL_MPG_123, argv);
data/asterisk-16.15.0~dfsg/res/res_musiconhold.c:710:4:  [4] (shell) execv:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
			execv(MPG_123, argv);
data/asterisk-16.15.0~dfsg/res/res_musiconhold.c:712:4:  [4] (shell) execvp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
			execvp("mpg123", argv);
data/asterisk-16.15.0~dfsg/res/res_mwi_external.c:551:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(regex, "^%s", word);/* Safe */
data/asterisk-16.15.0~dfsg/res/res_odbc.c:291:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(tableptr->connection, database); /* SAFE */
data/asterisk-16.15.0~dfsg/res/res_odbc.c:292:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(tableptr->table, tablename); /* SAFE */
data/asterisk-16.15.0~dfsg/res/res_odbc.c:304:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(entry->name, columnname);
data/asterisk-16.15.0~dfsg/res/res_odbc_transaction.c:171:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(txn->name, name); /* SAFE */
data/asterisk-16.15.0~dfsg/res/res_phoneprov.c:617:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(value_copy, v->value); /* safe */
data/asterisk-16.15.0~dfsg/res/res_phoneprov.c:648:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(value_copy, v->value); /* safe */
data/asterisk-16.15.0~dfsg/res/res_pjproject.c:252:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(format_temp, "%s : %s", option, format_string);
data/asterisk-16.15.0~dfsg/res/res_pjproject.c:257:9:  [4] (buffer) vsscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
		res = vsscanf(AST_VECTOR_GET(&buildopts, i), format_temp, arg_ptr);
data/asterisk-16.15.0~dfsg/res/res_pjsip/config_system.c:79:67:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	struct system_config *system = ast_sorcery_generic_alloc(sizeof(*system), NULL);
data/asterisk-16.15.0~dfsg/res/res_pjsip/config_system.c:81:7:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	if (!system) {
data/asterisk-16.15.0~dfsg/res/res_pjsip/config_system.c:85:9:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	return system;
data/asterisk-16.15.0~dfsg/res/res_pjsip/config_system.c:178:35:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	RAII_VAR(struct system_config *, system, NULL, ao2_cleanup);
data/asterisk-16.15.0~dfsg/res/res_pjsip/config_system.c:230:7:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	if (!system) {
data/asterisk-16.15.0~dfsg/res/res_pjsip/config_system.c:236:35:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	if (system_apply(system_sorcery, system)) {
data/asterisk-16.15.0~dfsg/res/res_pjsip/config_transport.c:585:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(temp_state->state->transport->info, "%s:%s", AST_SIP_X_AST_TXP, transport_id);
data/asterisk-16.15.0~dfsg/res/res_pjsip/location.c:94:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(prefix, "%s;@", aor_id); /* Safe */
data/asterisk-16.15.0~dfsg/res/res_pjsip/location.c:227:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(prefix, "%s;@", ast_sorcery_object_get_id(aor)); /* Safe */
data/asterisk-16.15.0~dfsg/res/res_pjsip/location.c:749:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(wrapper->contact_id, "%s/%s", aor_id, contact->uri);
data/asterisk-16.15.0~dfsg/res/res_pjsip/location.c:1012:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(wrapper->contact_id, "%s/%s", contact->aor, contact->uri);
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_configuration.c:1238:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(rtt, sizeof(rtt), "%" PRId64, contact_status->rtt);
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_distributor.c:93:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(tdata_name, name);/* Safe */
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_distributor.c:790:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(unid->src_name, rdata->pkt_info.src_name); /* Safe */
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_options.c:370:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(contact_status->name, name); /* SAFE */
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_options.c:601:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(aor_status->name, name); /* SAFE */
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_options.c:974:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(aor_options->name, ast_sorcery_object_get_id(aor)); /* SAFE */
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_options.c:1289:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(prefix, "%s;@", ast_sorcery_object_get_id(aor)); /* Safe */
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_options.c:1506:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(endpoint_state_compositor->name, ast_sorcery_object_get_id(endpoint)); /* SAFE */
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_scheduler.c:440:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(schtd->name, name); /* Safe */
data/asterisk-16.15.0~dfsg/res/res_pjsip_config_wizard.c:490:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(hint_device, "PJSIP/%s", id);
data/asterisk-16.15.0~dfsg/res/res_pjsip_config_wizard.c:772:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(host, rhost); /* Safe */
data/asterisk-16.15.0~dfsg/res/res_pjsip_config_wizard.c:1184:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(otw->object_type, object_type); /* Safe */
data/asterisk-16.15.0~dfsg/res/res_pjsip_diversion.c:530:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(reason_buf, "%s%s%s", quote_str, reason_str, quote_str);/* Safe */
data/asterisk-16.15.0~dfsg/res/res_pjsip_history.c:577:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(token->field, value); /* safe */
data/asterisk-16.15.0~dfsg/res/res_pjsip_mwi.c:157:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(mwi_stasis_sub->mailbox, mailbox);
data/asterisk-16.15.0~dfsg/res/res_pjsip_mwi.c:249:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(sub->id, endpoint_id);
data/asterisk-16.15.0~dfsg/res/res_pjsip_outbound_publish.c:823:24:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		message->body.type = strcpy(dst, body->type);
data/asterisk-16.15.0~dfsg/res/res_pjsip_outbound_publish.c:825:27:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		message->body.subtype = strcpy(dst, body->subtype);
data/asterisk-16.15.0~dfsg/res/res_pjsip_outbound_publish.c:827:29:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		message->body.body_text = strcpy(dst, body->body_text);
data/asterisk-16.15.0~dfsg/res/res_pjsip_outbound_publish.c:1058:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(publisher->user, user);
data/asterisk-16.15.0~dfsg/res/res_pjsip_outbound_publish.c:1455:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(state->id, id);
data/asterisk-16.15.0~dfsg/res/res_pjsip_outbound_registration.c:899:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(monitor, registration_name);/* Safe */
data/asterisk-16.15.0~dfsg/res/res_pjsip_pidf_eyebeam_body_supplement.c:64:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(act_str, pidfstate);
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:943:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(node->resource, resource);
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:1243:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(sub->resource, resource); /* Safe */
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:2119:19:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	cid_value.slen = sprintf(cid_value.ptr, "<%s@%.*s>",
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:2949:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(name, "%s->%s/%s %.*s", ind->sub_tree->persistence->endpoint,
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:3172:26:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	publication->resource = strcpy(dst, resource);
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:3174:42:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	publication->event_configuration_name = strcpy(dst, event_configuration_name);
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:3462:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf((char *) pj_strbuf(&accept), "%s/%s", generator->type, generator->subtype);/* Safe */
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:3607:4:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
			sscanf(line, "message-account: %s", summary->message_account);
data/asterisk-16.15.0~dfsg/res/res_pjsip_registrar.c:433:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(monitor->aor_name, aor_name); /* Safe */
data/asterisk-16.15.0~dfsg/res/res_pjsip_registrar.c:795:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
					strcpy(monitor->aor_name, aor_name);/* Safe */
data/asterisk-16.15.0~dfsg/res/res_pjsip_registrar.c:975:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(id_domain, "%s@%s", username, domain);
data/asterisk-16.15.0~dfsg/res/res_pjsip_registrar.c:992:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(id_domain_alias, "%s@%s", username, alias->domain);
data/asterisk-16.15.0~dfsg/res/res_pjsip_registrar.c:995:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		configured_aors = strcpy(aors_buf, aors);/* Safe */
data/asterisk-16.15.0~dfsg/res/res_pjsip_registrar.c:1009:20:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	configured_aors = strcpy(aors_buf, aors);/* Safe */
data/asterisk-16.15.0~dfsg/res/res_pjsip_session.c:164:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(handler_list->stream_type, stream_type);
data/asterisk-16.15.0~dfsg/res/res_pjsip_session.c:5341:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(forward, "PJSIP/%s/%s", ast_sorcery_object_get_id(session->endpoint), target_uri);
data/asterisk-16.15.0~dfsg/res/res_pjsip_session.c:5465:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(session_media->label, name);
data/asterisk-16.15.0~dfsg/res/res_pjsip_transport_websocket.c:213:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(newtransport->transport.info, "%s to %s", newtransport->transport.type_name, ws_addr_str);
data/asterisk-16.15.0~dfsg/res/res_rtp_multicast.c:156:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(pos, type);
data/asterisk-16.15.0~dfsg/res/res_rtp_multicast.c:161:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(pos, options); /* Safe */
data/asterisk-16.15.0~dfsg/res/res_sorcery_config.c:471:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(config->filename, filename);
data/asterisk-16.15.0~dfsg/res/res_sorcery_realtime.c:328:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(config->family, family); /* Safe */
data/asterisk-16.15.0~dfsg/res/res_stasis_playback.c:502:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(media_uri, media[i]);
data/asterisk-16.15.0~dfsg/res/stasis/app.c:130:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(forwards->id, id); /* SAFE */
data/asterisk-16.15.0~dfsg/res/stasis/app.c:314:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(context_name, app->name);
data/asterisk-16.15.0~dfsg/res/stasis/app.c:1051:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(context_name, name);
data/asterisk-16.15.0~dfsg/res/stasis/control.c:467:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(move_data->app_name, app_name); /* Safe */
data/asterisk-16.15.0~dfsg/res/stasis/control.c:471:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(move_data->app_args, app_args); /* Safe */
data/asterisk-16.15.0~dfsg/res/stasis/control.c:577:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dtmf_data->dtmf, dtmf);
data/asterisk-16.15.0~dfsg/res/stasis/control.c:1590:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(args->dialstring, dialstring);
data/asterisk-16.15.0~dfsg/res/stasis/messaging.c:101:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(tuple->app_name, app_name); /* Safe */
data/asterisk-16.15.0~dfsg/res/stasis/messaging.c:132:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(sub->token, token); /* Safe */
data/asterisk-16.15.0~dfsg/tests/test_abstract_jb.c:163:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy((conf)->impl, (impl)->name); \
data/asterisk-16.15.0~dfsg/tests/test_acl.c:113:14:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	const char *access;
data/asterisk-16.15.0~dfsg/tests/test_acl.c:128:36:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		if (!(*ha = ast_append_ha(acl[i].access, acl[i].host, *ha, err))) {
data/asterisk-16.15.0~dfsg/tests/test_acl.c:130:33:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
					       acl[i].host, acl[i].access, acl_name);
data/asterisk-16.15.0~dfsg/tests/test_acl.c:241:48:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (!(permit_hav4 = ast_append_ha(permitallv4.access, permitallv4.host, permit_hav4, &err))) {
data/asterisk-16.15.0~dfsg/tests/test_acl.c:247:44:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (!(deny_hav4 = ast_append_ha(denyallv4.access, denyallv4.host, deny_hav4, &err))) {
data/asterisk-16.15.0~dfsg/tests/test_acl.c:253:48:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (!(permit_hav6 = ast_append_ha(permitallv6.access, permitallv6.host, permit_hav6, &err))) {
data/asterisk-16.15.0~dfsg/tests/test_acl.c:259:44:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (!(deny_hav6 = ast_append_ha(denyallv6.access, denyallv6.host, deny_hav6, &err))) {
data/asterisk-16.15.0~dfsg/tests/test_astobj2_weaken.c:283:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(weak->value, value); /*SAFE*/
data/asterisk-16.15.0~dfsg/tests/test_dlinklists.c:66:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(buff,t1->name);
data/asterisk-16.15.0~dfsg/tests/test_dlinklists.c:80:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(buff,t1->name);
data/asterisk-16.15.0~dfsg/tests/test_dlinklists.c:97:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(t1->name, name);
data/asterisk-16.15.0~dfsg/tests/test_file.c:124:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(full_path, "%s/%s", dir_name, filename);
data/asterisk-16.15.0~dfsg/tests/test_jitterbuf.c:117:35:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
static void __attribute__((format(printf, 1, 2))) test_jb_debug_output(const char *fmt, ...)
data/asterisk-16.15.0~dfsg/tests/test_jitterbuf.c:123:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, sizeof(buf), fmt, args);
data/asterisk-16.15.0~dfsg/tests/test_jitterbuf.c:133:35:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
static void __attribute__((format(printf, 1, 2))) test_jb_warn_output(const char *fmt, ...)
data/asterisk-16.15.0~dfsg/tests/test_jitterbuf.c:139:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, sizeof(buf), fmt, args);
data/asterisk-16.15.0~dfsg/tests/test_jitterbuf.c:149:35:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
static void __attribute__((format(printf, 1, 2))) test_jb_error_output(const char *fmt, ...)
data/asterisk-16.15.0~dfsg/tests/test_jitterbuf.c:155:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, sizeof(buf), fmt, args);
data/asterisk-16.15.0~dfsg/tests/test_stasis.c:130:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(data, expected);/* Safe */
data/asterisk-16.15.0~dfsg/tests/test_stasis.c:1848:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(data, expected);
data/asterisk-16.15.0~dfsg/tests/test_stasis.c:1881:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(data, expected_text);
data/asterisk-16.15.0~dfsg/tests/test_stasis.c:1919:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(data, expected);
data/asterisk-16.15.0~dfsg/tests/test_stasis.c:1952:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(data, expected_text);
data/asterisk-16.15.0~dfsg/tests/test_stasis.c:2218:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(test_data->description, S_OR(data, "no data")); /* Safe */
data/asterisk-16.15.0~dfsg/third-party/pjproject/patches/asterisk_malloc_debug.h:39:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	__attribute__((format(printf, 5, 6)));
data/asterisk-16.15.0~dfsg/third-party/pjproject/patches/asterisk_malloc_debug.h:47:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	__attribute__((format(printf, 2, 0)));
data/asterisk-16.15.0~dfsg/utils/ael_main.c:137:13:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
				        vprintf(fmt, vars);
data/asterisk-16.15.0~dfsg/utils/ael_main.c:230:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(last_exten, extension);
data/asterisk-16.15.0~dfsg/utils/astdb2sqlite3.c:213:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dbname, argv[1]);
data/asterisk-16.15.0~dfsg/utils/astman.c:141:35:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
static void __attribute__((format(printf, 2, 3))) fdprintf(int fd, char *fmt, ...)
data/asterisk-16.15.0~dfsg/utils/astman.c:147:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(stuff, sizeof(stuff), fmt, ap);
data/asterisk-16.15.0~dfsg/utils/astman.c:410:34:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
static int __attribute__((format(printf, 2, 3))) manager_action(char *action, char *fmt, ...)
data/asterisk-16.15.0~dfsg/utils/astman.c:420:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(tmp, sizeof(tmp), fmt, ap);
data/asterisk-16.15.0~dfsg/utils/check_expr.c:119:119:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
void ast_log(int level, const char *file, int line, const char *function, const char *fmt, ...) __attribute__((format(printf,5,6)));
data/asterisk-16.15.0~dfsg/utils/check_expr.c:128:2:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	vprintf(fmt, vars);
data/asterisk-16.15.0~dfsg/utils/check_expr.c:159:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(t->varname, varname);
data/asterisk-16.15.0~dfsg/utils/check_expr.c:160:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(t->varval, varval);
data/asterisk-16.15.0~dfsg/utils/check_expr.c:199:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
					strcat(error_report, msg);
data/asterisk-16.15.0~dfsg/utils/check_expr.c:222:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
					strcat(error_report, msg);
data/asterisk-16.15.0~dfsg/utils/check_expr.c:304:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(error_report,"line %d, evaluation of $[ %s ] result: %s\n", global_lineno, evalbuf, s);
data/asterisk-16.15.0~dfsg/utils/check_expr.c:307:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(error_report,"line %d, evaluation of $[ %s ] result: ****SYNTAX ERROR****\n", global_lineno, evalbuf);
data/asterisk-16.15.0~dfsg/utils/conf2ael.c:84:119:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
void ast_log(int level, const char *file, int line, const char *function, const char *fmt, ...) __attribute__((format(printf,5,6)));
data/asterisk-16.15.0~dfsg/utils/conf2ael.c:93:2:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	vprintf(fmt, vars);
data/asterisk-16.15.0~dfsg/utils/conf2ael.c:389:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
							strcpy(timerange, tbuf);
data/asterisk-16.15.0~dfsg/utils/conf2ael.c:394:8:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
							strcat(timerange,tbuf);
data/asterisk-16.15.0~dfsg/utils/conf2ael.c:401:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
							strcpy(dowrange, days[startbit]);
data/asterisk-16.15.0~dfsg/utils/conf2ael.c:403:8:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
							strcat(dowrange, days[endbit]);
data/asterisk-16.15.0~dfsg/utils/conf2ael.c:410:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
							strcpy(monrange, months[startbit]);
data/asterisk-16.15.0~dfsg/utils/conf2ael.c:412:8:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
							strcat(monrange, months[endbit]);
data/asterisk-16.15.0~dfsg/utils/conf2ael.c:421:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
							strcpy(domrange, tbuf);
data/asterisk-16.15.0~dfsg/utils/conf2ael.c:424:8:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
							strcat(domrange, tbuf);
data/asterisk-16.15.0~dfsg/utils/conf_bridge_binaural_hrir_importer.c:103:2:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	printf(FILE_HEADER, hrir_filename, binaural_index_start, binaural_index_end);
data/asterisk-16.15.0~dfsg/utils/db1-ast/btree/bt_open.c:407:8:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	(void)snprintf(path, n, fmt, envtmp ? envtmp : "/tmp");
data/asterisk-16.15.0~dfsg/utils/extconf.c:75:126:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
static void ast_log(int level, const char *file, int line, const char *function, const char *fmt, ...) __attribute__((format(printf, 5, 6)));
data/asterisk-16.15.0~dfsg/utils/extconf.c:76:62:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
void ast_verbose(const char *fmt, ...) __attribute__((format(printf, 1, 2)));
data/asterisk-16.15.0~dfsg/utils/extconf.c:108:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	__attribute__((format(printf, 5, 6)));
data/asterisk-16.15.0~dfsg/utils/extconf.c:199:94:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define log_mutex_error(canlog, ...)  do { if (canlog) ast_log(LOG_ERROR, __VA_ARGS__); else fprintf(stderr, __VA_ARGS__); } while (0)
data/asterisk-16.15.0~dfsg/utils/extconf.c:747:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(comment_buffer,str);
data/asterisk-16.15.0~dfsg/utils/extconf.c:774:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(lline_buffer,str);
data/asterisk-16.15.0~dfsg/utils/extconf.c:853:3:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
		execl("/bin/sh", "/bin/sh", "-c", s, (char *) NULL);
data/asterisk-16.15.0~dfsg/utils/extconf.c:880:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(x->cmt, buffer);
data/asterisk-16.15.0~dfsg/utils/extconf.c:1067:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(variable->name,name);
data/asterisk-16.15.0~dfsg/utils/extconf.c:1135:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(incl->include_location_file, to_file);
data/asterisk-16.15.0~dfsg/utils/extconf.c:1145:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cat->file, to_file);
data/asterisk-16.15.0~dfsg/utils/extconf.c:1154:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
					strcpy(v->file, to_file);
data/asterisk-16.15.0~dfsg/utils/extconf.c:2202:2:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	vprintf(fmt, vars);
data/asterisk-16.15.0~dfsg/utils/extconf.c:2207:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
void __attribute__((format(printf, 1, 2))) ast_verbose(const char *fmt, ...)
data/asterisk-16.15.0~dfsg/utils/extconf.c:2213:2:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	vprintf(fmt, vars);
data/asterisk-16.15.0~dfsg/utils/extconf.c:4523:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(p, value);
data/asterisk-16.15.0~dfsg/utils/extconf.c:4526:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(p, value);
data/asterisk-16.15.0~dfsg/utils/extconf.c:4580:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy((char *)ignorepat->pattern, value);
data/asterisk-16.15.0~dfsg/utils/extconf.c:4666:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(new_sw->name, value);
data/asterisk-16.15.0~dfsg/utils/extconf.c:4670:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(new_sw->data, data);
data/asterisk-16.15.0~dfsg/utils/extconf.c:4733:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(tmp->name, name);
data/asterisk-16.15.0~dfsg/utils/extconf.c:4816:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(p, label);
data/asterisk-16.15.0~dfsg/utils/extconf.c:4831:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(p, application);
data/asterisk-16.15.0~dfsg/utils/frame.c:99:6:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		   printf((blood[i] & x) == 0? "0 ":"1 ");
data/asterisk-16.15.0~dfsg/utils/frame.c:100:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	   printf(i%4==3? "\n":"| ");
data/asterisk-16.15.0~dfsg/utils/frame.c:437:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy( result, args[i]);
data/asterisk-16.15.0~dfsg/utils/frame.c:971:27:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
int __attribute__((format(printf,1,2))) chat( const char *format, ...)
data/asterisk-16.15.0~dfsg/utils/frame.c:979:11:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	result = vfprintf( stderr, format, ap);
data/asterisk-16.15.0~dfsg/utils/frame.c:985:27:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
int __attribute__((format(printf,1,2))) inform( const char *format, ...)
data/asterisk-16.15.0~dfsg/utils/frame.c:993:11:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	result = vfprintf( stderr, format, ap);
data/asterisk-16.15.0~dfsg/utils/frame.c:999:27:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
int __attribute__((format(printf,1,2))) error( const char *format, ...)
data/asterisk-16.15.0~dfsg/utils/frame.c:1005:14:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    result = vfprintf( stderr, format, ap);
data/asterisk-16.15.0~dfsg/utils/frame.c:1010:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
void __attribute__((format(printf,1,2))) fatalerror( const char *format, ...)
data/asterisk-16.15.0~dfsg/utils/frame.c:1015:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf( stderr, format, ap);
data/asterisk-16.15.0~dfsg/utils/frame.c:1026:27:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
int __attribute__((format(printf,1,2))) say( const char *format, ...)
data/asterisk-16.15.0~dfsg/utils/frame.c:1032:14:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    result = vfprintf( stdout, format, ap);
data/asterisk-16.15.0~dfsg/utils/frame.c:1044:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy( result, string);
data/asterisk-16.15.0~dfsg/utils/frame.c:1056:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy( result, one);
data/asterisk-16.15.0~dfsg/utils/frame.c:1057:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat( result, two);
data/asterisk-16.15.0~dfsg/utils/smsq.c:403:14:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
         if (system (process) == -1) {
data/asterisk-16.15.0~dfsg/addons/mp3/mpg123.h:21:10:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
# define random rand
data/asterisk-16.15.0~dfsg/addons/mp3/mpg123.h:22:10:  [3] (random) srandom:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
# define srandom srand
data/asterisk-16.15.0~dfsg/addons/mp3/mpg123.h:22:18:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
# define srandom srand
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/h323/H235-SECURITY-MESSAGES.h:483:18:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
   H235RandomVal random;
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/h323/H235-SECURITY-MESSAGESDec.c:1184:52:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
      stat = asn1PD_H235RandomVal (pctxt, &pvalue->random);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/h323/H235-SECURITY-MESSAGESEnc.c:830:51:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
      stat = asn1PE_H235RandomVal (pctxt, pvalue->random);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooSocket.c:105:10:  [3] (misc) LoadLibrary:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
  ws32 = LoadLibrary ("WS2_32.DLL");
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh245.c:875:4:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
   srand((systemTime.wMilliseconds ^ systemTime.wSecond) + random_factor);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh245.c:879:4:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
   srand((tv.tv_usec ^ tv.tv_sec) + random_factor );
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:461:7:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
      srand((unsigned)time(0));
data/asterisk-16.15.0~dfsg/agi/eagi-sphinx-test.c:224:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	tmp = getenv("agi_enhanced");
data/asterisk-16.15.0~dfsg/agi/eagi-test.c:161:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	tmp = getenv("agi_enhanced");
data/asterisk-16.15.0~dfsg/bridges/bridge_softmix/bridge_softmix_binaural.c:76:2:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srand(time(NULL));
data/asterisk-16.15.0~dfsg/channels/console_gui.c:1236:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	const char *e = getenv("SDL_WINDOWID");
data/asterisk-16.15.0~dfsg/channels/console_gui.c:1241:29:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		Display *d = XOpenDisplay(getenv("DISPLAY"));
data/asterisk-16.15.0~dfsg/channels/console_gui.c:1335:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	const char *e = getenv("SDL_WINDOWID");
data/asterisk-16.15.0~dfsg/channels/console_video.c:711:7:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	if ((random() % 10000) <= 100*DROP_PACKETS) {
data/asterisk-16.15.0~dfsg/channels/console_video.c:871:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		const char *s = getenv("DISPLAY");
data/asterisk-16.15.0~dfsg/contrib/utils/zones2indications.c:126:16:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
  while((opt = getopt(argc, argv, "ac:hn:")) != -1) {
data/asterisk-16.15.0~dfsg/funcs/func_env.c:253:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		ret = getenv(data);
data/asterisk-16.15.0~dfsg/main/asterisk.c:1722:6:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (getenv("TERM") && strstr(getenv("TERM"), "xterm"))
data/asterisk-16.15.0~dfsg/main/asterisk.c:1722:31:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (getenv("TERM") && strstr(getenv("TERM"), "xterm"))
data/asterisk-16.15.0~dfsg/main/asterisk.c:1728:6:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (getenv("TERM") && strstr(getenv("TERM"), "xterm"))
data/asterisk-16.15.0~dfsg/main/asterisk.c:1728:31:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (getenv("TERM") && strstr(getenv("TERM"), "xterm"))
data/asterisk-16.15.0~dfsg/main/asterisk.c:2254:20:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
			ast_safe_system(getenv("SHELL") ? getenv("SHELL") : "/bin/sh");
data/asterisk-16.15.0~dfsg/main/asterisk.c:2254:38:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
			ast_safe_system(getenv("SHELL") ? getenv("SHELL") : "/bin/sh");
data/asterisk-16.15.0~dfsg/main/asterisk.c:2276:20:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
			ast_safe_system(getenv("SHELL") ? getenv("SHELL") : "/bin/sh");
data/asterisk-16.15.0~dfsg/main/asterisk.c:2276:38:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
			ast_safe_system(getenv("SHELL") ? getenv("SHELL") : "/bin/sh");
data/asterisk-16.15.0~dfsg/main/asterisk.c:2741:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if ((pfmt = getenv("ASTERISK_PROMPT"))) {
data/asterisk-16.15.0~dfsg/main/asterisk.c:3023:26:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	char *editor, *editrc = getenv("EDITRC");
data/asterisk-16.15.0~dfsg/main/asterisk.c:3025:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (!(editor = getenv("AST_EDITMODE"))) {
data/asterisk-16.15.0~dfsg/main/asterisk.c:3026:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		if (!(editor = getenv("AST_EDITOR"))) {
data/asterisk-16.15.0~dfsg/main/asterisk.c:3121:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	const char *home = getenv("HOME");
data/asterisk-16.15.0~dfsg/main/asterisk.c:3132:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	const char *home = getenv("HOME");
data/asterisk-16.15.0~dfsg/main/asterisk.c:3517:14:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt(argc, argv, getopt_settings)) != -1) {
data/asterisk-16.15.0~dfsg/main/asterisk.c:3562:14:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt(argc, argv, getopt_settings)) != -1) {
data/asterisk-16.15.0~dfsg/main/asterisk.c:4115:2:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srand((unsigned int) getpid() + (unsigned int) time(NULL));
data/asterisk-16.15.0~dfsg/main/stdtime/localtime.c:1607:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		zone = getenv("TZ");
data/asterisk-16.15.0~dfsg/main/strcompat.c:76:20:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (!overwrite && getenv(name))
data/asterisk-16.15.0~dfsg/main/term.c:94:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	char *term = getenv("TERM");
data/asterisk-16.15.0~dfsg/main/utils.c:1957:8:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	res = random();
data/asterisk-16.15.0~dfsg/main/utils.c:1960:8:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	res = random();
data/asterisk-16.15.0~dfsg/main/utils.c:2141:18:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
	absolute_path = realpath(path, NULL);
data/asterisk-16.15.0~dfsg/main/utils.c:2166:23:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
			absolute_subpath = realpath(path, NULL);
data/asterisk-16.15.0~dfsg/main/utils.c:2223:23:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
	absolute_base_path = realpath(base_path, NULL);
data/asterisk-16.15.0~dfsg/main/utils.c:2395:24:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	const char *envPATH = getenv("PATH");
data/asterisk-16.15.0~dfsg/menuselect/menuselect.c:2001:14:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt_long(argc, argv, "", long_options, &option_index)) != -1) {
data/asterisk-16.15.0~dfsg/menuselect/menuselect.c:2094:15:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
		while ((c = getopt_long(argc, argv, "", long_options, &option_index)) != -1) {
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:660:2:  [3] (random) srandom:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srandom(time(NULL) + getpid());
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:850:7:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
		if (random() % 100 < BOMB_PROB && cur->y != max_y) {
data/asterisk-16.15.0~dfsg/menuselect/strcompat.c:71:20:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (!overwrite && getenv(name))
data/asterisk-16.15.0~dfsg/res/res_ari.c:620:25:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
	absolute_api_dirname = realpath(ast_str_buffer(absolute_path_builder), NULL);
data/asterisk-16.15.0~dfsg/res/res_ari.c:631:22:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
	absolute_filename = realpath(ast_str_buffer(absolute_path_builder), NULL);
data/asterisk-16.15.0~dfsg/res/stasis_recording/stored.c:121:13:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
	real_dir = realpath(absolute_dir, NULL);
data/asterisk-16.15.0~dfsg/res/stasis_recording/stored.c:347:24:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
		char *real_basedir = realpath(ast_config_AST_RECORDING_DIR, NULL);
data/asterisk-16.15.0~dfsg/utils/db1-ast/btree/bt_open.c:398:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	envtmp = getenv("TMPDIR");
data/asterisk-16.15.0~dfsg/utils/muted.c:690:13:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while((x = getopt(argc, argv, "fhd")) > 0) {
data/asterisk-16.15.0~dfsg/addons/app_mysql.c:268:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char s[12] = "";
data/asterisk-16.15.0~dfsg/addons/app_mysql.c:355:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char set_names[255];
data/asterisk-16.15.0~dfsg/addons/app_mysql.c:356:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char statement[512];
data/asterisk-16.15.0~dfsg/addons/app_mysql.c:405:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (args.argc != 4 || (connid = atoi(args.connid)) == 0) {
data/asterisk-16.15.0~dfsg/addons/app_mysql.c:563:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sresult[10];
data/asterisk-16.15.0~dfsg/addons/cdr_mysql.c:127:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char status[256];
data/asterisk-16.15.0~dfsg/addons/cdr_mysql.c:128:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char status2[100] = "";
data/asterisk-16.15.0~dfsg/addons/cdr_mysql.c:129:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[362]; /* 256+100+" for "+NULL */
data/asterisk-16.15.0~dfsg/addons/cdr_mysql.c:242:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char workspace[2048], *value = NULL;
data/asterisk-16.15.0~dfsg/addons/cdr_mysql.c:261:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char timestr[128];
data/asterisk-16.15.0~dfsg/addons/cdr_mysql.c:291:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char timestr[128];
data/asterisk-16.15.0~dfsg/addons/cdr_mysql.c:471:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sqldesc[128];
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:101:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char id[31];					/* the 'name' from mobile.conf */
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:124:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char id[31];					/* The id from mobile.conf */
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:128:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[AST_MAX_CONTEXT];			/* the context for incoming calls */
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:132:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char rfcomm_buf[256];
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:133:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char io_buf[CHANNEL_FRAME_SIZE + AST_FRIENDLY_OFFSET];
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:497:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char bdaddr[18];
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:498:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char group[6];
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:547:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char addr[19] = {0};
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:548:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[31] = {0};
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:592:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(name, "[unknown]");
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:612:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[128];
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:660:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[128];
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:720:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char status[2];
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:927:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		group = atoi(&dest_dev[1]);
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:1904:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char saddr[18];
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:2515:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cmd[32];
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:2545:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cmd[32];
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:2557:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cmd[32];
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:2570:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cmd[32];
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:2584:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cmd[32];
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:2597:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cmd[10];
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:2626:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cmd[32];
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:2647:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cmd[32];
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:2659:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cmd[64];
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:2671:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cmd[162];
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:2692:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cmd[64];
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:2713:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cmd[128];
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:2944:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cmd[32];
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:2956:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cmd[32];
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:3873:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[350];
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:4122:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[256];
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:4532:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	pvt->rfcomm_port = atoi(port);
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:4575:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			pvt->group = atoi(v->value);
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:216:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char caller_h323id[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:217:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char caller_dialedDigits[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:218:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char caller_email[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:219:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char caller_url[256];
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:220:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char callee_h323id[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:221:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char callee_dialedDigits[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:222:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char callee_email[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:223:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char callee_url[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:231:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten[AST_MAX_EXTENSION];	/* Requested extension */
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:232:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[AST_MAX_EXTENSION];	/* Context where to start */
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:233:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char accountcode[256];	/* Account code */
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:243:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char rtpmaskstr[120];
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:256:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		name[256];
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:257:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		context[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:260:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		accountcode[20];
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:269:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		mIP[4*8+7+2];  /* Max for IPv6 - 2 brackets, 8 4hex, 7 - : */
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:271:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		rtpmaskstr[120];
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:285:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char        name[256];
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:289:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char        accountcode[20];
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:296:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char        ip[4*8+7+2]; /* Max for IPv6 - 2 brackets, 8 4hex, 7 - : */
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:304:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	    rtpmaskstr[120];
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:348:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char gLogFile[PATH_MAX] = DEFAULT_LOGFILE;
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:349:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char gInitError[256] = "";
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:351:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char gIP[2+8*4+7];	/* Max for IPv6 addr */
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:354:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char gCallerID[AST_MAX_EXTENSION] = "";
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:361:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char gGatekeeper[100];
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:362:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char gRASIP[2+8*4+7];	/* Max for IPv6 addr */
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:375:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char gAccountcode[80] = DEFAULT_H323ACCNT;
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:377:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char gContext[AST_MAX_EXTENSION] = DEFAULT_CONTEXT;
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:389:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char vendor[AST_MAX_EXTENSION] =  "";
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:390:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char version[AST_MAX_EXTENSION] = "";
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:638:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:684:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		port = atoi(sport);
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:934:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dtmf[2];
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:997:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char destination[256];
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:1851:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char number [OO_MAX_NUMBER_LENGTH];
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:2409:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				user->incominglimit = atoi(v->value);
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:2430:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				user->rtptimeout = atoi(v->value);
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:2475:52:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			} else if (!strcasecmp(v->name, "dtmfcodec") && atoi(v->value)) {
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:2476:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				user->dtmfcodec = atoi(v->value);
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:2596:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				peer->port = atoi(v->value);
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:2606:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				int val = atoi(v->value);
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:2628:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            			peer->rtptimeout = atoi(v->value);
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:2667:52:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			} else if (!strcasecmp(v->name, "dtmfcodec") && atoi(v->value)) {
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:2668:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				peer->dtmfcodec = atoi(v->value);
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:2886:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&global_jbconf, &default_jbconf, sizeof(struct ast_jb_conf));
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:2910:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
         		char temp[512];
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:2916:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				ooconfig.mTCPPortStart = atoi(temp);
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:2917:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				ooconfig.mTCPPortEnd = atoi(endlimit);
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:3009:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         t35countrycode = atoi(v->value);
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:3011:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         t35extensions = atoi(v->value);
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:3013:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         manufacturer = atoi(v->value);
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:3021:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			gIncomingLimit = atoi(v->value);
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:3023:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			gOutgoingLimit = atoi(v->value);
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:3048:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			gRTPTimeout = atoi(v->value);
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:3100:51:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		} else if (!strcasecmp(v->name, "dtmfcodec") && atoi(v->value)) {
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:3101:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			gDTMFCodec = atoi(v->value);
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:3132:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			gTRCLVL = atoi(v->value);
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:3194:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ip_port[64];
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:3293:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char ip_port[64];
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:3503:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char value[FORMAT_STRING_SIZE];
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:3564:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char value[FORMAT_STRING_SIZE];
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:4605:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lhost[INET6_ADDRSTRLEN];
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:4698:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(mediaInfo.dir, "transmit");
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:4701:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(mediaInfo.dir, "receive");
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:4704:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(mediaInfo.dir, "transmit");
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:4707:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(mediaInfo.dir, "receive");
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:4710:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(mediaInfo.dir, "transmit");
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:4713:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(mediaInfo.dir, "receive");
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:4728:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(mediaInfo.dir, "transmit");
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:4730:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(mediaInfo.dir, "receive");
data/asterisk-16.15.0~dfsg/addons/format_mp3.c:52:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sbuf[MP3_SCACHE];
data/asterisk-16.15.0~dfsg/addons/format_mp3.c:54:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dbuf[MP3_DCACHE];
data/asterisk-16.15.0~dfsg/addons/mp3/common.c:178:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char *modes[4] = { "Stereo", "Joint-Stereo", "Dual-Channel", "Single-Channel" };
data/asterisk-16.15.0~dfsg/addons/mp3/common.c:179:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char *layers[4] = { "Unknown" , "I", "II", "III" };
data/asterisk-16.15.0~dfsg/addons/mp3/common.c:195:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char *modes[4] = { "stereo", "joint-stereo", "dual-channel", "mono" };
data/asterisk-16.15.0~dfsg/addons/mp3/common.c:196:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char *layers[4] = { "Unknown" , "I", "II", "III" };
data/asterisk-16.15.0~dfsg/addons/mp3/interface.c:71:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(nbuf->pnt,buf,size);
data/asterisk-16.15.0~dfsg/addons/mp3/interface.c:286:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((mp->worksample).wordpointer+len,mp->tail->pnt+mp->tail->pos,nlen);
data/asterisk-16.15.0~dfsg/addons/mp3/interface.c:318:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((mp->worksample).wordpointer,bsbufold+mp->fsizeold-backstep,backstep);
data/asterisk-16.15.0~dfsg/addons/mp3/layer3.c:465:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   static unsigned char slen[2][16] = {
data/asterisk-16.15.0~dfsg/addons/mp3/layer3.c:560:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static unsigned char stab[3][6][4] = {
data/asterisk-16.15.0~dfsg/addons/mp3/mpglib.h:23:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char bsspace[2][MAXFRAMESIZE+512]; /* MAXFRAMESIZE */
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/context.c:110:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy (&pdest->buffer, &psrc->buffer, sizeof(ASN1BUFFER));
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/decode.c:717:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (pbuffer, &pctxt->buffer.data[pctxt->buffer.byteIndex], nbytes);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/encode.c:678:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
         memcpy (&pctxt->buffer.data[pctxt->buffer.byteIndex], pvalue,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/errmgmt.c:81:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char lbuf[16];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/errmgmt.c:82:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
   sprintf (lbuf, "%d", errParm);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/errmgmt.c:108:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char lbuf[16];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/errmgmt.c:109:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
   sprintf (lbuf, "%u", errParm);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/errmgmt.c:179:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
         strcpy (bufp, "unrecognized completion status");
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/errmgmt.c:181:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
   else strcpy (bufp, "normal completion status");
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/errmgmt.c:192:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char lbuf[500];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/errmgmt.c:196:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
   sprintf (pBuf, "ASN.1 ERROR: Status %d\n", pctxt->errInfo.status);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/errmgmt.c:217:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char lbuf[200];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/memheap.c:49:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char            data[8];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/memheap.c:917:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (newMem_p, mem_p, (((ASN1UINT)pElem_nunits (pElem)) * 8u));
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCalls.c:166:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(&call->capPrefs, &gH323ep.capPrefs, sizeof(OOCapPrefs));
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCalls.c:819:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy (newMediaInfo, &mediaInfo, sizeof(OOMediaInfo));
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCalls.h:96:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char   dir[15]; /* transmit/receive*/
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCalls.h:102:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char  lMediaIP[2+8*4+7];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCalls.h:114:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char ip[20];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCalls.h:163:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char                 callToken[20]; /* ex: ooh323c_call_1 */
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCalls.h:164:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char                 callType[10]; /* incoming/outgoing */
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCalls.h:168:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char                 ourCallerId[256];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCalls.h:185:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char                 localIP[2+8*4+7];/* Local IP address */
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCalls.h:191:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char                 remoteIP[2+8*4+7];/* Remote IP address */
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCalls.h:227:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char			rtpMaskStr[120];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCapability.c:815:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(events, "0-16");
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCapability.c:1852:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
         memcpy(epCap->params, cur->params, sizeof(OOGSMCapParams));
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCapability.c:1879:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(epCap->params, cur->params, sizeof(OOGSMCapParams));
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCapability.c:2013:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(epCap->params, cur->params, sizeof(OOCapParams));
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCapability.c:2046:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(epCap->params, cur->params, sizeof(OOCapParams));
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCapability.c:2160:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(epCap->params, cur->params, sizeof(OOCapParams));
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCapability.c:2193:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(epCap->params, cur->params, sizeof(OOCapParams));
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCapability.c:2295:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(epCap->params, cur->params, sizeof(OOCapParams));
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCapability.c:2328:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(epCap->params, cur->params, sizeof(OOCapParams));
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCapability.c:2430:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
         memcpy(epCap->params, cur->params, sizeof(OOH263CapParams));
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCapability.c:2459:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(epCap->params, cur->params, sizeof(OOH263CapParams));
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCapability.c:2580:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(&oldPrefs, capPrefs, sizeof(OOCapPrefs));
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCapability.c:2655:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(&oldPrefs, capPrefs, sizeof(OOCapPrefs));
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCmdChannel.c:117:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buffer[MAXMSGLEN];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCmdChannel.c:120:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffer, cmd,  sizeof(OOStackCommand));
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCmdChannel.c:125:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(bPoint, cmd->param1, cmd->plen1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCmdChannel.c:131:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(bPoint, cmd->param2, cmd->plen2);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCmdChannel.c:137:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(bPoint, cmd->param3, cmd->plen3);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCmdChannel.c:155:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   unsigned char buffer[MAXMSGLEN];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCmdChannel.c:170:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&cmd, buffer+i, sizeof(OOStackCommand));
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCmdChannel.c:280:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   unsigned char buffer[MAXMSGLEN];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCmdChannel.c:301:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&cmd, bPoint, sizeof(OOStackCommand));
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCmdChannel.c:309:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(cmd.param1, bPoint, cmd.plen1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCmdChannel.c:318:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(cmd.param2, bPoint, cmd.plen2);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCmdChannel.c:327:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(cmd.param3, bPoint, cmd.plen3);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c:358:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(pVendor->productId.data, gH323ep.productID,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c:366:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(pVendor->versionId.data, gH323ep.versionID,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c:376:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char remoteHost[32];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c:831:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(pGkClient->gkId.data,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c:850:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
   sprintf(pGkClient->gkRasIP, "%d.%d.%d.%d", pRasAddress->ip.data[0],
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c:1043:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pRegReq->gatekeeperIdentifier.data, pGkClient->gkId.data,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c:1079:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
         memcpy(pRegReq->endpointIdentifier.data, pGkClient->endpointId.data, pGkClient->endpointId.nchars*sizeof(ASN116BITCHAR));
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c:1161:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(pGkClient->endpointId.data,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c:1179:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(pGkClient->gkId.data,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c:1197:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(pGkClient->gkCallSignallingIP, "%d.%d.%d.%d",
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c:1259:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&pGkClient->gkInfo.preGrantedARQ,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c:1502:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy((void*)pUnregReq->endpointIdentifier.data,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c:1520:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((void*)pUnregReq->gatekeeperIdentifier.data,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c:1780:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy((void*)pAdmReq->endpointIdentifier.data,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c:1840:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy((void*)&pAdmReq->conferenceID, (void*)&call->confIdentifier,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c:1854:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy((void*)&pAdmReq->callIdentifier, (void*)&call->callIdentifier,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c:1871:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((void*)pAdmReq->gatekeeperIdentifier.data,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c:1966:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char ip[20];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c:1998:10:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
         sprintf(ip, "%d.%d.%d.%d", ipAddress->ip.data[0],
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c:2301:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy((void*)pIRR->endpointIdentifier.data,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c:2395:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy((void*)&perCallInfo->conferenceID, (void*)&call->confIdentifier,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c:2399:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy((void*)&perCallInfo->callIdentifier, (void*)&call->callIdentifier,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c:2507:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy((void*)pDRQ->endpointIdentifier.data,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c:2511:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy((void*)&pDRQ->conferenceID, (void*)&call->confIdentifier,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c:2525:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy((void*)&pDRQ->callIdentifier, (void*)&call->callIdentifier,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c:2540:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pDRQ->gatekeeperIdentifier.data, pGkClient->gkId.data,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c:2559:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
   strcpy((char *)pDRQ->terminationCause.u.releaseCompleteCauseIE->data, "Call Ended");
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c:2890:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char value[MAXFILENAME];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c:2981:10:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
         sprintf(value, "%d.%d.%d.%d:%d",
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.h:185:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char localRASIP[2+8*4+7];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.h:186:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char gkRasIP[2+8*4+7];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.h:187:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char gkCallSignallingIP[2+8*4+7];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooLogChan.h:56:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char dir[10];  /* receive/transmit */
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooLogChan.h:57:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char remoteIP[2+8*4+7];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooLogChan.h:62:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char localIP[2+8*4+7];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooSocket.c:392:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
       memcpy(destAddr, host, strlen(host) + 1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooSocket.c:542:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char hostname[100];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooSocket.c:689:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
         char addr[50];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooSocket.c:691:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mask[50];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooSocket.c:734:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	 memcpy(&sin, &ifReq.ifr_addr, sizeof(struct sockaddr_in));
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooSocket.c:758:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	 memcpy(&sin, &ifReq.ifr_netmask, sizeof(struct sockaddr_in));
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:32:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char aCallToken[200];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:36:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
   sprintf (aCallToken, "ooh323c_o_%d", counter++);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:111:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy((void*)cmd.param3, opts, sizeof(ooCallOptions));
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:183:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy((void*)cmd.param3, opts, sizeof(ooCallOptions));
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooasn1.h:323:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char         data[255];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/oochannels.c:403:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char callToken[20];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/oochannels.c:404:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char remoteIP[2+8*4+7];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/oochannels.c:457:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(call->remoteIP, remoteIP, strlen(remoteIP) + 1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/oochannels.c:1110:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(message+total, message1, recvLen);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/oochannels.c:1245:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(message+total, message1, recvLen);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/oochannels.c:2007:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buf[2];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh245.c:1844:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char remoteip[2+8*4+7];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:112:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(msgbuf, facility->fastStart.elem[i].data,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:384:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char remoteIP[2+8*4+7] = "";
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:402:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(call->callIdentifier.guid.data, setup->callIdentifier.guid.data,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:406:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(call->confIdentifier.data, setup->conferenceID.data,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:528:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(remoteIP, "%d.%d.%d.%d", ip->data[0], ip->data[1],
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:599:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
         memcpy(msgbuf, setup->fastStart.elem[i].data,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:696:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(msgbuf, callProceeding->fastStart.elem[i].data,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:940:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(msgbuf, alerting->fastStart.elem[i].data,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:1189:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(msgbuf, progress->fastStart.elem[i].data,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:1456:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
         memcpy(msgbuf, connect->fastStart.elem[i].data,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:1999:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(call->pCallFwdData->ip, "%d.%d.%d.%d", ip->data[0],
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:2101:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(call->remoteIP, "%d.%d.%d.%d", ipAddress->ip.data[0],
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:2244:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
         memcpy(newAlias->value, pAliasAddress->u.dialedDigits,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:2283:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
         memcpy(newAlias->value, pAliasAddress->u.url_ID,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:2296:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	 sprintf(newAlias->value+strlen(newAlias->value), ":%d", pTransportAddrss->u.ip6Address->port);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:2302:10:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
         sprintf(newAlias->value, "%d.%d.%d.%d:%d",
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:2327:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
         memcpy(newAlias->value, pAliasAddress->u.email_ID,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:2593:8:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
       sprintf(newAlias->value+strlen(newAlias->value), ":%d", pTransportAddrss->u.ip6Address->port);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:2599:8:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
       sprintf(newAlias->value, "%d.%d.%d.%d:%d",
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:2649:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
   sprintf(ip, "%d.%d.%d.%d",
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323ep.c:59:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   gH323ep.fptraceFile = fopen(gH323ep.traceFile, "a");
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323ep.h:99:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char   traceFile[MAXFILENAME];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323ep.h:122:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char callingPartyNumber[50];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323ep.h:133:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char signallingIP[2+8*4+7];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:57:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char number[128];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:140:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(ie->data, data + offset, alen);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:174:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(display, ie->data,ie->length);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:200:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(number, ie->data+numoffset,ie->length-numoffset);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:219:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(number, ie->data+1,ie->length-1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:283:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
         strcpy(buf, "Alerting");
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:286:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
         strcpy(buf, "CallProceeding");
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:289:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
         strcpy(buf, "Connect");
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:292:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
         strcpy(buf, "ConnectAck");
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:295:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
         strcpy(buf, "Progress");
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:298:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
         strcpy(buf, "Setup");
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:301:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
         strcpy(buf, "SetupAck");
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:304:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
         strcpy(buf, "Facility");
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:307:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
         strcpy(buf, "ReleaseComplete");
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:310:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
         strcpy(buf, "StatusEnquiry");
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:313:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
         strcpy(buf, "Status");
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:316:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
         strcpy(buf, "Information");
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:319:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
         strcpy(buf, "Escape");
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:322:10:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
         sprintf(buf, "<%d>", messageType);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:330:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
         strcpy(buf, "Bearer-Capability");
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:333:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
         strcpy(buf, "Cause");
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:336:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
         strcpy(buf, "Facility");
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:339:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
         strcpy(buf, "Progress-Indicator");
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:342:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
         strcpy(buf, "Call-State");
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:345:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
         strcpy(buf, "Display");
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:348:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
         strcpy(buf, "Signal");
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:351:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
         strcpy(buf, "Calling-Party-Number");
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:354:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
         strcpy(buf, "Called-Party-Number");
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:357:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
         strcpy(buf, "Redirecting-Number");
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:360:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
         strcpy(buf, "User-User");
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:363:10:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
         sprintf(buf, "0x%02x", (unsigned)number);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:369:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buf[1000];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:426:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char aCallToken[200];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:430:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
   sprintf (aCallToken, "ooh323c_%d", counter++);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:567:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(ie->data, msgptr, len);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:747:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(msgbuf+i, pq931Msg->bearerCapabilityIE->data,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:757:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(msgbuf+i, pq931Msg->causeIE->data, pq931Msg->causeIE->length);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:776:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(msgbuf+i, call->ourCallerId, ieLen-1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:786:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(msgbuf+i, pq931Msg->callingPartyNumberIE->data,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:796:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(msgbuf+i, pq931Msg->calledPartyNumberIE->data,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:806:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(msgbuf+i, pq931Msg->keypadIE->data, pq931Msg->keypadIE->length);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:813:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(msgbuf+i, pq931Msg->callstateIE->data, pq931Msg->callstateIE->length);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:838:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
         memcpy((msgbuf + i), ie->data, ieLen);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:879:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char remoteMediaControlIP[2 + 8 * 4 + 7];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:986:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char remoteMediaIP[2+8*4+7], remoteMediaControlIP[2+8*4+7];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:1008:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
         memcpy(pData,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:1318:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pData, (*fsElem)[k].data, (*fsElem)[k].numocts);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:1413:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(callProceeding->callIdentifier.guid.data,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:1535:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(alerting->callIdentifier.guid.data,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:1648:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(progress->callIdentifier.guid.data,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:1807:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(facility->callIdentifier.guid.data,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:1893:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(facility->callIdentifier.guid.data,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:1998:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(status->callIdentifier.guid.data,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:2064:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(statusInq->callIdentifier.guid.data,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:2152:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(releaseComplete->callIdentifier.guid.data,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:2260:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(connect->callIdentifier.guid.data, call->callIdentifier.guid.data,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:2264:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(connect->conferenceID.data, call->confIdentifier.data,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:2519:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char tmp[2+8*4+7]="\0";
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:2587:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      call->remotePort = atoi(port);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:3148:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(setup->conferenceID.data, call->confIdentifier.data,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:3159:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(setup->callIdentifier.guid.data, call->callIdentifier.guid.data,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:3256:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(information->callIdentifier.guid.data,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:3292:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char ip[2+8*4+7]="\0", *pcPort=NULL;
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:3330:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         call->pCallFwdData->port = atoi(pcPort);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:3380:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(facility->callIdentifier.guid.data,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:3522:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(pmsg->keypadIE->data, data, len);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:3555:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(pmsg->callingPartyNumberIE->data+2, number, len);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:3584:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(pmsg->calledPartyNumberIE->data+1, number, len);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:3703:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(facility->callIdentifier.guid.data,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:3954:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char tmp[256], buf[30];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:3975:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(buf, "%d.%d.%d.%d:%d", iEk, iDon, iTeen, iChaar, iPort);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:4018:10:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
         sprintf(buf, "%d.%d.%d.%d:%d", iEk, iDon, iTeen, iChaar, iPort);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ootrace.c:46:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char logMessage[MAXLOGMSGLEN];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ootrace.c:57:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char timeString[100];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ootrace.c:58:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char currtime[3];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ootrace.c:70:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
   if(lasttime> atoi(currtime))
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ootrace.c:72:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
   lasttime = atoi(currtime);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ootrace.c:76:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char dateString[10];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ootrace.c:81:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
   if(lasttime>atoi(currtime))
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ootrace.c:83:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
   lasttime = atoi(currtime);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/perutil.c:274:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
         memcpy (pCharSet->charSet.data, pAlphabet->charSet.data, nocts);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/printHandler.c:126:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char s[numbits + 8];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/printHandler.c:141:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char s[bufsiz];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/printHandler.c:265:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char lbuf[4];
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/printHandler.c:272:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf (lbuf, "%02hhx", (unsigned char)data[i]);
data/asterisk-16.15.0~dfsg/addons/res_config_mysql.c:86:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char        host[50];
data/asterisk-16.15.0~dfsg/addons/res_config_mysql.c:87:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char        name[50];
data/asterisk-16.15.0~dfsg/addons/res_config_mysql.c:88:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char        user[50];
data/asterisk-16.15.0~dfsg/addons/res_config_mysql.c:89:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char        pass[50];
data/asterisk-16.15.0~dfsg/addons/res_config_mysql.c:90:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char        sock[50];
data/asterisk-16.15.0~dfsg/addons/res_config_mysql.c:91:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char        charset[50];
data/asterisk-16.15.0~dfsg/addons/res_config_mysql.c:96:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char        unique_name[0];
data/asterisk-16.15.0~dfsg/addons/res_config_mysql.c:113:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];
data/asterisk-16.15.0~dfsg/addons/res_config_mysql.c:884:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char last[80] = "";
data/asterisk-16.15.0~dfsg/addons/res_config_mysql.c:933:51:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			if (strcmp(last, row[0]) || last_cat_metric != atoi(row[3])) {
data/asterisk-16.15.0~dfsg/addons/res_config_mysql.c:939:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				last_cat_metric = atoi(row[3]);
data/asterisk-16.15.0~dfsg/addons/res_config_mysql.c:1273:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		conn->port = atoi(s);
data/asterisk-16.15.0~dfsg/addons/res_config_mysql.c:1277:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char *paths[3] = { "/tmp/mysql.sock", "/var/lib/mysql/mysql.sock", "/var/run/mysqld/mysqld.sock" };
data/asterisk-16.15.0~dfsg/addons/res_config_mysql.c:1342:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char set_names[255];
data/asterisk-16.15.0~dfsg/addons/res_config_mysql.c:1343:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char statement[512];
data/asterisk-16.15.0~dfsg/addons/res_config_mysql.c:1475:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char status[256], status2[100] = "", type[20];
data/asterisk-16.15.0~dfsg/agi/eagi-sphinx-test.c:78:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[256];
data/asterisk-16.15.0~dfsg/agi/eagi-sphinx-test.c:115:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char astresp[256];
data/asterisk-16.15.0~dfsg/agi/eagi-sphinx-test.c:116:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char sphinxresp[256];
data/asterisk-16.15.0~dfsg/agi/eagi-sphinx-test.c:117:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char audiobuf[4096];
data/asterisk-16.15.0~dfsg/agi/eagi-test.c:27:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[256];
data/asterisk-16.15.0~dfsg/agi/eagi-test.c:64:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char astresp[256];
data/asterisk-16.15.0~dfsg/agi/eagi-test.c:65:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char audiobuf[4096];
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:132:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char vname[40];  /* Which "variable" is associated with it */
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:137:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char retstr[80]; /* Return string data */
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:141:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char vname[40];
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:148:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data[2048];
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:152:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char vname[40];
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:157:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char vname[40];
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:162:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char vname[40];
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:164:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data[70];
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:189:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char sec[5];
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:190:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char desc[19];
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:191:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char fdn[5];
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:206:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(out, src, maxlen);
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:207:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		((char *)out)[maxlen] = '\0';
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:277:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dtmfstr[80], *a;
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:463:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sname[80];
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:491:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sname[80];
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:654:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *tok, newkey[80];
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:656:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char keyid[6];
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:701:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *tok, dispname[80];
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:801:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char subscr[80];
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:826:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char subscr[80], sname[80];
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:1024:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *args, vname[256], tmp[80], tmp2[80];
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:1116:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(state->key->retstr + 3, tmp2, strlen(tmp2));
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:1122:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(state->key->retstr + state->key->retstrlen, tmp, strlen(tmp));
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:1226:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(disp->data + 5, tmp, strlen(tmp));
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:1237:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(disp->data + disp->datalen, tmp, strlen(tmp));
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:1372:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256], buf[256], *c;
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:1381:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(f = fopen(fn, "r"))) {
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:1466:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[1024];
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:1495:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(buf + bytes, scr->keys[x].retstr, scr->keys[x].retstrlen);
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:1519:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(buf + bytes, scr->displays[x].data, scr->displays[x].datalen);
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:1543:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(buf + bytes, scr->subs[x].data, scr->subs[x].datalen);
data/asterisk-16.15.0~dfsg/apps/app_agent_pool.c:1200:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dtmf[AST_FEATURE_MAX_LEN];
data/asterisk-16.15.0~dfsg/apps/app_agent_pool.c:1745:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dtmf[2];
data/asterisk-16.15.0~dfsg/apps/app_agent_pool.c:1825:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char data[1024];	/* This should be large enough */
data/asterisk-16.15.0~dfsg/apps/app_agent_pool.c:2530:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char id_text[AST_MAX_BUF];
data/asterisk-16.15.0~dfsg/apps/app_alarmreceiver.c:138:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data[17];
data/asterisk-16.15.0~dfsg/apps/app_alarmreceiver.c:188:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char event_spool_dir[128] = {'\0'};
data/asterisk-16.15.0~dfsg/apps/app_alarmreceiver.c:189:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char event_app[128] = {'\0'};
data/asterisk-16.15.0~dfsg/apps/app_alarmreceiver.c:190:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char db_family[128] = {'\0'};
data/asterisk-16.15.0~dfsg/apps/app_alarmreceiver.c:191:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char time_stamp_format[128] = {"%a %b %d, %Y @ %H:%M:%S %Z"};
data/asterisk-16.15.0~dfsg/apps/app_alarmreceiver.c:194:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char event_file[14] = "/event-XXXXXX";
data/asterisk-16.15.0~dfsg/apps/app_alarmreceiver.c:211:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char value[16];
data/asterisk-16.15.0~dfsg/apps/app_alarmreceiver.c:327:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char workstring[80];
data/asterisk-16.15.0~dfsg/apps/app_alarmreceiver.c:328:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char timestamp[80];
data/asterisk-16.15.0~dfsg/apps/app_alarmreceiver.c:404:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char workstring[sizeof(event_spool_dir) + sizeof(event_file)] = "";
data/asterisk-16.15.0~dfsg/apps/app_alarmreceiver.c:416:8:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
		fd = mkstemp(workstring);
data/asterisk-16.15.0~dfsg/apps/app_alarmreceiver.c:615:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char event[17];
data/asterisk-16.15.0~dfsg/apps/app_alarmreceiver.c:690:54:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			if (ast_tvdiff_ms(ast_tvnow(), call_start_time) > atoi(limit)) {
data/asterisk-16.15.0~dfsg/apps/app_alarmreceiver.c:698:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			if (limit_retries + 1 >= atoi(limit)) {
data/asterisk-16.15.0~dfsg/apps/app_alarmreceiver.c:797:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char signalling_type[64] = "";
data/asterisk-16.15.0~dfsg/apps/app_alarmreceiver.c:893:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		toneloudness = atoi(value);
data/asterisk-16.15.0~dfsg/apps/app_alarmreceiver.c:902:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		fdtimeout = atoi(value);
data/asterisk-16.15.0~dfsg/apps/app_alarmreceiver.c:911:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		sdtimeout = atoi(value);
data/asterisk-16.15.0~dfsg/apps/app_alarmreceiver.c:920:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		answait = atoi(value);
data/asterisk-16.15.0~dfsg/apps/app_amd.c:179:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char amdCause[256] = "", amdStatus[256] = "";
data/asterisk-16.15.0~dfsg/apps/app_amd.c:219:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			initialSilence = atoi(args.argInitialSilence);
data/asterisk-16.15.0~dfsg/apps/app_amd.c:221:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			greeting = atoi(args.argGreeting);
data/asterisk-16.15.0~dfsg/apps/app_amd.c:223:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			afterGreetingSilence = atoi(args.argAfterGreetingSilence);
data/asterisk-16.15.0~dfsg/apps/app_amd.c:225:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			totalAnalysisTime = atoi(args.argTotalAnalysisTime);
data/asterisk-16.15.0~dfsg/apps/app_amd.c:227:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			minimumWordLength = atoi(args.argMinimumWordLength);
data/asterisk-16.15.0~dfsg/apps/app_amd.c:229:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			betweenWordsSilence = atoi(args.argBetweenWordsSilence);
data/asterisk-16.15.0~dfsg/apps/app_amd.c:231:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			maximumNumberOfWords = atoi(args.argMaximumNumberOfWords);
data/asterisk-16.15.0~dfsg/apps/app_amd.c:233:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			silenceThreshold = atoi(args.argSilenceThreshold);
data/asterisk-16.15.0~dfsg/apps/app_amd.c:235:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			maximumWordLength = atoi(args.argMaximumWordLength);
data/asterisk-16.15.0~dfsg/apps/app_amd.c:296:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(amdStatus, "HANGUP");
data/asterisk-16.15.0~dfsg/apps/app_amd.c:304:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(amdStatus , "NOTSURE");
data/asterisk-16.15.0~dfsg/apps/app_amd.c:307:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(amdCause , "NOAUDIODATA-%d", iTotalTime);
data/asterisk-16.15.0~dfsg/apps/app_amd.c:311:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(amdCause , "TOOLONG-%d", iTotalTime);
data/asterisk-16.15.0~dfsg/apps/app_amd.c:337:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(amdStatus , "NOTSURE");
data/asterisk-16.15.0~dfsg/apps/app_amd.c:338:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(amdCause , "TOOLONG-%d", iTotalTime);
data/asterisk-16.15.0~dfsg/apps/app_amd.c:369:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
					strcpy(amdStatus , "MACHINE");
data/asterisk-16.15.0~dfsg/apps/app_amd.c:370:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(amdCause , "INITIALSILENCE-%d-%d", silenceDuration, initialSilence);
data/asterisk-16.15.0~dfsg/apps/app_amd.c:379:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
					strcpy(amdStatus , "HUMAN");
data/asterisk-16.15.0~dfsg/apps/app_amd.c:380:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(amdCause , "HUMAN-%d-%d", silenceDuration, afterGreetingSilence);
data/asterisk-16.15.0~dfsg/apps/app_amd.c:399:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
					strcpy(amdStatus , "MACHINE");
data/asterisk-16.15.0~dfsg/apps/app_amd.c:400:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(amdCause , "MAXWORDLENGTH-%d", consecutiveVoiceDuration);
data/asterisk-16.15.0~dfsg/apps/app_amd.c:406:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
					strcpy(amdStatus , "MACHINE");
data/asterisk-16.15.0~dfsg/apps/app_amd.c:407:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(amdCause , "MAXWORDS-%d-%d", iWordsCount, maximumNumberOfWords);
data/asterisk-16.15.0~dfsg/apps/app_amd.c:415:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
					strcpy(amdStatus , "MACHINE");
data/asterisk-16.15.0~dfsg/apps/app_amd.c:416:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(amdCause , "LONGGREETING-%d-%d", voiceDuration, greeting);
data/asterisk-16.15.0~dfsg/apps/app_amd.c:439:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(amdStatus , "NOTSURE");
data/asterisk-16.15.0~dfsg/apps/app_amd.c:440:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(amdCause , "TOOLONG-%d", iTotalTime);
data/asterisk-16.15.0~dfsg/apps/app_amd.c:450:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(amdStatus , "NOTSURE");
data/asterisk-16.15.0~dfsg/apps/app_amd.c:451:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(amdCause , "TOOLONG-%d", iTotalTime);
data/asterisk-16.15.0~dfsg/apps/app_amd.c:502:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					dfltInitialSilence = atoi(var->value);
data/asterisk-16.15.0~dfsg/apps/app_amd.c:504:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					dfltGreeting = atoi(var->value);
data/asterisk-16.15.0~dfsg/apps/app_amd.c:506:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					dfltAfterGreetingSilence = atoi(var->value);
data/asterisk-16.15.0~dfsg/apps/app_amd.c:508:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					dfltSilenceThreshold = atoi(var->value);
data/asterisk-16.15.0~dfsg/apps/app_amd.c:510:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					dfltTotalAnalysisTime = atoi(var->value);
data/asterisk-16.15.0~dfsg/apps/app_amd.c:512:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					dfltMinimumWordLength = atoi(var->value);
data/asterisk-16.15.0~dfsg/apps/app_amd.c:514:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					dfltBetweenWordsSilence = atoi(var->value);
data/asterisk-16.15.0~dfsg/apps/app_amd.c:516:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					dfltMaximumNumberOfWords = atoi(var->value);
data/asterisk-16.15.0~dfsg/apps/app_amd.c:518:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					dfltMaximumWordLength = atoi(var->value);
data/asterisk-16.15.0~dfsg/apps/app_attended_transfer.c:85:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char feature_code[AST_FEATURE_MAX_LEN];
data/asterisk-16.15.0~dfsg/apps/app_authenticate.c:119:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char passwd[256], *prompt = "agent-pass", *argcopy = NULL;
data/asterisk-16.15.0~dfsg/apps/app_authenticate.c:147:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		maxdigits = atoi(arglist.maxdigits);
data/asterisk-16.15.0~dfsg/apps/app_authenticate.c:172:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char tmp[256];
data/asterisk-16.15.0~dfsg/apps/app_authenticate.c:183:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char buf[256] = "", md5passwd[33] = "", *md5secret = NULL;
data/asterisk-16.15.0~dfsg/apps/app_authenticate.c:185:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			if (!(f = fopen(arglist.password, "r"))) {
data/asterisk-16.15.0~dfsg/apps/app_bridgewait.c:123:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];                  /*!< Name of the holding bridge wrapper */
data/asterisk-16.15.0~dfsg/apps/app_bridgewait.c:423:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *opts[OPT_ARG_ARRAY_SIZE] = { NULL, };
data/asterisk-16.15.0~dfsg/apps/app_chanisavail.c:110:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char trychan[512];
data/asterisk-16.15.0~dfsg/apps/app_chanspy.c:646:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char inp[24] = {0};
data/asterisk-16.15.0~dfsg/apps/app_chanspy.c:780:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char tmp[2];
data/asterisk-16.15.0~dfsg/apps/app_chanspy.c:807:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				running = atoi(inp);
data/asterisk-16.15.0~dfsg/apps/app_chanspy.c:897:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char nameprefix[AST_NAME_STRLEN];
data/asterisk-16.15.0~dfsg/apps/app_chanspy.c:898:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exitcontext[AST_MAX_CONTEXT] = "";
data/asterisk-16.15.0~dfsg/apps/app_chanspy.c:938:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char tmp[2];
data/asterisk-16.15.0~dfsg/apps/app_chanspy.c:981:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char tmp[2];
data/asterisk-16.15.0~dfsg/apps/app_chanspy.c:1032:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char dup_group[512];
data/asterisk-16.15.0~dfsg/apps/app_chanspy.c:1033:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char dup_mygroup[512];
data/asterisk-16.15.0~dfsg/apps/app_chanspy.c:1034:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char *groups[NUM_SPYGROUPS];
data/asterisk-16.15.0~dfsg/apps/app_chanspy.c:1035:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char *mygroups[NUM_SPYGROUPS];
data/asterisk-16.15.0~dfsg/apps/app_chanspy.c:1073:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char ext[AST_CHANNEL_NAME + 3];
data/asterisk-16.15.0~dfsg/apps/app_chanspy.c:1074:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char buffer[512];
data/asterisk-16.15.0~dfsg/apps/app_chanspy.c:1099:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char peer_name[AST_NAME_STRLEN + 5];
data/asterisk-16.15.0~dfsg/apps/app_chanspy.c:1102:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(peer_name, "spy-");
data/asterisk-16.15.0~dfsg/apps/app_chanspy.c:1142:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					if (ptr && (num = atoi(ptr))) {
data/asterisk-16.15.0~dfsg/apps/app_chanspy.c:1224:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *opts[OPT_ARG_ARRAY_SIZE];
data/asterisk-16.15.0~dfsg/apps/app_chanspy.c:1298:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char filename[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_chanspy.c:1301:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ((fd = open(filename, O_CREAT | O_WRONLY | O_TRUNC, AST_FILE_MODE)) <= 0) {
data/asterisk-16.15.0~dfsg/apps/app_chanspy.c:1356:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char *opts[OPT_ARG_ARRAY_SIZE];
data/asterisk-16.15.0~dfsg/apps/app_chanspy.c:1422:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char filename[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_chanspy.c:1425:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ((fd = open(filename, O_CREAT | O_WRONLY | O_TRUNC, AST_FILE_MODE)) <= 0) {
data/asterisk-16.15.0~dfsg/apps/app_confbridge.c:1467:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char taskprocessor_name[AST_TASKPROCESSOR_MAX_NAME + 1];
data/asterisk-16.15.0~dfsg/apps/app_confbridge.c:2012:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename[0];
data/asterisk-16.15.0~dfsg/apps/app_confbridge.c:2320:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pin_guess[MAX_PIN+1] = { 0, };
data/asterisk-16.15.0~dfsg/apps/app_confbridge.c:2369:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char destdir[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_confbridge.c:2414:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename[0];
data/asterisk-16.15.0~dfsg/apps/app_confbridge.c:2928:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dtmf[MAXIMUM_DTMF_FEATURE_STRING];
data/asterisk-16.15.0~dfsg/apps/app_confbridge.c:3357:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char flag_str[6 + 1];/* Max flags + terminator */
data/asterisk-16.15.0~dfsg/apps/app_confbridge.c:3842:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char id_text[80];
data/asterisk-16.15.0~dfsg/apps/app_confbridge.c:3886:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char id_text[512] = "";
data/asterisk-16.15.0~dfsg/apps/app_controlplayback.c:202:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char offsetbuf[20];
data/asterisk-16.15.0~dfsg/apps/app_controlplayback.c:203:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char stopkeybuf[2];
data/asterisk-16.15.0~dfsg/apps/app_controlplayback.c:206:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *opt_args[OPT_ARG_ARRAY_LEN];
data/asterisk-16.15.0~dfsg/apps/app_controlplayback.c:231:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	skipms = args.skip ? (atoi(args.skip) ? atoi(args.skip) : 3000) : 3000;
data/asterisk-16.15.0~dfsg/apps/app_controlplayback.c:231:42:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	skipms = args.skip ? (atoi(args.skip) ? atoi(args.skip) : 3000) : 3000;
data/asterisk-16.15.0~dfsg/apps/app_controlplayback.c:258:15:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			offsetms = atol(opt_args[OPT_ARG_OFFSET]);
data/asterisk-16.15.0~dfsg/apps/app_dahdiras.c:80:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *argv[PPP_MAX_ARGS];
data/asterisk-16.15.0~dfsg/apps/app_dial.c:813:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char stuff[0];
data/asterisk-16.15.0~dfsg/apps/app_dial.c:882:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char rexten[2] = { exten, '\0' };
data/asterisk-16.15.0~dfsg/apps/app_dial.c:933:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmpchan[256];
data/asterisk-16.15.0~dfsg/apps/app_dial.c:934:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char forwarder[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/apps/app_dial.c:1140:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char privcid[256];
data/asterisk-16.15.0~dfsg/apps/app_dial.c:1141:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char privintro[1024];
data/asterisk-16.15.0~dfsg/apps/app_dial.c:1142:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char status[256];
data/asterisk-16.15.0~dfsg/apps/app_dial.c:1190:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[32];
data/asterisk-16.15.0~dfsg/apps/app_dial.c:1191:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char full_var_name[128];
data/asterisk-16.15.0~dfsg/apps/app_dial.c:1239:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(pa->status, "CONGESTION");
data/asterisk-16.15.0~dfsg/apps/app_dial.c:1271:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
					strcpy(pa->status, "BUSY");
data/asterisk-16.15.0~dfsg/apps/app_dial.c:1273:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
					strcpy(pa->status, "CONGESTION");
data/asterisk-16.15.0~dfsg/apps/app_dial.c:1275:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
					strcpy(pa->status, "CHANUNAVAIL");
data/asterisk-16.15.0~dfsg/apps/app_dial.c:1698:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(pa->status, "CANCEL");
data/asterisk-16.15.0~dfsg/apps/app_dial.c:1722:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
						strcpy(pa->status, "CANCEL");
data/asterisk-16.15.0~dfsg/apps/app_dial.c:1738:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
					strcpy(pa->status, "CANCEL");
data/asterisk-16.15.0~dfsg/apps/app_dial.c:1855:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char disconnect_code[AST_FEATURE_MAX_LEN];
data/asterisk-16.15.0~dfsg/apps/app_dial.c:2033:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char callerid[60];
data/asterisk-16.15.0~dfsg/apps/app_dial.c:2244:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *opt_args[OPT_ARG_ARRAY_SIZE];
data/asterisk-16.15.0~dfsg/apps/app_dial.c:2247:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char device_name[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/apps/app_dial.c:2248:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char forced_clid_name[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/apps/app_dial.c:2249:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char stored_clid_name[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/apps/app_dial.c:2331:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		delprivintro = atoi(opt_args[OPT_ARG_SCREEN_NOINTRO]);
data/asterisk-16.15.0~dfsg/apps/app_dial.c:2344:64:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		opermode = ast_strlen_zero(opt_args[OPT_ARG_OPERMODE]) ? 1 : atoi(opt_args[OPT_ARG_OPERMODE]);
data/asterisk-16.15.0~dfsg/apps/app_dial.c:2349:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		calldurationlimit.tv_sec = atoi(opt_args[OPT_ARG_DURATION_STOP]);
data/asterisk-16.15.0~dfsg/apps/app_dial.c:2720:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(pa.status, "CHANUNAVAIL");
data/asterisk-16.15.0~dfsg/apps/app_dial.c:2792:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		to = atoi(args.timeout);
data/asterisk-16.15.0~dfsg/apps/app_dial.c:2803:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(pa.status, "CHANUNAVAIL");
data/asterisk-16.15.0~dfsg/apps/app_dial.c:2810:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(pa.status, "NOANSWER");
data/asterisk-16.15.0~dfsg/apps/app_dial.c:2894:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(pa.status, "ANSWER");
data/asterisk-16.15.0~dfsg/apps/app_dial.c:3347:49:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (!ast_strlen_zero(args.sleep) && (sleepms = atoi(args.sleep)))
data/asterisk-16.15.0~dfsg/apps/app_dial.c:3351:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		loops = atoi(args.retries);
data/asterisk-16.15.0~dfsg/apps/app_dictate.c:95:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dftbase[256];
data/asterisk-16.15.0~dfsg/apps/app_directory.c:168:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten[AST_MAX_EXTENSION + 1];
data/asterisk-16.15.0~dfsg/apps/app_directory.c:169:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[AST_MAX_EXTENSION + 1];
data/asterisk-16.15.0~dfsg/apps/app_directory.c:170:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[AST_MAX_CONTEXT + 1];
data/asterisk-16.15.0~dfsg/apps/app_directory.c:171:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[50]; /* Text to order items. Either lastname+firstname or firstname+lastname */
data/asterisk-16.15.0~dfsg/apps/app_directory.c:338:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		opt_pause = atoi(opts[OPT_ARG_PAUSE]);
data/asterisk-16.15.0~dfsg/apps/app_directory.c:399:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[7+12]; /* INT_MIN has a length of 12 chars */
data/asterisk-16.15.0~dfsg/apps/app_directory.c:775:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ext[10] = "";
data/asterisk-16.15.0~dfsg/apps/app_directory.c:852:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *parse, *opts[OPT_ARG_ARRAY_SIZE] = { 0, };
data/asterisk-16.15.0~dfsg/apps/app_directory.c:856:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char digits[9] = "digits/3";
data/asterisk-16.15.0~dfsg/apps/app_directory.c:888:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			digit = atoi(opts[OPT_ARG_EITHER]);
data/asterisk-16.15.0~dfsg/apps/app_directory.c:893:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			digit = atoi(opts[OPT_ARG_FIRSTNAME]);
data/asterisk-16.15.0~dfsg/apps/app_directory.c:898:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			digit = atoi(opts[OPT_ARG_LASTNAME]);
data/asterisk-16.15.0~dfsg/apps/app_disa.c:152:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *tmp, exten[AST_MAX_EXTENSION] = "", acctcode[20]="";
data/asterisk-16.15.0~dfsg/apps/app_disa.c:153:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pwline[256];
data/asterisk-16.15.0~dfsg/apps/app_disa.c:154:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ourcidname[256],ourcidnum[256];
data/asterisk-16.15.0~dfsg/apps/app_disa.c:261:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
						fp = fopen(args.passcode,"r");
data/asterisk-16.15.0~dfsg/apps/app_dumpchan.c:74:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cgrp[256];
data/asterisk-16.15.0~dfsg/apps/app_dumpchan.c:75:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pgrp[256];
data/asterisk-16.15.0~dfsg/apps/app_dumpchan.c:175:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char info[2048];
data/asterisk-16.15.0~dfsg/apps/app_dumpchan.c:180:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		level = atoi(data);
data/asterisk-16.15.0~dfsg/apps/app_externalivr.c:131:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename[1];
data/asterisk-16.15.0~dfsg/apps/app_externalivr.c:395:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *opts[0];
data/asterisk-16.15.0~dfsg/apps/app_externalivr.c:630:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char input[1024];
data/asterisk-16.15.0~dfsg/apps/app_externalivr.c:836:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 				char response[2048];
data/asterisk-16.15.0~dfsg/apps/app_fax.c:213:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[20];
data/asterisk-16.15.0~dfsg/apps/app_festival.c:183:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char offset[AST_FRIENDLY_OFFSET];
data/asterisk-16.15.0~dfsg/apps/app_festival.c:184:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char frdata[2048];
data/asterisk-16.15.0~dfsg/apps/app_festival.c:294:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ack[4];
data/asterisk-16.15.0~dfsg/apps/app_festival.c:297:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char bigstring[MAXFESTLEN];
data/asterisk-16.15.0~dfsg/apps/app_festival.c:300:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char MD5Res[16];
data/asterisk-16.15.0~dfsg/apps/app_festival.c:301:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char MD5Hex[33] = "";
data/asterisk-16.15.0~dfsg/apps/app_festival.c:302:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char koko[4] = "";
data/asterisk-16.15.0~dfsg/apps/app_festival.c:303:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cachefile[MAXFESTLEN]="";
data/asterisk-16.15.0~dfsg/apps/app_festival.c:308:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[16384];
data/asterisk-16.15.0~dfsg/apps/app_festival.c:339:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		port = atoi(temp);
data/asterisk-16.15.0~dfsg/apps/app_festival.c:438:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fdesc = open(cachefile, O_RDWR);
data/asterisk-16.15.0~dfsg/apps/app_festival.c:440:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			fdesc = open(cachefile, O_CREAT | O_RDWR, AST_FILE_MODE);
data/asterisk-16.15.0~dfsg/apps/app_festival.c:499:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fd = open(cachefile, O_RDWR);
data/asterisk-16.15.0~dfsg/apps/app_followme.c:155:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char number[512];	/*!< Phone Number(s) and/or Extension(s) */
data/asterisk-16.15.0~dfsg/apps/app_followme.c:164:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[AST_MAX_EXTENSION];	/*!< Name - FollowMeID */
data/asterisk-16.15.0~dfsg/apps/app_followme.c:165:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char moh[MAX_MUSICCLASS];	/*!< Music On Hold Class to be used */
data/asterisk-16.15.0~dfsg/apps/app_followme.c:166:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[AST_MAX_CONTEXT];  /*!< Context to dial from */
data/asterisk-16.15.0~dfsg/apps/app_followme.c:171:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char takecall[MAX_YN_STRING];	/*!< Digit mapping to take a call */
data/asterisk-16.15.0~dfsg/apps/app_followme.c:172:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char nextindp[MAX_YN_STRING];	/*!< Digit mapping to decline a call */
data/asterisk-16.15.0~dfsg/apps/app_followme.c:173:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char callfromprompt[PATH_MAX];	/*!< Sound prompt name and path */
data/asterisk-16.15.0~dfsg/apps/app_followme.c:174:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char norecordingprompt[PATH_MAX];	/*!< Sound prompt name and path */
data/asterisk-16.15.0~dfsg/apps/app_followme.c:175:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char optionsprompt[PATH_MAX];	/*!< Sound prompt name and path */
data/asterisk-16.15.0~dfsg/apps/app_followme.c:176:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char plsholdprompt[PATH_MAX];	/*!< Sound prompt name and path */
data/asterisk-16.15.0~dfsg/apps/app_followme.c:177:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char statusprompt[PATH_MAX];	/*!< Sound prompt name and path */
data/asterisk-16.15.0~dfsg/apps/app_followme.c:178:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sorryprompt[PATH_MAX];	/*!< Sound prompt name and path */
data/asterisk-16.15.0~dfsg/apps/app_followme.c:179:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char connprompt[PATH_MAX];	/*!< Sound prompt name and path */
data/asterisk-16.15.0~dfsg/apps/app_followme.c:205:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char suggested_moh[MAX_MUSICCLASS];
data/asterisk-16.15.0~dfsg/apps/app_followme.c:206:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/apps/app_followme.c:207:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char namerecloc[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_followme.c:208:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char takecall[MAX_YN_STRING];	/*!< Digit mapping to take a call */
data/asterisk-16.15.0~dfsg/apps/app_followme.c:209:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char nextindp[MAX_YN_STRING];	/*!< Digit mapping to decline a call */
data/asterisk-16.15.0~dfsg/apps/app_followme.c:210:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char callfromprompt[PATH_MAX];	/*!< Sound prompt name and path */
data/asterisk-16.15.0~dfsg/apps/app_followme.c:211:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char norecordingprompt[PATH_MAX];	/*!< Sound prompt name and path */
data/asterisk-16.15.0~dfsg/apps/app_followme.c:212:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char optionsprompt[PATH_MAX];	/*!< Sound prompt name and path */
data/asterisk-16.15.0~dfsg/apps/app_followme.c:213:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char plsholdprompt[PATH_MAX];	/*!< Sound prompt name and path */
data/asterisk-16.15.0~dfsg/apps/app_followme.c:214:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char statusprompt[PATH_MAX];	/*!< Sound prompt name and path */
data/asterisk-16.15.0~dfsg/apps/app_followme.c:215:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sorryprompt[PATH_MAX];	/*!< Sound prompt name and path */
data/asterisk-16.15.0~dfsg/apps/app_followme.c:216:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char connprompt[PATH_MAX];	/*!< Sound prompt name and path */
data/asterisk-16.15.0~dfsg/apps/app_followme.c:227:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dialarg[768];
data/asterisk-16.15.0~dfsg/apps/app_followme.c:229:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char yn[MAX_YN_STRING];
data/asterisk-16.15.0~dfsg/apps/app_followme.c:273:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char takecall[MAX_YN_STRING] = "1";
data/asterisk-16.15.0~dfsg/apps/app_followme.c:274:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char nextindp[MAX_YN_STRING] = "2";
data/asterisk-16.15.0~dfsg/apps/app_followme.c:276:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char callfromprompt[PATH_MAX] = "followme/call-from";
data/asterisk-16.15.0~dfsg/apps/app_followme.c:277:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char norecordingprompt[PATH_MAX] = "followme/no-recording";
data/asterisk-16.15.0~dfsg/apps/app_followme.c:278:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char optionsprompt[PATH_MAX] = "followme/options";
data/asterisk-16.15.0~dfsg/apps/app_followme.c:279:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char plsholdprompt[PATH_MAX] = "followme/pls-hold-while-try";
data/asterisk-16.15.0~dfsg/apps/app_followme.c:280:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char statusprompt[PATH_MAX] = "followme/status";
data/asterisk-16.15.0~dfsg/apps/app_followme.c:281:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char sorryprompt[PATH_MAX] = "followme/sorry";
data/asterisk-16.15.0~dfsg/apps/app_followme.c:282:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char connprompt[PATH_MAX] = "";
data/asterisk-16.15.0~dfsg/apps/app_followme.c:538:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char copy[strlen(var->value) + 1];
data/asterisk-16.15.0~dfsg/apps/app_followme.c:546:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					timeout = atoi(tmp);
data/asterisk-16.15.0~dfsg/apps/app_followme.c:552:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
						numorder = atoi(tmp);
data/asterisk-16.15.0~dfsg/apps/app_followme.c:1037:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char num[512];
data/asterisk-16.15.0~dfsg/apps/app_followme.c:1308:67:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		if ((cur = create_followme_number(ast_str_buffer(str), timeout, atoi(ordstr)))) {
data/asterisk-16.15.0~dfsg/apps/app_followme.c:1320:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[80];
data/asterisk-16.15.0~dfsg/apps/app_followme.c:1353:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *opt_args[FOLLOWMEFLAG_ARG_ARRAY_SIZE];
data/asterisk-16.15.0~dfsg/apps/app_followme.c:1581:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char fn[PATH_MAX + sizeof(REC_FORMAT)];
data/asterisk-16.15.0~dfsg/apps/app_getcpeid.c:59:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *tmp[5];
data/asterisk-16.15.0~dfsg/apps/app_getcpeid.c:70:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char cpeid[4];
data/asterisk-16.15.0~dfsg/apps/app_getcpeid.c:74:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *data[4];
data/asterisk-16.15.0~dfsg/apps/app_getcpeid.c:80:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(data[0], "** CPE Info **");
data/asterisk-16.15.0~dfsg/apps/app_getcpeid.c:81:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(data[1], "Identifying CPE...");
data/asterisk-16.15.0~dfsg/apps/app_getcpeid.c:82:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(data[2], "Please wait...");
data/asterisk-16.15.0~dfsg/apps/app_getcpeid.c:93:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(data[1], "Measuring CPE...");
data/asterisk-16.15.0~dfsg/apps/app_getcpeid.c:94:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(data[2], "Please wait...");
data/asterisk-16.15.0~dfsg/apps/app_getcpeid.c:107:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(data[1], "CPEID Unknown");
data/asterisk-16.15.0~dfsg/apps/app_getcpeid.c:111:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(data[2], "Geometry unknown");
data/asterisk-16.15.0~dfsg/apps/app_getcpeid.c:112:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(data[3], "Press # to exit");
data/asterisk-16.15.0~dfsg/apps/app_ices.c:118:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename[256]="";
data/asterisk-16.15.0~dfsg/apps/app_ices.c:153:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	if (((char *)data)[0] == '/')
data/asterisk-16.15.0~dfsg/apps/app_jack.c:712:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *option_args[OPT_ARG_ARRAY_SIZE];
data/asterisk-16.15.0~dfsg/apps/app_macro.c:175:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char varname[10];
data/asterisk-16.15.0~dfsg/apps/app_macro.c:242:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fullmacro[80];
data/asterisk-16.15.0~dfsg/apps/app_macro.c:243:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char varname[80];
data/asterisk-16.15.0~dfsg/apps/app_macro.c:244:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char runningapp[80], runningdata[1024];
data/asterisk-16.15.0~dfsg/apps/app_macro.c:245:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *oldargs[MAX_ARGS + 1] = { NULL, };
data/asterisk-16.15.0~dfsg/apps/app_macro.c:248:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char oldexten[256]="";
data/asterisk-16.15.0~dfsg/apps/app_macro.c:250:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pc[80], depthc[12];
data/asterisk-16.15.0~dfsg/apps/app_macro.c:251:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char oldcontext[AST_MAX_CONTEXT] = "";
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:833:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char namerecloc[PATH_MAX];				/*!< Name Recorded file Location */
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:834:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char language[MAX_LANGUAGE];
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:845:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char confno[MAX_CONFNUM];               /*!< Conference */
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:865:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pin[MAX_PIN];                      /*!< If protected by a PIN */
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:866:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pinadmin[MAX_PIN];                 /*!< If protected by a admin PIN */
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:867:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char uniqueid[32];
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:903:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char usrvalue[50];                      /*!< Custom User Value */
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:904:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char namerecloc[PATH_MAX];		/*!< Name Recorded file Location */
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:1652:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	cnf->fd = open("/dev/dahdi/pseudo", O_RDWR);
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:1746:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char usrno[50];
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:2157:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char ring_timeout[16] = "(none)";
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:2231:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char ring_timeout[16] = "(none)";
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:2232:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char ring_delay[16] = "(none)";
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:2261:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(ring_timeout, "(none)");
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:2267:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(ring_delay, "(none)");
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:2525:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char currenttime[32];
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:2526:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char endtime[32];
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:2530:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char bookid[51];
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:2620:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename[PATH_MAX] = "";
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:3209:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char meetmesecs[30] = "";
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:3210:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exitcontext[AST_MAX_CONTEXT] = "";
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:3211:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char recordingtmp[AST_MAX_EXTENSION * 2] = "";
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:3212:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char members[10] = "";
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:3216:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char __buf[CONF_SIZE + AST_FRIENDLY_OFFSET];
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:3252:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		calldurationlimit = atoi(optargs[OPT_ARG_DURATION_STOP]);
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:3265:15:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		timelimit = atol(limit_str);
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:3267:19:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			play_warning = atol(warning_str);
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:3269:19:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			warning_freq = atol(warnfreq_str);
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:3441:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char destdir[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:3610:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fd = open("/dev/dahdi/pseudo", O_RDWR | O_NONBLOCK);
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:3773:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char currenttime[32];
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:4119:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char dtmfstr[2] = "";
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:4524:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char recordingfilename[256] = "";
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:4525:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char recordingformat[11] = "";
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:4526:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char currenttime[32] = "";
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:4527:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char eatime[32] = "";
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:4528:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char bookid[51] = "";
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:4529:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char recordingtmp[AST_MAX_EXTENSION * 2] = "";
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:4530:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char useropts[OPTIONS_LEN + 1] = ""; /* Used for RealTime conferences */
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:4531:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char adminopts[OPTIONS_LEN + 1] = "";
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:4599:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				maxusers = atoi(var->value);
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:4741:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char parse[MAX_SETTINGS];
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:4798:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char val[80] = "0";
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:4840:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char confno[MAX_CONFNUM] = "";
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:4850:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *info, the_pin[MAX_PIN] = "";
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:4856:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *optargs[OPT_ARG_ARRAY_SIZE] = { NULL, };
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:4908:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
						char parse[MAX_SETTINGS], *stringp = parse, *confno_tmp;
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:5067:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char pin[MAX_PIN] = "";
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:5525:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char idText[80] = "";
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:5596:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char idText[80] = "";
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:5601:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char markedusers[5];
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:5622:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(markedusers, "N/A");
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:5624:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(markedusers, "%.4d", cnf->markedusers);
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:5690:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename_buffer[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:6118:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[80];
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:6858:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char conf_name[MAX_CONFNUM];
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:7011:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char conf_name[MAX_CONFNUM];
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:7230:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char conf_name[MAX_CONFNUM];
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:7239:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *opts[SLA_TRUNK_OPT_ARG_ARRAY_SIZE] = { NULL, };
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:7390:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char exten[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:7391:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char hint[AST_MAX_APP];
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:7728:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char exten[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:7729:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char hint[AST_MAX_APP];
data/asterisk-16.15.0~dfsg/apps/app_milliwatt.c:79:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[AST_FRIENDLY_OFFSET + 640];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:558:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char MVM_SPOOL_DIR[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:601:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char username[AST_MAX_CONTEXT];	/*!< Mailbox username */
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:602:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char domain[AST_MAX_CONTEXT];	/*!< Voicemail domain */
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:604:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pincode[10];		/*!< Secret pin code, numbers only */
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:605:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fullname[120];		/*!< Full name, for directory app */
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:606:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char email[80];			/*!< E-mail address - override */
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:607:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pager[80];			/*!< E-mail address to pager (no attachment) */
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:608:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char accountcode[AST_MAX_ACCOUNT_CODE];	/*!< Voicemail account account code */
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:609:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char serveremail[80];		/*!< From: Mail address */
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:610:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char externnotify[160];		/*!< Configurable notification command */
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:611:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char language[MAX_LANGUAGE];    /*!< Config: Language setting */
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:612:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char zonetag[80];		/*!< Time zone */
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:613:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char uniqueid[20];		/*!< Unique integer identifier */
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:614:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exit[80];			/*!< Options for exiting from voicemail() */
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:615:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char attachfmt[80];		/*!< Format for voicemail audio file attachment */
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:616:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char etemplate[80];		/*!< Pager template */
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:617:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ptemplate[80];		/*!< Voicemail format */
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:634:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	name[80];		/*!< Template name */
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:636:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	fromaddress[100];	/*!< Who's sending the e-mail? */
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:637:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	serveremail[80];	/*!< From: Mail address */
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:638:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	subject[100];		/*!< Subject line */
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:639:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	charset[32];		/*!< Default character set for this template */
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:640:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	locale[20];		/*!< Locale for setlocale() */
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:641:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	dateformat[80];		/*!< Date format to use in this attachment */
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:661:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char iobuf[B64_BASEMAXINLINE];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:666:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[80];				/*!< Name of this time zone */
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:667:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char timezone[80];			/*!< Timezone definition */
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:668:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msg_format[BUFSIZ];		/*!< Not used in minivm ...yet */
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:699:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char global_mailcmd[160];	/*!< Configurable mail cmd */
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:700:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char global_externnotify[160]; 	/*!< External notification application */
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:701:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char global_logfile[PATH_MAX];	/*!< Global log file for messages */
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:702:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char default_vmformat[80];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:907:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char dtable[B64_BASEMAXINLINE];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:915:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(fi = fopen(filename, "rb"))) {
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:937:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		unsigned char igroup[3], ogroup[4];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:1004:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char callerid[256];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:1115:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[MAXHOSTNAMELEN];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:1240:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char email[256] = "";
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:1241:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char who[256] = "";
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:1242:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char date[256];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:1243:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char bound[256];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:1244:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fname[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:1245:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dur[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:1246:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[80] = "/tmp/astmail-XXXXXX";
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:1247:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mail_cmd_buffer[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:1248:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sox_gain_tmpdir[PATH_MAX] = ""; /* Only used with volgain */
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:1283:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char sox_gain_cmd[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:1308:8:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
	pfd = mkstemp(tmp);
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:1369:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char host[MAXHOSTNAMELEN];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:1576:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:1778:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fquser[AST_MAX_CONTEXT * 2];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:1779:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *argv[5] = { NULL };
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:1820:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char oldlocale[100];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:1914:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmptxtfile[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:1915:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char callerid[256];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:1920:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char date[256];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:1921:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmpdir[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:1922:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ext_context[256] = "";
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:1923:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fmt[80];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:1925:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256] = "";
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:1974:11:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
	txtdes = mkstemp(tmptxtfile);
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2003:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char timebuf[30];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2004:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char logbuf[BUFSIZ];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2102:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *argv[4];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2105:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2129:63:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	queue_mwi_event(ast_channel_uniqueid(chan), mailbox, domain, atoi(argv[1]), atoi(argv[2]), atoi(argv[3]));
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2129:78:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	queue_mwi_event(ast_channel_uniqueid(chan), mailbox, domain, atoi(argv[1]), atoi(argv[2]), atoi(argv[3]));
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2129:93:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	queue_mwi_event(ast_channel_uniqueid(chan), mailbox, domain, atoi(argv[1]), atoi(argv[2]), atoi(argv[3]));
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2140:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *argv[2];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2142:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2195:59:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		res = notify_new_message(chan, template, vmu, filename, atoi(duration_string),
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2221:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *argv[2];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2223:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *opts[OPT_ARG_ARRAY_SIZE];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2272:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *argv[2];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2274:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *opts[OPT_ARG_ARRAY_SIZE];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2279:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2280:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dest[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2281:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char prefile[PATH_MAX] = "";
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2282:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tempfile[PATH_MAX] = "";
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2283:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ext_context[256] = "";
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2285:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ecodes[16] = "#";
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2461:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename[BUFSIZ];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2499:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *argv[2];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2500:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2501:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2507:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *opts[OPT_ARG_ARRAY_SIZE];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2599:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char accbuf[BUFSIZ];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2655:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char varname[strlen(var->value) + 1];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2740:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZ * 6];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2741:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char readbuf[BUFSIZ];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2742:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filenamebuf[BUFSIZ];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2755:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(fi = fopen(filenamebuf, "r"))) {
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2815:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			global_maxgreet = atoi(var->value);
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2817:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			global_maxsilence = atoi(var->value);
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2832:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			global_silencethreshold = atoi(var->value);
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2993:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		minivmlogfile = fopen(global_logfile, "a");
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:3099:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char tmp[256] = "";
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:3188:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZ];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:3321:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename[BUFSIZ];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:3322:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char readbuf[BUFSIZ];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:3332:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		counterfile = fopen(filename, "r");
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:3336:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				old = counter = atoi(readbuf);
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:3358:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	counterfile = fopen(filename, "w");
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:3375:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char userpath[BUFSIZ];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:3428:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char userpath[BUFSIZ];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:3434:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	change = atoi(value);
data/asterisk-16.15.0~dfsg/apps/app_mixmonitor.c:314:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mailbox[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/apps/app_mixmonitor.c:315:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/apps/app_mixmonitor.c:316:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char folder[80];
data/asterisk-16.15.0~dfsg/apps/app_mixmonitor.c:873:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char postprocess2[1024] = "";
data/asterisk-16.15.0~dfsg/apps/app_mixmonitor.c:949:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char callerid[256];
data/asterisk-16.15.0~dfsg/apps/app_mixmonitor.c:1033:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ext, ".WAV", sizeof(".WAV"));
data/asterisk-16.15.0~dfsg/apps/app_mixmonitor.c:1049:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename_buffer[1024] = "";
data/asterisk-16.15.0~dfsg/apps/app_mixmonitor.c:1051:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char beep_id[64] = "";
data/asterisk-16.15.0~dfsg/apps/app_mixmonitor.c:1072:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char *opts[OPT_ARG_ARRAY_SIZE] = { NULL, };
data/asterisk-16.15.0~dfsg/apps/app_mixmonitor.c:1380:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char args[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_mixmonitor.c:1404:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *opts[OPT_ARG_ARRAY_SIZE] = { NULL, };
data/asterisk-16.15.0~dfsg/apps/app_mixmonitor.c:1409:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char args[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_morsecode.c:117:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dtmf[20];
data/asterisk-16.15.0~dfsg/apps/app_mp3.c:82:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sampling_rate_str[8];
data/asterisk-16.15.0~dfsg/apps/app_mp3.c:100:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char buffer_size_str[8];
data/asterisk-16.15.0~dfsg/apps/app_mp3.c:110:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char buffer_size_str[8];
data/asterisk-16.15.0~dfsg/apps/app_mp3.c:184:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char offset[AST_FRIENDLY_OFFSET];
data/asterisk-16.15.0~dfsg/apps/app_nbscat.c:122:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char offset[AST_FRIENDLY_OFFSET];
data/asterisk-16.15.0~dfsg/apps/app_originate.c:159:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *opt_args[OPT_ARG_ARRAY_SIZE];
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:538:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[OSP_SIZE_NORSTR];						/* OSP provider context name */
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:539:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char privatekey[OSP_SIZE_NORSTR];				/* OSP private key file name */
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:540:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char localcert[OSP_SIZE_NORSTR];				/* OSP local cert file name */
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:542:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cacerts[OSP_MAX_CERTS][OSP_SIZE_NORSTR];	/* Cacert file names */
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:544:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char spoints[OSP_MAX_SPOINTS][OSP_SIZE_NORSTR];	/* Service point URLs */
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:549:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char source[OSP_SIZE_NORSTR];					/* IP of self */
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:559:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[OSP_SIZE_NORSTR];		/* Call ID string */
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:586:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char intech[OSP_SIZE_TECHSTR];						/* Inbound Asterisk TECH string */
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:587:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char outtech[OSP_SIZE_TECHSTR];						/* Outbound Asterisk TECH string */
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:588:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dest[OSP_SIZE_NORSTR];							/* Outbound destination IP address */
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:589:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char calling[OSP_SIZE_NORSTR];						/* Outbound calling number, may be translated */
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:590:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char called[OSP_SIZE_NORSTR];						/* Outbound called number, may be translated */
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:591:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char token[OSP_SIZE_TOKSTR];						/* Outbound OSP token */
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:592:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char networkid[OSP_SIZE_NORSTR];					/* Outbound network ID */
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:593:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char nprn[OSP_SIZE_NORSTR];							/* Outbound NP routing number */
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:594:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char npcic[OSP_SIZE_NORSTR];						/* Outbound NP carrier identification code */
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:596:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char opname[OSPC_OPNAME_NUMBER][OSP_SIZE_NORSTR];	/* Outbound Operator names */
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:656:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char privatekeydata[OSP_SIZE_KEYSTR];
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:657:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char localcertdata[OSP_SIZE_KEYSTR];
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:658:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char cacertdata[OSP_SIZE_KEYSTR];
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:998:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[OSP_SIZE_NORSTR];
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:1037:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[OSP_SIZE_NORSTR];
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:1092:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char tokenstr[OSP_SIZE_TOKSTR];
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:1093:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char src[OSP_SIZE_OUTSTR];
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:1094:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dest[OSP_SIZE_OUTSTR];
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:1184:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dest[OSP_SIZE_NORSTR];
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:1341:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dest[OSP_SIZE_NORSTR];
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:1405:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(uuid, tmp, OSP_SIZE_UUID);
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:1515:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char source[OSP_SIZE_NORSTR];
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:1516:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char callingnum[OSP_SIZE_NORSTR];
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:1517:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char callednum[OSP_SIZE_NORSTR];
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:1518:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char destination[OSP_SIZE_NORSTR];
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:1521:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char token[OSP_SIZE_TOKSTR];
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:1522:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char src[OSP_SIZE_OUTSTR];
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:1523:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dev[OSP_SIZE_OUTSTR];
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:1524:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char host[OSP_SIZE_OUTSTR];
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:1529:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dest[OSP_SIZE_OUTSTR];
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:1806:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char calling[OSP_SIZE_NORSTR];
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:1807:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char called[OSP_SIZE_NORSTR];
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:1808:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dest[OSP_SIZE_NORSTR];
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:1810:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char token[OSP_SIZE_TOKSTR];
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:1978:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[OSP_SIZE_NORSTR];
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2269:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[OSP_SIZE_INTSTR];
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2354:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[OSP_SIZE_TOKSTR + strlen(": ") + strlen(OSP_SIP_HEADER)];
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2640:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[OSP_SIZE_TOKSTR + strlen(": ") + strlen(OSP_SIP_HEADER)];
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2824:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[OSP_SIZE_INTSTR];
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2825:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char inqos[OSP_SIZE_QOSSTR] = { 0 };
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2826:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char outqos[OSP_SIZE_QOSSTR] = { 0 };
data/asterisk-16.15.0~dfsg/apps/app_page.c:165:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *opts[OPT_ARG_ARRAY_SIZE];
data/asterisk-16.15.0~dfsg/apps/app_page.c:254:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char confbridgeopts[128];
data/asterisk-16.15.0~dfsg/apps/app_page.c:255:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char originator[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/apps/app_page.c:292:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		timeout = atoi(args.timeout);
data/asterisk-16.15.0~dfsg/apps/app_playback.c:233:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char fn[128];
data/asterisk-16.15.0~dfsg/apps/app_playback.c:258:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char fn2[sizeof(fn)];
data/asterisk-16.15.0~dfsg/apps/app_playback.c:304:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[64];
data/asterisk-16.15.0~dfsg/apps/app_playback.c:314:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[64];
data/asterisk-16.15.0~dfsg/apps/app_playback.c:323:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[128];
data/asterisk-16.15.0~dfsg/apps/app_privacy.c:94:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char phone[30];
data/asterisk-16.15.0~dfsg/apps/app_queue.c:1547:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char interface[256];			/*!< An Asterisk dial string (not a channel name) */
data/asterisk-16.15.0~dfsg/apps/app_queue.c:1568:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char moh[MAX_MUSICCLASS];              /*!< Name of musiconhold to be used */
data/asterisk-16.15.0~dfsg/apps/app_queue.c:1569:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char announce[PATH_MAX];               /*!< Announcement to play for member when call is answered */
data/asterisk-16.15.0~dfsg/apps/app_queue.c:1570:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[AST_MAX_CONTEXT];         /*!< Context when user exits queue */
data/asterisk-16.15.0~dfsg/apps/app_queue.c:1571:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char digits[AST_MAX_EXTENSION];        /*!< Digits entered while in queue */
data/asterisk-16.15.0~dfsg/apps/app_queue.c:1599:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char interface[AST_CHANNEL_NAME];    /*!< Technology/Location to dial to reach this member*/
data/asterisk-16.15.0~dfsg/apps/app_queue.c:1600:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char state_exten[AST_MAX_EXTENSION]; /*!< Extension to get state from (if using hint) */
data/asterisk-16.15.0~dfsg/apps/app_queue.c:1601:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char state_context[AST_MAX_CONTEXT]; /*!< Context to use when getting state (if using hint) */
data/asterisk-16.15.0~dfsg/apps/app_queue.c:1602:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char state_interface[AST_CHANNEL_NAME]; /*!< Technology/Location from which to read devicestate changes */
data/asterisk-16.15.0~dfsg/apps/app_queue.c:1604:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char membername[80];                 /*!< Member name to use in queue logs */
data/asterisk-16.15.0~dfsg/apps/app_queue.c:1611:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char reason_paused[80];              /*!< Reason of paused if member is paused */
data/asterisk-16.15.0~dfsg/apps/app_queue.c:1621:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char rt_uniqueid[80];                /*!< Unique id of realtime member entry */
data/asterisk-16.15.0~dfsg/apps/app_queue.c:1739:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char monfmt[8];                     /*!< Format to use when recording calls */
data/asterisk-16.15.0~dfsg/apps/app_queue.c:1765:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[80];
data/asterisk-16.15.0~dfsg/apps/app_queue.c:1934:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char interfacevar[256]="";
data/asterisk-16.15.0~dfsg/apps/app_queue.c:2515:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char interface[80], *slash_pos;
data/asterisk-16.15.0~dfsg/apps/app_queue.c:2925:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if ((penaltychangetime = atoi(timestr)) < 0) {
data/asterisk-16.15.0~dfsg/apps/app_queue.c:2939:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	rule->max_value = atoi(maxstr);
data/asterisk-16.15.0~dfsg/apps/app_queue.c:2945:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		rule->min_value = atoi(minstr);
data/asterisk-16.15.0~dfsg/apps/app_queue.c:2954:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		rule->raise_value = atoi(raisestr);
data/asterisk-16.15.0~dfsg/apps/app_queue.c:3154:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		q->timeout = atoi(val);
data/asterisk-16.15.0~dfsg/apps/app_queue.c:3197:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		q->announcefrequency = atoi(val);
data/asterisk-16.15.0~dfsg/apps/app_queue.c:3201:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		q->minannouncefrequency = atoi(val);
data/asterisk-16.15.0~dfsg/apps/app_queue.c:3204:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		q->roundingseconds = atoi(val);
data/asterisk-16.15.0~dfsg/apps/app_queue.c:3239:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		q->announcepositionlimit = atoi(val);
data/asterisk-16.15.0~dfsg/apps/app_queue.c:3261:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		q->periodicannouncefrequency = atoi(val);
data/asterisk-16.15.0~dfsg/apps/app_queue.c:3267:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		q->retry = atoi(val);
data/asterisk-16.15.0~dfsg/apps/app_queue.c:3272:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		q->wrapuptime = atoi(val);
data/asterisk-16.15.0~dfsg/apps/app_queue.c:3286:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		q->autopausedelay = atoi(val);
data/asterisk-16.15.0~dfsg/apps/app_queue.c:3292:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		q->maxlen = atoi(val);
data/asterisk-16.15.0~dfsg/apps/app_queue.c:3297:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		q->servicelevel= atoi(val);
data/asterisk-16.15.0~dfsg/apps/app_queue.c:3326:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		q->memberdelay = atoi(val);
data/asterisk-16.15.0~dfsg/apps/app_queue.c:3328:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		q->weight = atoi(val);
data/asterisk-16.15.0~dfsg/apps/app_queue.c:3424:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		penalty = atoi(penalty_str);
data/asterisk-16.15.0~dfsg/apps/app_queue.c:3433:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		paused = atoi(paused_str);
data/asterisk-16.15.0~dfsg/apps/app_queue.c:3440:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		wrapuptime = atoi(wrapuptime_str);
data/asterisk-16.15.0~dfsg/apps/app_queue.c:3569:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmpbuf[64];	/* Must be longer than the longest queue param name. */
data/asterisk-16.15.0~dfsg/apps/app_queue.c:4168:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char posstr[20];
data/asterisk-16.15.0~dfsg/apps/app_queue.c:4482:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tech[256];
data/asterisk-16.15.0~dfsg/apps/app_queue.c:4950:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char on[80] = "";
data/asterisk-16.15.0~dfsg/apps/app_queue.c:4951:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char membername[80] = "";
data/asterisk-16.15.0~dfsg/apps/app_queue.c:5018:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char ochan_name[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/apps/app_queue.c:5071:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char forwarder[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/apps/app_queue.c:5072:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char tmpchan[256];
data/asterisk-16.15.0~dfsg/apps/app_queue.c:5541:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char max_penalty_str[20];
data/asterisk-16.15.0~dfsg/apps/app_queue.c:5562:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char min_penalty_str[20];
data/asterisk-16.15.0~dfsg/apps/app_queue.c:5588:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char raise_penalty_str[20];
data/asterisk-16.15.0~dfsg/apps/app_queue.c:6621:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char escaped[size];
data/asterisk-16.15.0~dfsg/apps/app_queue.c:6650:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char escaped_filename[256];
data/asterisk-16.15.0~dfsg/apps/app_queue.c:6651:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char file_with_ext[sizeof(escaped_filename) + sizeof(qe->parent->monfmt)];
data/asterisk-16.15.0~dfsg/apps/app_queue.c:6652:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mixmonargs[1512];
data/asterisk-16.15.0~dfsg/apps/app_queue.c:6653:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char escaped_monitor_exec[1024];
data/asterisk-16.15.0~dfsg/apps/app_queue.c:6727:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char oldexten[AST_MAX_EXTENSION]="";
data/asterisk-16.15.0~dfsg/apps/app_queue.c:6728:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char oldcontext[AST_MAX_CONTEXT]="";
data/asterisk-16.15.0~dfsg/apps/app_queue.c:6729:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char queuename[256]="";
data/asterisk-16.15.0~dfsg/apps/app_queue.c:6747:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmpid[256];
data/asterisk-16.15.0~dfsg/apps/app_queue.c:7597:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char rtpenalty[80];
data/asterisk-16.15.0~dfsg/apps/app_queue.c:7599:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(rtpenalty, "%i", penalty);
data/asterisk-16.15.0~dfsg/apps/app_queue.c:8068:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		wrapuptime = atoi(tmp);
data/asterisk-16.15.0~dfsg/apps/app_queue.c:8216:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *opt_args[OPT_ARG_ARRAY_SIZE];
data/asterisk-16.15.0~dfsg/apps/app_queue.c:8259:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		qe.expire = qe.start + atoi(args.queuetimeoutstr);
data/asterisk-16.15.0~dfsg/apps/app_queue.c:8332:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		position = atoi(args.position);
data/asterisk-16.15.0~dfsg/apps/app_queue.c:8559:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char interfacevar[256] = "";
data/asterisk-16.15.0~dfsg/apps/app_queue.c:8775:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	memvalue = atoi(value);
data/asterisk-16.15.0~dfsg/apps/app_queue.c:9063:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	penalty = atoi(value);
data/asterisk-16.15.0~dfsg/apps/app_queue.c:9269:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		penalty = atoi(tmp);
data/asterisk-16.15.0~dfsg/apps/app_queue.c:9310:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		wrapuptime = atoi(tmp);
data/asterisk-16.15.0~dfsg/apps/app_queue.c:9997:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char idText[256];
data/asterisk-16.15.0~dfsg/apps/app_queue.c:10073:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char idText[256];
data/asterisk-16.15.0~dfsg/apps/app_queue.c:10403:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(num, "%d", state);
data/asterisk-16.15.0~dfsg/apps/app_queue.c:10467:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	penalty = atoi(penalty_s);
data/asterisk-16.15.0~dfsg/apps/app_queue.c:10941:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	penalty = atoi(a->argv[3]);
data/asterisk-16.15.0~dfsg/apps/app_queue.c:11149:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		newtalktime = atoi(args.talktime);
data/asterisk-16.15.0~dfsg/apps/app_read.c:130:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256] = "";
data/asterisk-16.15.0~dfsg/apps/app_read.c:163:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		tries = atoi(arglist.attempts);
data/asterisk-16.15.0~dfsg/apps/app_read.c:180:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		maxdigits = atoi(arglist.maxdigits);
data/asterisk-16.15.0~dfsg/apps/app_readexten.c:122:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten[256] = "";
data/asterisk-16.15.0~dfsg/apps/app_readexten.c:165:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		timeout = atoi(arglist.timeout);
data/asterisk-16.15.0~dfsg/apps/app_record.c:190:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char directory[PATH_MAX], *file_sep;
data/asterisk-16.15.0~dfsg/apps/app_record.c:227:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_sayunixtime.c:132:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *opt_args[OPT_ARG_ARRAY_SIZE];
data/asterisk-16.15.0~dfsg/apps/app_skel.c:386:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *parse, *opts[OPTION_ARG_ARRAY_SIZE];
data/asterisk-16.15.0~dfsg/apps/app_skel.c:448:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char buf[buflen];
data/asterisk-16.15.0~dfsg/apps/app_sms.c:122:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char log_file[255];
data/asterisk-16.15.0~dfsg/apps/app_sms.c:142:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char wavea[80];
data/asterisk-16.15.0~dfsg/apps/app_sms.c:225:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char queue[30];              /*!< queue name */
data/asterisk-16.15.0~dfsg/apps/app_sms.c:226:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char oa[20];                 /*!< originating address */
data/asterisk-16.15.0~dfsg/apps/app_sms.c:227:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char da[20];                 /*!< destination address */
data/asterisk-16.15.0~dfsg/apps/app_sms.c:239:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char udh[SMSLEN];   /*!< user data header */
data/asterisk-16.15.0~dfsg/apps/app_sms.c:240:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cli[20];                /*!< caller ID */
data/asterisk-16.15.0~dfsg/apps/app_sms.c:249:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char omsg[256];     /*!< data buffer (out) */
data/asterisk-16.15.0~dfsg/apps/app_sms.c:250:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char imsg[250];     /*!< data buffer (in) */
data/asterisk-16.15.0~dfsg/apps/app_sms.c:277:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char udtxt[SMSLEN];          /*!< user data (message), PLAIN text */
data/asterisk-16.15.0~dfsg/apps/app_sms.c:374:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char dummy[SMSLEN];
data/asterisk-16.15.0~dfsg/apps/app_sms.c:449:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char dummy[SMSLEN_8];
data/asterisk-16.15.0~dfsg/apps/app_sms.c:488:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char dummy[SMSLEN_8];
data/asterisk-16.15.0~dfsg/apps/app_sms.c:781:6:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	o = open(log_file, O_CREAT | O_APPEND | O_WRONLY, AST_FILE_MODE);
data/asterisk-16.15.0~dfsg/apps/app_sms.c:783:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char line[1000], mrs[3] = "", *p;
data/asterisk-16.15.0~dfsg/apps/app_sms.c:784:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[30];
data/asterisk-16.15.0~dfsg/apps/app_sms.c:829:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line[1000];
data/asterisk-16.15.0~dfsg/apps/app_sms.c:837:6:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	s = fopen(fn, "r");
data/asterisk-16.15.0~dfsg/apps/app_sms.c:863:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(h->udtxt, p, SMSLEN); /* for protocol 2 */
data/asterisk-16.15.0~dfsg/apps/app_sms.c:880:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
						h->pid = atoi(p);
data/asterisk-16.15.0~dfsg/apps/app_sms.c:882:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
						h->dcs = atoi(p);
data/asterisk-16.15.0~dfsg/apps/app_sms.c:885:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
						h->mr = atoi(p);
data/asterisk-16.15.0~dfsg/apps/app_sms.c:887:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
						h->srr = (atoi(p) ? 1 : 0);
data/asterisk-16.15.0~dfsg/apps/app_sms.c:889:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
						h->vp = atoi(p);
data/asterisk-16.15.0~dfsg/apps/app_sms.c:891:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
						h->rp = (atoi(p) ? 1 : 0);
data/asterisk-16.15.0~dfsg/apps/app_sms.c:1000:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[200] = "", fn2[200] = "";
data/asterisk-16.15.0~dfsg/apps/app_sms.c:1001:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[30];
data/asterisk-16.15.0~dfsg/apps/app_sms.c:1012:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((o = fopen(fn, "w")) == NULL) {
data/asterisk-16.15.0~dfsg/apps/app_sms.c:1072:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char datebuf[30];
data/asterisk-16.15.0~dfsg/apps/app_sms.c:1217:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char stm[45];
data/asterisk-16.15.0~dfsg/apps/app_sms.c:1226:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(stm, "%02d%02d%02d%02d", tm.tm_mon + 1, tm.tm_mday, tm.tm_hour, tm.tm_min);  /* Date mmddHHMM */
data/asterisk-16.15.0~dfsg/apps/app_sms.c:1229:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(h->oa, "00000000");
data/asterisk-16.15.0~dfsg/apps/app_sms.c:1238:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(h->da, "00000000");
data/asterisk-16.15.0~dfsg/apps/app_sms.c:1255:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(p, "%02hhX ", (unsigned char)buf[f]);
data/asterisk-16.15.0~dfsg/apps/app_sms.c:1268:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char debug_buf[MAX_DEBUG_LEN * 3 + 1];
data/asterisk-16.15.0~dfsg/apps/app_sms.c:1444:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[100 + NAME_MAX] = "";
data/asterisk-16.15.0~dfsg/apps/app_sms.c:1487:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char txt[259 * 3 + 1];
data/asterisk-16.15.0~dfsg/apps/app_sms.c:1493:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(p, " %02hhX", msg[q++]);
data/asterisk-16.15.0~dfsg/apps/app_sms.c:1497:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(p, "...");
data/asterisk-16.15.0~dfsg/apps/app_sms.c:1887:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *parse, *sms_opts[OPTION_ARG_ARRAY_SIZE] = { 0, };
data/asterisk-16.15.0~dfsg/apps/app_sms.c:1940:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		h.opause_0 = atoi(sms_opts[OPTION_ARG_PAUSE]);
data/asterisk-16.15.0~dfsg/apps/app_softhangup.c:77:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *cut, *opts[0];
data/asterisk-16.15.0~dfsg/apps/app_softhangup.c:78:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[AST_CHANNEL_NAME] = "", *parse;
data/asterisk-16.15.0~dfsg/apps/app_speech_utils.c:344:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		nbest_num = atoi(result_num);
data/asterisk-16.15.0~dfsg/apps/app_speech_utils.c:345:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		wanted_num = atoi(tmp);
data/asterisk-16.15.0~dfsg/apps/app_speech_utils.c:347:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		wanted_num = atoi(result_num);
data/asterisk-16.15.0~dfsg/apps/app_speech_utils.c:367:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[128] = "";
data/asterisk-16.15.0~dfsg/apps/app_speech_utils.c:499:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[128] = "";
data/asterisk-16.15.0~dfsg/apps/app_speech_utils.c:707:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dtmf[AST_MAX_EXTENSION] = "";
data/asterisk-16.15.0~dfsg/apps/app_speech_utils.c:755:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		max_dtmf_len = atoi(tmp2);
data/asterisk-16.15.0~dfsg/apps/app_stack.c:255:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char extension[0];
data/asterisk-16.15.0~dfsg/apps/app_stack.c:522:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char argname[15];
data/asterisk-16.15.0~dfsg/apps/app_stack.c:810:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	n = atoi(args.n);
data/asterisk-16.15.0~dfsg/apps/app_stack.c:854:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	n = atoi(args.n);
data/asterisk-16.15.0~dfsg/apps/app_stream_echo.c:80:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char frame_type[32];
data/asterisk-16.15.0~dfsg/apps/app_talkdetect.c:179:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char t[2];
data/asterisk-16.15.0~dfsg/apps/app_talkdetect.c:203:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
								char ms_str[12];
data/asterisk-16.15.0~dfsg/apps/app_test.c:158:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[80];
data/asterisk-16.15.0~dfsg/apps/app_test.c:159:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char serverver[80];
data/asterisk-16.15.0~dfsg/apps/app_test.c:203:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ((f = fopen(fn, "w+"))) {
data/asterisk-16.15.0~dfsg/apps/app_test.c:332:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char testid[80]="";
data/asterisk-16.15.0~dfsg/apps/app_test.c:359:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char fn[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_test.c:366:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ((f = fopen(fn, "w+"))) {
data/asterisk-16.15.0~dfsg/apps/app_url.c:101:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *opts[0];
data/asterisk-16.15.0~dfsg/apps/app_verbose.c:113:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char extension[AST_MAX_EXTENSION + 5], context[AST_MAX_EXTENSION + 2];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:516:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char imapserver[48] = "localhost";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:517:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char imapport[8] = "143";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:518:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char imapflags[128];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:519:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char imapfolder[64] = "INBOX";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:520:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char imapparentfolder[64];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:521:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char greetingfolder[64] = "INBOX";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:522:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char authuser[32];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:523:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char authpassword[42];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:814:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char iobuf[BASEMAXINLINE];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:825:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[MAX_VM_CONTEXT_LEN];/*!< Voicemail context */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:826:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mailbox[MAX_VM_MBOX_ID_LEN];/*!< Mailbox id, unique within vm context */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:827:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char password[80];               /*!< Secret pin code, numbers only */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:828:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fullname[80];               /*!< Full name, for directory app */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:832:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pager[80];                  /*!< E-mail address to pager (no attachment) */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:833:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char serveremail[80];            /*!< From: Mail address */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:834:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fromstring[100];            /*!< From: Username */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:835:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char language[MAX_LANGUAGE];     /*!< Config: Language setting */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:836:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char zonetag[80];                /*!< Time zone */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:837:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char locale[20];                 /*!< The locale (for presentation of date/time) */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:838:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char callback[80];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:839:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dialout[80];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:840:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char uniqueid[80];               /*!< Unique integer identifier */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:841:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exit[80];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:842:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char attachfmt[20];              /*!< Attachment format */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:851:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char imapserver[48];             /*!< IMAP server address */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:852:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char imapport[8];                /*!< IMAP server port */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:853:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char imapflags[128];             /*!< IMAP optional flags */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:854:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char imapuser[80];               /*!< IMAP server login */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:855:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char imappassword[80];           /*!< IMAP server password if authpassword not defined */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:856:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char imapfolder[64];             /*!< IMAP voicemail folder */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:857:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char imapvmshareid[80];          /*!< Shared mailbox ID to use rather than the dialed one */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:867:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[80];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:868:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char timezone[80];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:869:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msg_format[512];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:876:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char curbox[80];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:877:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char username[80];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:878:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[80];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:879:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char curdir[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:880:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char vmbox[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:881:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:882:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char intro[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:900:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char imapuser[80];                   /*!< IMAP server login */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:901:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char imapfolder[64];                 /*!< IMAP voicemail folder */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:902:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char imapserver[48];                 /*!< IMAP server address */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:903:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char imapport[8];                    /*!< IMAP server port */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:904:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char imapflags[128];                 /*!< IMAP optional flags */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:907:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char introfn[PATH_MAX];              /*!< Name of prepended file */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:915:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char odbc_database[80] = "asterisk";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:916:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char odbc_table[80] = "voicemessages";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:947:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char VM_SPOOL_DIR[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:949:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ext_pass_cmd[128];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:950:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ext_pass_check_cmd[128];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:968:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char userscontext[AST_MAX_EXTENSION] = "default";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:987:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char zonetag[80];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:988:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char locale[20];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:993:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char serveremail[80] = ASTERISK_USERNAME;
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:994:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char mailcmd[160] = SENDMAIL;	/* Configurable mail cmd */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:995:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char externnotify[160];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:997:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char vmfmts[80] = "wav";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1006:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char aliasescontext[MAX_VM_CONTEXT_LEN];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1048:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[0];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1054:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[0];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1067:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char listen_control_forward_key[12];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1068:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char listen_control_reverse_key[12];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1069:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char listen_control_pause_key[12];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1070:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char listen_control_restart_key[12];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1071:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char listen_control_stop_key[12];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1074:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char vm_login[80] = "vm-login";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1075:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char vm_newuser[80] = "vm-newuser";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1076:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char vm_password[80] = "vm-password";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1077:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char vm_newpassword[80] = "vm-newpassword";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1078:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char vm_passchanged[80] = "vm-passchanged";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1079:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char vm_reenterpassword[80] = "vm-reenterpassword";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1080:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char vm_mismatch[80] = "vm-mismatch";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1081:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char vm_invalid_password[80] = "vm-invalid-password";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1082:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char vm_pls_try_again[80] = "vm-pls-try-again";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1094:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char vm_prepend_timeout[80] = "vm-then-pound";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1100:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char dialcontext[AST_MAX_CONTEXT] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1101:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char callcontext[AST_MAX_CONTEXT] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1102:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char exitcontext[AST_MAX_CONTEXT] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1104:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char cidinternalcontexts[MAX_NUM_CID_CONTEXTS][64];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1111:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char fromstring[100];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1112:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char pagerfromstring[100];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1113:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char charset[32] = "ISO-8859-1";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1115:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char adsifdn[4] = "\x00\x00\x00\x0F";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1116:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char adsisec[4] = "\x9B\xDB\xF7\xAC";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1118:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char emaildateformat[32] = "%A, %B %d, %Y at %r";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1119:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char pagerdateformat[32] = "%A, %B %d, %Y at %r";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1206:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mailbox[0];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1212:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	return atoi(i->mailbox);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1433:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		vmu->maxsecs = atoi(value);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1438:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			vmu->maxsecs = atoi(value);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1443:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		vmu->maxmsg = atoi(value);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1544:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char cmd[255], buf[255];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1862:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char secretfn[PATH_MAX] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1931:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char new[strlen(newpassword) + 1];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1969:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[255];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:2019:12:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
	int pfd = mkstemp(template);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:2147:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char arg[10];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:2260:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dest[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:2314:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char copy[strlen(attachment) + 1];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:2351:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[80];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:2353:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char text_file[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:2460:24:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(text_file_ptr = fopen(text_file, "w"))) {
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:2713:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:2714:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char introfn[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:2715:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mailbox[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:2718:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[80] = "/tmp/astmail-XXXXXX";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:2821:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	((char *) buf)[len] = '\0';
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:2864:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[PATH_MAX] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:2949:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256], *tmp2, *box, *context;
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:2987:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char messagestring[10]; /*I guess this could be a problem if someone has more than 999999999 messages...*/
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:3013:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256], *t = tmp;
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:3064:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:3213:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(output = fopen(filename, "w"))) {
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:3458:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1024] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:3719:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1024] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:3751:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:3790:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[50];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:3874:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sql[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:3876:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msg_num_str[20];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:3921:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sql[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:3922:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fmt[80] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:3924:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char coltitle[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:3932:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char rowdata[80];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:3933:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:3934:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char full_fn[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:3935:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msgnums[80];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:3951:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(fmt, "WAV");
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:3962:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(f = fopen(full_fn, "w+"))) {
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:3984:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(full_fn, O_RDWR | O_CREAT | O_TRUNC, VOICEMAIL_FILE_MODE);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4012:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char tmp[1] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4040:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char msg_id[MSG_ID_LEN];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4088:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sql[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4089:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char rowdata[20];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4151:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sql[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4152:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char rowdata[20];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4153:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msgnums[20];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4210:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sql[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4211:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char rowdata[20];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4266:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sql[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4267:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msgnums[20];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4307:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sql[512];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4308:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msgnums[20];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4309:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msgnumd[20];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4310:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msg_id[MSG_ID_LEN];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4412:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sql[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4413:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msgnums[20];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4414:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4415:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char full_fn[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4416:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fmt[80]="";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4438:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(fmt, "WAV");
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4447:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fd = open(full_fn, O_RDWR);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4542:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sql[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4543:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msgnums[20];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4544:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msgnumd[20];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4582:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4583:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char full_fn[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4584:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msgnums[80];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4639:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char stxt[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4640:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dtxt[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4664:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char map[MAXMSGLIMIT] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4668:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char extension[4];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4718:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[4096];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4727:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((ifd = open(infile, O_RDONLY)) < 0) {
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4732:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((ofd = open(outfile, O_WRONLY | O_TRUNC | O_CREAT, VOICEMAIL_FILE_MODE)) < 0) {
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4779:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char frompath2[PATH_MAX], topath2[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4931:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(fi = fopen(filename, "rb"))) {
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4937:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		unsigned char igroup[3], ogroup[4];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4980:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char callerid[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4981:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char num[12];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4982:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fromdir[256], fromfile[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4985:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char origcidname[80], origcidnum[80], origdate[80];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5008:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(fromfile, ".txt");
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5188:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char date[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5189:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char host[MAXHOSTNAMELEN] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5190:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char who[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5191:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char bound[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5192:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dur[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5194:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char enc_cidnum[256] = "", enc_cidname[256] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5197:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5408:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char fromdir[256], fromfile[256], origdate[80] = "", origcallerid[80] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5414:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
				strcat(fromfile, ".txt");
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5469:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fname[PATH_MAX] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5470:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sox_gain_tmpdir[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5473:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char altfname[PATH_MAX] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5475:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char altformat[80] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5500:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char tmpdir[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5512:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char sox_gain_cmd[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5622:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[80] = "/tmp/astmail-XXXXXX";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5623:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp2[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5656:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char enc_cidnum[256], enc_cidname[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5657:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char date[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5658:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char host[MAXHOSTNAMELEN] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5659:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char who[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5660:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dur[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5661:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[80] = "/tmp/astmail-XXXXXX";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5662:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp2[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5822:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5823:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dest[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5863:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sql[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5864:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char rowdata[20];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5890:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	*messages = atoi(rowdata);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5898:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[PATH_MAX] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5975:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sql[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5976:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char rowdata[20];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6016:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	nummsgs = atoi(rowdata);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6067:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fromdir[PATH_MAX], todir[PATH_MAX], frompath[PATH_MAX], topath[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6148:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6167:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char tmp[MAX_VM_MAILBOX_LEN];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6209:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256], *tmp2 = tmp, *box, *context;
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6239:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6319:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char arguments[255];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6320:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ext_context[256] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6404:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmpdir[PATH_MAX]; /* directory temp files are stored in */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6405:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmptxtfile[PATH_MAX]; /* tmp file for voicemail txt file */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6406:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char desttxtfile[PATH_MAX]; /* final destination for txt file */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6407:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmpaudiofile[PATH_MAX]; /* tmp file where audio is stored */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6408:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dir[PATH_MAX]; /* destination for tmp files on completion */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6409:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char destination[PATH_MAX]; /* destination with msgXXXX.  Basically <dir>/msgXXXX */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6414:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ext_context[256] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6424:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char date[256]; /* string used to hold date of the voicemail (only used for ODBC) */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6432:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msg_id[MSG_ID_LEN];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6474:11:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
	txtdes = mkstemp(tmptxtfile);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6688:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char txtfile[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6689:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmptxtfile[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6691:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char callerid[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6693:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char date[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6703:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmpdur[16];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6704:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char priority[16];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6705:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char origtime[16];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6706:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dir[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6707:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmpdir[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6708:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6709:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char prefile[PATH_MAX] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6710:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tempfile[PATH_MAX] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6711:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ext_context[256] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6712:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fmt[80];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6714:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ecodes[17] = "#";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6722:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char flag[80];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6848:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char e[2] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6964:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char msg_id[MSG_ID_LEN] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7014:12:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
		txtdes = mkstemp(tmptxtfile);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7258:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sfn[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7259:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dfn[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7295:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sequence[10];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7296:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mailbox[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7344:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sfn[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7345:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dfn[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7346:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ddir[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7397:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7400:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char num[5];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7543:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7545:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char keys[8];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7569:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7571:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char keys[8];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7591:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7593:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char keys[8];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7621:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7622:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf1[256], buf2[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7623:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn2[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7625:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid[256] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7628:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char datetime[21] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7631:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char keys[8];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7640:6:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	f = fopen(fn2, "r");
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7723:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7724:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char keys[8];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7774:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[256] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7775:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf1[256] = "", buf2[256] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7777:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char keys[8];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7796:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(buf1, "You have no messages.");
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7821:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[256] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7822:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf1[256] = "", buf2[256] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7824:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char keys[8];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7848:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(buf2, "no messages.");
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7877:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7899:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7945:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8029:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msgfile[PATH_MAX], backup[PATH_MAX], backup_textfile[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8030:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char textfile[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8050:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		*duration = atoi(duration_str);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8119:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				*duration = atoi(duration_str);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8124:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char duration_buf[12];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8204:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char alias[strlen(mapping->alias) + 1];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8233:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char todir[PATH_MAX], fn[PATH_MAX], ext_context[PATH_MAX], *stringp;
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8273:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char filename[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8351:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char username[70]="";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8352:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[PATH_MAX]; /* for playback of name greeting */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8353:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ecodes[16] = "#";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8359:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char mailbox_context[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8364:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char urgent_str[7] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8367:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msgfile[PATH_MAX], textfile[PATH_MAX], backup[PATH_MAX], backup_textfile[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8428:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char vmcontext[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8429:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char old_context[strlen(ast_channel_context(chan)) + 1];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8430:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char old_exten[strlen(ast_channel_exten(chan)) + 1];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8558:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char mailbox[AST_MAX_EXTENSION * 2 + 2];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8571:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char filename[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8796:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char prefile[PATH_MAX] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8878:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	durations = atoi(duration);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8921:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename[PATH_MAX], *cid;
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8955:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char nextmsg[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:9089:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:9090:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char full_fn[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:9091:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char intro[PATH_MAX] = {0,};
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:9115:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char arg[11];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:9144:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char copy[strlen(attachment) + 1];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:9234:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn2[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:9751:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char recname[16];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:9766:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char recname[16];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:9783:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char recname[16];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:10438:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char prefile[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:10726:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char newpassword[80] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:10727:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char newpassword2[80] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:10728:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char prefile[PATH_MAX] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:10729:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:10824:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char newpassword[80] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:10825:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char newpassword2[80] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:10826:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char prefile[PATH_MAX] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:10827:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:10968:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char prefile[PATH_MAX] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:10969:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:11306:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char password[AST_MAX_EXTENSION], *passptr = NULL;
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:11348:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char fullusername[80];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:11524:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (vmu && open) {
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:11586:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char prefixstr[80] ="";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:11587:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ext_context[256]="";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:11614:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char *opts[OPT_ARG_ARRAY_SIZE];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:12359:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *opts[OPT_ARG_ARRAY_SIZE];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:12393:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char temp[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:12497:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mailbox_full[MAX_VM_MAILBOX_LEN];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:12499:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char secretfn[PATH_MAX] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:13070:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char count[12], tmp[256] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:13614:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char actionid[128];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:13660:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char actionid[128];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:13862:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char storage[strlen(var->value) + 1];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:13916:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char secretfn[PATH_MAX] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:13974:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(odbc_database, "asterisk");
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:13978:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(odbc_table, "voicemessages");
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:13990:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			maxsilence = atoi(val);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:13998:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			maxmsg = atoi(val);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:14119:52:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			mail_parameters(NIL, SET_READTIMEOUT, (void *) (atol(val)));
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:14125:53:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			mail_parameters(NIL, SET_WRITETIMEOUT, (void *) (atol(val)));
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:14131:52:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			mail_parameters(NIL, SET_OPENTIMEOUT, (void *) (atol(val)));
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:14137:53:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			mail_parameters(NIL, SET_CLOSETIMEOUT, (void *) (atol(val)));
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:14170:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			silencethreshold = atoi(val);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:14455:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(charset, "ISO-8859-1");
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:14483:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&adsifdn[x], &tmpadsi[x], 1);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:14489:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&adsisec[x], &tmpadsi[x], 1);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:14493:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			if (atoi(val)) {
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:14494:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				adsiver = atoi(val);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:14590:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dir[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:14710:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dir[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:14711:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dir2[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:14799:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dir[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:14800:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char file[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:14801:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char txtfile[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:14815:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char syscmd[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:14822:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *folders[3] = { "Old", "Urgent", "INBOX" };
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:14893:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ((txt = fopen(tmp[i].txtfile, "w+"))) {
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:14982:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char attach[256], attach2[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:14983:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[256] = ""; /* No line should actually be longer than 80 */
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:15040:9:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	file = tmpfile();
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:15091:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char config_filename[32] = "/tmp/voicemail.conf.XXXXXX";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:15112:12:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
	if ((fd = mkstemp(config_filename)) < 0) {
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:15170:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char vminfo_buf[256], vminfo_args[256];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:15468:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char destination[80] = "";
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:15540:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:15696:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char mailbox[AST_MAX_EXTENSION * 2 + 2];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:15747:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tempfile[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:15864:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
					strcpy(flag, "Urgent");
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:15916:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
						strcpy(flag, "Urgent");
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:16059:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:16088:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char id[MSG_ID_LEN];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:16265:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (vmu && open) {
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:16322:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char filename[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:16365:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ext_context[1024];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:16388:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:16478:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			duration = atoi(value);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:16498:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (vmu && open) {
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:16603:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (vmu && open) {
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:16701:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (vmu && open) {
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:16730:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:16788:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		duration = atoi(value);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:16814:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (vmu && open) {
data/asterisk-16.15.0~dfsg/apps/app_while.c:109:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char varname[VAR_SIZE];
data/asterisk-16.15.0~dfsg/apps/app_while.c:203:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char varname[VAR_SIZE], end_varname[VAR_SIZE];
data/asterisk-16.15.0~dfsg/apps/app_while.c:207:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char used_index[VAR_SIZE] = "0", new_index[VAR_SIZE] = "0";
data/asterisk-16.15.0~dfsg/apps/confbridge/conf_config_parser.c:1332:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/confbridge/conf_config_parser.c:1683:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[64];
data/asterisk-16.15.0~dfsg/apps/confbridge/conf_config_parser.c:2266:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(new_menu_action, menu_action, sizeof(*new_menu_action));
data/asterisk-16.15.0~dfsg/apps/confbridge/include/confbridge.h:122:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char playback_file[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/confbridge/include/confbridge.h:124:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char context[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/apps/confbridge/include/confbridge.h:125:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char exten[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/apps/confbridge/include/confbridge.h:137:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dtmf[MAXIMUM_DTMF_FEATURE_STRING];
data/asterisk-16.15.0~dfsg/apps/confbridge/include/confbridge.h:147:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[MAX_PROFILE_NAME];
data/asterisk-16.15.0~dfsg/apps/confbridge/include/confbridge.h:152:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[MAX_PROFILE_NAME];
data/asterisk-16.15.0~dfsg/apps/confbridge/include/confbridge.h:153:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pin[MAX_PIN];
data/asterisk-16.15.0~dfsg/apps/confbridge/include/confbridge.h:154:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char moh_class[128];
data/asterisk-16.15.0~dfsg/apps/confbridge/include/confbridge.h:155:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char announcement[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/confbridge/include/confbridge.h:225:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[MAX_PROFILE_NAME];
data/asterisk-16.15.0~dfsg/apps/confbridge/include/confbridge.h:226:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char language[MAX_LANGUAGE];		  /*!< Language used for playback_chan */
data/asterisk-16.15.0~dfsg/apps/confbridge/include/confbridge.h:227:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char rec_file[PATH_MAX];
data/asterisk-16.15.0~dfsg/apps/confbridge/include/confbridge.h:228:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char rec_options[128];
data/asterisk-16.15.0~dfsg/apps/confbridge/include/confbridge.h:229:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char rec_command[128];
data/asterisk-16.15.0~dfsg/apps/confbridge/include/confbridge.h:236:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char regcontext[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/apps/confbridge/include/confbridge.h:244:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[MAX_CONF_NAME];                                         /*!< Name of the conference bridge */
data/asterisk-16.15.0~dfsg/apps/confbridge/include/confbridge.h:274:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char menu_name[MAX_PROFILE_NAME];            /*!< The name of the DTMF menu assigned to this user */
data/asterisk-16.15.0~dfsg/apps/confbridge/include/confbridge.h:275:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name_rec_location[PATH_MAX];            /*!< Location of the User's name recorded file if it exists */
data/asterisk-16.15.0~dfsg/bridges/bridge_softmix.c:258:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(sc->final_buf, entry->out_frame->data.ptr, entry->out_frame->datalen);
data/asterisk-16.15.0~dfsg/bridges/bridge_softmix.c:1202:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char frame_type[64];
data/asterisk-16.15.0~dfsg/bridges/bridge_softmix.c:1927:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(sc->final_buf, buf, softmix_datalen);
data/asterisk-16.15.0~dfsg/bridges/bridge_softmix/bridge_softmix_binaural.c:564:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(sc->final_buf, ann_buf, softmix_datalen * 2);
data/asterisk-16.15.0~dfsg/bridges/bridge_softmix/bridge_softmix_binaural.c:566:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(sc->final_buf, bin_buf, softmix_datalen * 2);
data/asterisk-16.15.0~dfsg/cdr/cdr_adaptive_odbc.c:100:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char columnname[80];
data/asterisk-16.15.0~dfsg/cdr/cdr_adaptive_odbc.c:101:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char connection[40];
data/asterisk-16.15.0~dfsg/cdr/cdr_adaptive_odbc.c:102:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char table[40];
data/asterisk-16.15.0~dfsg/cdr/cdr_adaptive_odbc.c:103:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char schema[40];
data/asterisk-16.15.0~dfsg/cdr/cdr_adaptive_odbc.c:333:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char state[10], diagnostic[256];
data/asterisk-16.15.0~dfsg/cdr/cdr_adaptive_odbc.c:386:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char colbuf[1024], *colptr;
data/asterisk-16.15.0~dfsg/cdr/cdr_beanstalkd.c:132:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					bs_port = atoi(v->value);
data/asterisk-16.15.0~dfsg/cdr/cdr_beanstalkd.c:137:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					priority = atoi(v->value);
data/asterisk-16.15.0~dfsg/cdr/cdr_beanstalkd.c:164:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char strAnswerTime[80] = "";
data/asterisk-16.15.0~dfsg/cdr/cdr_beanstalkd.c:165:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char strStartTime[80];
data/asterisk-16.15.0~dfsg/cdr/cdr_beanstalkd.c:166:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char strEndTime[80];
data/asterisk-16.15.0~dfsg/cdr/cdr_csv.c:61:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char file_csv_master[PATH_MAX];
data/asterisk-16.15.0~dfsg/cdr/cdr_csv.c:176:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[32];
data/asterisk-16.15.0~dfsg/cdr/cdr_csv.c:194:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[80] = "";
data/asterisk-16.15.0~dfsg/cdr/cdr_csv.c:274:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(f = fopen(file_path, "a"))) {
data/asterisk-16.15.0~dfsg/cdr/cdr_csv.c:288:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char file_account[PATH_MAX];
data/asterisk-16.15.0~dfsg/cdr/cdr_csv.c:300:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1024];
data/asterisk-16.15.0~dfsg/cdr/cdr_custom.c:167:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ((out = fopen(config->filename, "a"))) {
data/asterisk-16.15.0~dfsg/cdr/cdr_manager.c:276:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char strStartTime[80] = "";
data/asterisk-16.15.0~dfsg/cdr/cdr_manager.c:277:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char strAnswerTime[80] = "";
data/asterisk-16.15.0~dfsg/cdr/cdr_manager.c:278:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char strEndTime[80] = "";
data/asterisk-16.15.0~dfsg/cdr/cdr_manager.c:279:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[CUSTOM_FIELDS_BUF_SIZE];
data/asterisk-16.15.0~dfsg/cdr/cdr_odbc.c:75:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sqlcmd[2048] = "", timestr[128], new_columns[120] = "", new_values[7] = "";
data/asterisk-16.15.0~dfsg/cdr/cdr_pgsql.c:142:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char status[256];
data/asterisk-16.15.0~dfsg/cdr/cdr_pgsql.c:143:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char status2[100] = "";
data/asterisk-16.15.0~dfsg/cdr/cdr_pgsql.c:144:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[362]; /* 256+100+" for "+NULL */
data/asterisk-16.15.0~dfsg/cdr/cdr_pgsql.c:249:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[257];
data/asterisk-16.15.0~dfsg/cdr/cdr_pgsql.c:678:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char sqlcmd[768];
data/asterisk-16.15.0~dfsg/cdr/cdr_pgsql.c:745:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			if (atoi(flen) == -1) {
data/asterisk-16.15.0~dfsg/cdr/cdr_radius.c:89:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char radiuscfg[PATH_MAX] = "/etc/radiusclient/radiusclient.conf";
data/asterisk-16.15.0~dfsg/cdr/cdr_radius.c:91:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char radiuscfg[PATH_MAX] = "/etc/radiusclient-ng/radiusclient.conf";
data/asterisk-16.15.0~dfsg/cdr/cdr_radius.c:102:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char timestr[128];
data/asterisk-16.15.0~dfsg/cdr/cdr_sqlite3_custom.c:62:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char table[80];
data/asterisk-16.15.0~dfsg/cdr/cdr_sqlite3_custom.c:68:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char expression[1];
data/asterisk-16.15.0~dfsg/cdr/cdr_sqlite3_custom.c:182:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(table, "cdr");
data/asterisk-16.15.0~dfsg/cdr/cdr_sqlite3_custom.c:249:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char subst_buf[2048];
data/asterisk-16.15.0~dfsg/cdr/cdr_sqlite3_custom.c:302:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename[PATH_MAX];
data/asterisk-16.15.0~dfsg/cdr/cdr_tds.c:111:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char start[80], answer[80], end[80];
data/asterisk-16.15.0~dfsg/cel/cel_beanstalkd.c:92:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char start_time[80];
data/asterisk-16.15.0~dfsg/cel/cel_beanstalkd.c:215:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				bs_port = atoi(v->value);
data/asterisk-16.15.0~dfsg/cel/cel_beanstalkd.c:220:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				priority = atoi(v->value);
data/asterisk-16.15.0~dfsg/cel/cel_custom.c:160:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ((out = fopen(config->filename, "a"))) {
data/asterisk-16.15.0~dfsg/cel/cel_manager.c:226:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char start_time[80] = "";
data/asterisk-16.15.0~dfsg/cel/cel_manager.c:227:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char user_defined_header[160];
data/asterisk-16.15.0~dfsg/cel/cel_odbc.c:99:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char columnname[80];
data/asterisk-16.15.0~dfsg/cel/cel_odbc.c:100:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char connection[40];
data/asterisk-16.15.0~dfsg/cel/cel_odbc.c:101:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char table[40];
data/asterisk-16.15.0~dfsg/cel/cel_odbc.c:318:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char state[10], diagnostic[256];
data/asterisk-16.15.0~dfsg/cel/cel_odbc.c:372:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char colbuf[1024], *colptr;
data/asterisk-16.15.0~dfsg/cel/cel_pgsql.c:152:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char timestr[128];
data/asterisk-16.15.0~dfsg/cel/cel_pgsql.c:182:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[257];
data/asterisk-16.15.0~dfsg/cel/cel_pgsql.c:576:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char sqlcmd[768];
data/asterisk-16.15.0~dfsg/cel/cel_radius.c:81:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char radiuscfg[PATH_MAX] = "/etc/radiusclient/radiusclient.conf";
data/asterisk-16.15.0~dfsg/cel/cel_radius.c:83:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char radiuscfg[PATH_MAX] = "/etc/radiusclient-ng/radiusclient.conf";
data/asterisk-16.15.0~dfsg/cel/cel_radius.c:98:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char timestr[128];
data/asterisk-16.15.0~dfsg/cel/cel_sqlite3_custom.c:66:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char table[80];
data/asterisk-16.15.0~dfsg/cel/cel_sqlite3_custom.c:188:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(table, "cel");
data/asterisk-16.15.0~dfsg/cel/cel_sqlite3_custom.c:254:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char subst_buf[2048];
data/asterisk-16.15.0~dfsg/cel/cel_sqlite3_custom.c:303:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename[PATH_MAX];
data/asterisk-16.15.0~dfsg/cel/cel_tds.c:115:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char start[80];
data/asterisk-16.15.0~dfsg/channels/chan_alsa.c:105:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char indevname[50] = ALSA_INDEV;
data/asterisk-16.15.0~dfsg/channels/chan_alsa.c:106:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char outdevname[50] = ALSA_OUTDEV;
data/asterisk-16.15.0~dfsg/channels/chan_alsa.c:116:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char context[AST_MAX_CONTEXT] = "default";
data/asterisk-16.15.0~dfsg/channels/chan_alsa.c:117:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char language[MAX_LANGUAGE] = "";
data/asterisk-16.15.0~dfsg/channels/chan_alsa.c:118:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char exten[AST_MAX_EXTENSION] = "s";
data/asterisk-16.15.0~dfsg/channels/chan_alsa.c:119:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char mohinterpret[MAX_MUSICCLASS];
data/asterisk-16.15.0~dfsg/channels/chan_alsa.c:127:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/chan_alsa.c:128:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/channels/chan_alsa.c:393:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char sizbuf[8000];
data/asterisk-16.15.0~dfsg/channels/chan_alsa.c:407:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(sizbuf + sizpos, f->data.ptr, f->datalen);
data/asterisk-16.15.0~dfsg/channels/chan_alsa.c:752:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char text2send[256] = "";
data/asterisk-16.15.0~dfsg/channels/chan_alsa.c:815:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256], *tmp2;
data/asterisk-16.15.0~dfsg/channels/chan_alsa.c:973:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&global_jbconf, &default_jbconf, sizeof(struct ast_jb_conf));
data/asterisk-16.15.0~dfsg/channels/chan_alsa.c:975:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(mohinterpret, "default");
data/asterisk-16.15.0~dfsg/channels/chan_alsa.c:1001:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			silencethreshold = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_console.c:268:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[NUM_SAMPLES * sizeof(int16_t)];
data/asterisk-16.15.0~dfsg/channels/chan_console.c:1121:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[TEXT_SIZE];
data/asterisk-16.15.0~dfsg/channels/chan_console.c:1307:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_name[256];
data/asterisk-16.15.0~dfsg/channels/chan_console.c:1308:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_num[256];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:596:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char defaultcic[64] = "";
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:597:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char defaultozz[64] = "";
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:600:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char mwimonitornotify[PATH_MAX] = "";
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:605:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char progzone[10] = "";
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:621:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char pridebugfilename[1024] = "";
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:739:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char logdir[OR2_MAX_PATH];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:740:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char r2proto_file[OR2_MAX_PATH];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:853:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char smdi_port[SMDI_MAX_FILENAME_LEN];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:1310:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[256];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:1377:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[256];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:1803:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ch_name[23];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:1810:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(ch_name, "pseudo");
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:2363:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dial_str[DAHDI_MAX_DTMF_BUF];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:3294:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char s[sizeof(mwimonitornotify) + 80];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:3859:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cause_str[50];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:3963:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char logmsg[256];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:3964:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char completemsg[sizeof(logmsg) + sizeof(CONTEXT_TAG) - 1];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:3976:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char logmsg[256];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:3977:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char completemsg[sizeof(logmsg) + sizeof(CHAN_TAG) - 1];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:4101:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		chan = atoi(fn);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:4108:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(fn, O_RDWR | O_NONBLOCK);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:4384:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[256];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:4387:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buf, "Event %d", event); /* safe */
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:4393:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[256];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:5688:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char db_chan_name[20];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:5689:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char db_answer[5];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:6295:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				int r2cause_user = r2causestr ? atoi(r2causestr) : 0;
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:6615:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			unsigned char mybuf[41000];/*! \todo XXX This is an abuse of the stack!! */
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:6881:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char policy_str[21] = "";
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:8010:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char cid_num[256];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:8011:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char cid_name[256];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:9163:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char device_name[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:9516:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten[AST_MAX_EXTENSION] = "";
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:9517:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten2[AST_MAX_EXTENSION] = "";
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:9518:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[256];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:9519:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dtmfcid[300];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:9520:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dtmfbuf[300];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:9706:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char anibuf[100];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:10708:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[READ_SIZE];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:11490:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1024];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:11673:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
									memcpy(mtd->buf, buf, res);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:11862:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fd = open("/dev/dahdi/channel", O_RDWR);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:12017:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char logdir[OR2_MAX_PATH];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:12099:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[80];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:12863:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char db_chan_name[20];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:12864:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char db_answer[5];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:13469:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char path[PATH_MAX];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:13757:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char dialstring[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:13758:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char full_device_name[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:14072:21:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		pri->pri.fds[i] = open("/dev/dahdi/channel", O_RDWR);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:14171:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	myfd = open(a->argv[4], O_CREAT|O_WRONLY, AST_FILE_MODE);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:14200:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	myfd = open(output_file, O_CREAT|O_WRONLY, AST_FILE_MODE);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:14277:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		level = atoi(a->argv[3]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:14279:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	span = atoi(a->argv[5]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:14358:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char id_text[256] = "";
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:14415:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char db_chan_name[20], db_answer[15];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:14438:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		channel = atoi(a->argv[4]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:14441:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		interfaceid = atoi(a->argv[5]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:14731:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	span = atoi(a->argv[3]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:14877:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char channo[5];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:14878:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char linkno[5];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:14879:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char anino[5];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:14880:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dnisno[5];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:14899:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			targetnum = atoi(a->argv[4]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:14971:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	channo = (a->argc == 5) ? atoi(a->argv[4]) : -1;
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:15031:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	channo = (a->argc == 5) ? atoi(a->argv[4]) : -1;
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:15084:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	channo = (a->argc == 4) ? atoi(a->argv[3]) : -1;
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:15125:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	channo = (a->argc == 4) ? atoi(a->argv[3]) : -1;
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:15155:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char index[5];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:15156:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char live_chans_str[5];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:15157:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char channel_list[R2_LINK_CAPACITY * 4];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:15327:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	start = atoi(a->argv[3]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:15334:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		end = atoi(a->argv[4]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:15377:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	start = atoi(a->argv[3]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:15384:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		end = atoi(a->argv[4]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:15586:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmps[20];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:15587:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char blockstr[20];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:15609:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			targetnum = atoi(a->argv[4]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:15664:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hwrxgain[15];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:15665:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hwtxgain[15];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:15681:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	channel = atoi(a->argv[3]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:15773:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char calldir[OR2_MAX_PATH];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:15874:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char output[1024];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:15875:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char tmp[16], tmp2[64];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:15903:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char alarmstr[50];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:15918:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	ctl = open("/dev/dahdi/ctl", O_RDWR);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:15934:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
				strcat(alarmstr, "BLU/");
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:15936:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
				strcat(alarmstr, "YEL/");
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:15938:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
				strcat(alarmstr, "RED/");
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:15940:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
				strcat(alarmstr, "LB/");
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:15942:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
				strcat(alarmstr, "REC/");
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:15944:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
				strcat(alarmstr, "NOP/");
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:15946:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
				strcat(alarmstr, "UUU/");
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:15953:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(alarmstr, "OK");
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:15955:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(alarmstr, "UNCONFIGURED");
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:15995:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((pseudo_fd = open("/dev/dahdi/ctl", O_RDONLY)) < 0) {
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:16000:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(vi.version, "Unknown");
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:16001:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(vi.echo_canceller, "Unknown");
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:16051:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	channel = atoi(a->argv[4]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:16127:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	channel = atoi(a->argv[4]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:16194:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if ((channel = atoi(a->argv[3])) <= 0) {
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:16416:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char idText[256];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:16508:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char action_id[256];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:16513:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		span_query = atoi(span_str);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:16595:25:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	link->ss7.fds[curfd] = open("/dev/dahdi/channel", O_RDWR, 0600);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:16682:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	span = atoi(a->argv[5]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:16725:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		linkset = atoi(a->argv[3]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:16746:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	cic = atoi(a->argv[5]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:16752:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	dpc = atoi(a->argv[4]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:16803:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		linkset = atoi(a->argv[3]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:16862:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char state[255];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:16876:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		linkset = atoi(a->argv[3]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:16905:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	cic = atoi(a->argv[5]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:16911:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	range = atoi(a->argv[6]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:16918:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	dpc = atoi(a->argv[4]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:16973:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		linkset = atoi(a->argv[3]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:16988:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	cic = atoi(a->argv[5]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:16995:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	range = atoi(a->argv[6]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:17001:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	dpc = atoi(a->argv[4]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:17047:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		linkset = atoi(a->argv[3]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:17088:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		linkset = atoi(a->argv[3]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:17103:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	cic = atoi(a->argv[5]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:17110:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	dpc = atoi(a->argv[4]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:17148:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	linkset = atoi(a->argv[2]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:17158:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	slc = atoi(a->argv[3]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:17161:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		arg = atoi(a->argv[5]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:17200:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	linkset = atoi(a->argv[3]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:17210:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	slc = atoi(a->argv[4]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:17245:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	linkset = atoi(a->argv[3]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:17309:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char blocking[12];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:17326:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	linkset = atoi(a->argv[3]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:17340:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		dpc = atoi(a->argv[4]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:17364:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(blocking, "L:");
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:17377:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(blocking, "    ");
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:17381:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
				strcat(blocking, " R:");
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:17738:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *params[DAHDI_MAX_ECHOCANPARAMS + 1];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:17749:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	x = ast_strlen_zero(params[0]) ? 0 : atoi(params[0]);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:17958:42:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			confp->chan.drings.ringnum[0].range = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:17960:42:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			confp->chan.drings.ringnum[1].range = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:17962:42:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			confp->chan.drings.ringnum[2].range = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:18036:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			confp->chan.busycount = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:18044:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			confp->chan.waitfordialtone = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:18053:72:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				confp->chan.dialtone_detect = ast_strlen_zero(v->value) ? 0 : (8 * atoi(v->value)) / READ_SIZE;
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:18122:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			confp->chan.stripmsd = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:18124:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			numbufs = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:18145:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char varname[strlen(v->value) + 1];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:18248:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			confp->chan.polarityonanswerdelay = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:18254:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			confp->chan.sendcalleridafter = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:18573:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				else if (atoi(v->value) >= 60)
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:18574:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					confp->pri.pri.resetinterval = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:18581:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				confp->pri.pri.minunused = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:18583:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				confp->pri.pri.minidle = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:18629:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char tmp[20];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:18640:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					timer = atoi(c);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:18722:45:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				confp->pri.pri.max_call_waiting_calls = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:18801:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				cur_slc = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:18803:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				cur_linkset = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:18811:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				cur_cicbeginswith = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:18864:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				sigchan = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:18938:77:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				} else if (!ss7_set_isup_timer(link->ss7.ss7, strstr(v->name, ".") + 1, atoi(v->value))) {
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:18950:77:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				} else if (!ss7_set_mtp3_timer(link->ss7.ss7, strstr(v->name, ".") + 1, atoi(v->value))) {
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:18983:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				int sls_shift = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:19002:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				int cause_location = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:19032:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				confp->mfcr2.mfback_timeout = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:19040:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				confp->mfcr2.metering_pulse_timeout = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:19050:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				confp->mfcr2.dtmf_time_on = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:19052:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				confp->mfcr2.dtmf_time_off = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:19056:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				confp->mfcr2.dtmf_end_timeout = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:19079:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				confp->mfcr2.max_ani = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:19084:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				confp->mfcr2.max_dnis = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:19099:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char copy[strlen(v->value) + 1];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:19118:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char original_args[80];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:19197:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				ringt_base = (atoi(v->value) * 8) / READ_SIZE;
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:19199:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				confp->timing.prewinktime = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:19201:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				confp->timing.preflashtime = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:19203:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				confp->timing.winktime = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:19205:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				confp->timing.flashtime = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:19207:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				confp->timing.starttime = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:19209:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				confp->timing.rxwinktime = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:19211:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				confp->timing.rxflashtime = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:19213:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				confp->timing.debouncetime = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:19220:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
				ctlfd = open("/dev/dahdi/ctl", O_RDWR);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:19226:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				toneduration = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:19244:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				mwilevel = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:19246:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				dtmfcid_level = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:19449:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				trunkgroup = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:19455:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
							dchannels[i] = atoi(c + 1);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:19474:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				spanno = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:19477:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
						trunkgroup = atoi(c + 1);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:19480:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
								logicalspan = atoi(c + 1);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.h:67:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char contextData[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.h:444:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.h:449:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char description[32];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.h:453:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char defcontext[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.h:455:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.h:460:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char language[MAX_LANGUAGE];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.h:465:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mohinterpret[MAX_MUSICCLASS];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.h:470:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mohsuggest[MAX_MUSICCLASS];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.h:471:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char parkinglot[AST_MAX_EXTENSION]; /*!< Parking lot for this channel */
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.h:474:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_ani[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.h:479:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_num[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.h:484:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_tag[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.h:488:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_name[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.h:490:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_subaddr[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.h:494:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char callwait_num[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.h:496:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char callwait_name[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.h:498:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char rdnis[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.h:500:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dnid[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.h:589:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char echorest[20];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.h:644:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char finaldial[64];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.h:645:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char accountcode[AST_MAX_ACCOUNT_CODE];		/*!< Account code */
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.h:649:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char call_forward[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.h:654:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mailbox[AST_MAX_MAILBOX_UNIQUEID];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.h:658:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dialdest[256];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.h:717:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dialstring[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:319:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char default_parkinglot[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:321:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char language[MAX_LANGUAGE] = "";
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:322:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char regcontext[AST_MAX_CONTEXT] = "";
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:401:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char digest[33] = ""; \
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:407:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(digest + (idx << 1), "%02hhx", (unsigned char) key[idx]); \
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:429:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char accountcode[AST_MAX_ACCOUNT_CODE];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:430:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char mohinterpret[MAX_MUSICCLASS];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:431:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char mohsuggest[MAX_MUSICCLASS];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:448:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:642:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char username[80];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:643:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char secret[80];			/*!< Password or key name in []'s */
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:833:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char semirand[32];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:1021:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char peercontext[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:1022:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:1057:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[1];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:1069:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char curfunc[80];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:1075:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char readbuf[4096];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:1140:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[AST_CALLID_BUFFER_LENGTH];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:1211:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1024];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:1223:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1024];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:1235:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1024];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:2189:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(qe->f.data.ptr, f->data.ptr, qe->f.datalen);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:2291:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(new, fr, sizeof(*new));
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:3115:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char host[80];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:3716:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	test_losspct = atoi(a->argv[3]);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:3738:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	test_late = atoi(a->argv[3]);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:3759:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	test_resync = atoi(a->argv[3]);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:3782:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	test_jit = atoi(a->argv[3]);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:3784:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		test_jitpct = atoi(a->argv[4]);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:3817:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char status[64];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:3818:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cbuf[256];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:3874:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(cbuf, "Error"); /* Safe */
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:3985:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		mtuv = atoi(a->argv[3]);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:4004:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[1024], *pc = NULL;
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:4568:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char regseconds[20];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:4595:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char username[80];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:4596:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char secret[80];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:4597:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char outkey[80];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:4598:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char timezone[80];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:4599:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_num[80];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:4600:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_name[80];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:4601:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:4602:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char peercontext[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:4603:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mohinterpret[MAX_MUSICCLASS];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:4604:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mohsuggest[MAX_MUSICCLASS];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:4782:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&data.ied, ied->buf, ied->pos);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:4859:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&data, f->data, f->datalen);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:4937:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hash[41]; /* 40 char sha1 hash */
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:5089:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char osp_buffer[256];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:5090:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char encoded_prefs[32];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:5249:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(osp_buffer + 1, osp_token_ptr, osp_block_length);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:5269:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char tmp[256];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:5415:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(h->data, data, datalen);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:5458:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[17] = "";
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:5782:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256], *context;
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:6323:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ptr, f->data.ptr, f->datalen);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:6350:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(buf, (unsigned char *) &tmp, (len > sizeof(tmp)) ? sizeof(tmp) : len);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:6382:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char lastblock[16] = { 0 };
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:6406:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char curblock[16] = { 0 };
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:6441:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(efh->encdata, workspace + padding, *datalen - sizeof(struct ast_iax2_full_enc_hdr));
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:6462:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(efh->encdata, workspace + padding, *datalen - sizeof(struct ast_iax2_mini_enc_hdr));
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:6478:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(workspace, poo, padding);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:6479:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(workspace + padding, efh->encdata, *datalen - sizeof(struct ast_iax2_full_enc_hdr));
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:6487:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(poo, workspace + *datalen - 32, 32);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:6494:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(workspace, poo, padding);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:6495:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(workspace + padding, efh->encdata, *datalen - sizeof(struct ast_iax2_mini_enc_hdr));
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:6501:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(poo, workspace + *datalen - 32, 32);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:6512:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		unsigned char digest[16];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:6519:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			MD5Update(&md5, (unsigned char *)iaxs[callno]->challenge, strlen(iaxs[callno]->challenge));
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:6544:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		unsigned char buffer[4096];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:6757:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char auth[90];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:6824:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char idtext[256];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:6838:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[256] = "";
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:6839:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char status[64];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:7240:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char idtext[256] = "";
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:7325:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char host[80];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:7326:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char perceived[80];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:7364:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char idtext[256] = "";
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:7365:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char host[80] = "";
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:7366:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char perceived[80] = "";
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:7409:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char first_message[10] = { 0, };
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:7410:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char last_message[10] = { 0, };
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:7472:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char first_message[10] = { 0, };
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:7473:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char last_message[10] = { 0, };
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:7977:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char buf[80];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:8050:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char challenge[10];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:8099:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char requeststr[256];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:8100:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char md5secret[256] = "";
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:8101:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char secret[256] = "";
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:8102:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char rsasecret[256] = "";
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:8155:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		unsigned char digest[16];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:8166:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(requeststr + (x << 1), "%02hhx", digest[x]); /* safe */
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:8182:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char requeststr[256] = "";
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:8183:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char peer[256] = "";
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:8184:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char md5secret[256] = "";
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:8185:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char rsasecret[256] = "";
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:8186:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char secret[256] = "";
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:8287:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		unsigned char digest[16];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:8294:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			MD5Update(&md5, (unsigned char *)iaxs[callno]->challenge, strlen(iaxs[callno]->challenge));
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:8298:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(requeststr + (x << 1), "%02hhx", digest[x]); /* safe */
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:8354:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char sig[256];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:8374:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			unsigned char digest[16];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:8375:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char digres[128];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:8382:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(digres + (x << 1),  "%02hhx", digest[x]); /* safe */
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:8589:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten[256] = "";
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:8705:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char peer[256] = "";
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:8706:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msgstatus[60];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:8708:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ourip[256] = "<Unspecified>";
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:8811:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char copy[256];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:8836:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (porta && !atoi(porta)) {
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:8847:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char multi[256];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:8935:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data[80];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:8954:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	p->expiry = atoi(expiry);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:8996:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data[80];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:9169:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char challenge[10];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:9218:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char peer[256] = "";
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:9219:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char challenge[256] = "";
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:9244:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char tmpkey[256];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:9518:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:9519:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char callednum[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:9587:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char rsi[80];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:9628:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char full_osptoken[IAX_MAX_OSPBUFF_SIZE];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:9638:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(full_osptoken + offset, ies->osptokenblock[i], length);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:9736:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pkt_buf->buf, from_here->buf, pkt_buf->len);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:10092:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char empty[32]="";		/* Safety measure */
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:10094:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char host_pref_buf[128];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:10095:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char caller_pref_buf[128];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:10304:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char subclass[40] = "";
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:10785:8:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
							strcpy(caller_pref_buf, "disabled");
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:10786:8:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
							strcpy(host_pref_buf, "disabled");
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:10847:11:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
										strcpy(caller_pref_buf,"disabled");
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:10848:11:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
										strcpy(host_pref_buf,"disabled");
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:11244:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
						strcpy(caller_pref_buf, "disabled");
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:11245:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
						strcpy(host_pref_buf, "disabled");
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:11309:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
									strcpy(caller_pref_buf,"disabled");
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:11310:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
									strcpy(host_pref_buf,"disabled");
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:12695:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		port = atoi(portstr);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:12972:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char name2[80];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:12973:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char num2[80];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:13256:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char name2[80];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:13257:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char num2[80];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:13305:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				user->maxauthreq = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:13570:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			ping_time = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:13574:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				if (atoi(v->value) != iaxthreadcount)
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:13577:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				iaxthreadcount = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:13589:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				iaxmaxthreadcount = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:13592:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				iaxmaxthreadcount = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:13613:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			maxjitterbuffer = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:13615:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			resyncthreshold = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:13617:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			maxjitterinterps = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:13619:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			jittertargetextra = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:13621:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			lagrq_time = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:13623:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			max_reg_expire = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:13625:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			min_reg_expire = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:13703:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			int i = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:13710:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			trunkfreq = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:13722:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			mtuv = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:13731:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			trunkmaxsize = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:13794:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			maxauthreq = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:13922:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char tmp[256];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:14323:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char odata[256];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:14324:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char req[sizeof(odata) + AST_MAX_CONTEXT + AST_MAX_EXTENSION + sizeof("IAX2//@")];
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:14430:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		if((iax2_codec_pref_index(&peer->prefs, atoi(codecnum), &tmpfmt))) {
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:158:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char context[AST_MAX_EXTENSION] = "default";
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:160:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char language[MAX_LANGUAGE] = "";
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:161:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char musicclass[MAX_MUSICCLASS] = "";
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:162:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char parkinglot[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:163:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char cid_num[AST_MAX_EXTENSION] = "";
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:164:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char cid_name[AST_MAX_EXTENSION] = "";
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:201:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char accountcode[AST_MAX_ACCOUNT_CODE] = "";
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:203:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char mailbox[AST_MAX_MAILBOX_UNIQUEID];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:237:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ourhost[MAXHOSTNAMELEN];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:259:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *header[MGCP_MAX_HEADERS];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:261:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *line[MGCP_MAX_LINES];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:262:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data[MGCP_MAX_PACKET];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:277:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[0];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:287:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[0];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:302:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char magic[6];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:309:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char txident[80]; /*! \todo FIXME txident is replaced by rqnt_ident in endpoint.
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:311:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cxident[80];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:312:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char callid[80];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:333:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[80];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:335:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char accountcode[AST_MAX_ACCOUNT_CODE];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:336:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten[AST_MAX_EXTENSION];		/*!< Extention where to start */
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:337:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:338:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char language[MAX_LANGUAGE];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:339:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_num[AST_MAX_EXTENSION];	/*!< Caller*ID number */
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:340:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_name[AST_MAX_EXTENSION];	/*!< Caller*ID name */
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:341:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lastcallerid[AST_MAX_EXTENSION];	/*!< Last Caller*ID */
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:342:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dtmf_buf[AST_MAX_EXTENSION];	/*!< place to collect digits be */
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:343:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char call_forward[AST_MAX_EXTENSION];	/*!< Last Caller*ID */
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:344:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char musicclass[MAX_MUSICCLASS];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:345:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char curtone[80];			/*!< Current tone */
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:346:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mailbox[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:347:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char parkinglot[AST_MAX_CONTEXT];   /*!< Parkinglot */
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:380:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char rqnt_ident[80];             /*!< request identifier */
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:400:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[80];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:415:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char wcardep[30];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:720:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(msg->buf, data, msg->len);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:799:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(r, req, sizeof(*r));
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:830:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tone[50] = "";
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:1323:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[4];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:1571:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char valuebuf[1024];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:1691:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lines[256];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:1781:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256] = "";
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:1974:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char host[258];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2191:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(mgr->buf, resp.data, resp.len);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2204:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char costr[80];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2207:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char v[256];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2208:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char s[256];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2209:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char o[256];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2210:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char c[256];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2211:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char t[256];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2212:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char m[256] = "";
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2213:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char a[1024] = "";
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2303:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char local[256];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2304:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[80];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2365:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char local[256];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2366:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[80];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2465:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char local[256];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2466:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[80];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2529:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tone2[256];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2577:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char local[256];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2578:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[80];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2908:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
							char cxident[80] = "";
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:3968:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:4109:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			gw->addr.sin_port = htons(atoi(v->value));
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:4721:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&global_jbconf, &default_jbconf, sizeof(struct ast_jb_conf));
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:4760:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			firstdigittimeout = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:4762:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			gendigittimeout = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:4764:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			matchdigittimeout = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:127:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char global_tracefile[BUFFERSIZE + 1];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:193:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:196:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:381:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char allowed_bearers[BUFFERSIZE + 1];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:449:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ast_rd_buf[4096];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:553:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:559:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mohinterpret[MAX_MUSICCLASS];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:3409:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(str_main, str_prefix, len_prefix);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:3427:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char num_prefix[MISDN_MAX_NUMBER_LEN];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:3461:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[128];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:3744:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		level = atoi(a->argv[3]);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:3776:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			port = atoi(a->argv[5]);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:3847:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	misdn_lib_port_block(atoi(a->argv[3]));
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:3869:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	misdn_lib_port_unblock(atoi(a->argv[3]));
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:3891:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	misdn_lib_port_restart(atoi(a->argv[3]));
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:3913:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	misdn_lib_pid_restart(atoi(a->argv[3]));
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:3935:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	misdn_lib_get_port_up(atoi(a->argv[3]));
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:3957:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	misdn_lib_get_port_down(atoi(a->argv[3]));
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:3964:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char section[BUFFERSIZE];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:3965:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[BUFFERSIZE];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:3966:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char desc[BUFFERSIZE];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:3967:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char def[BUFFERSIZE];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:3968:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[BUFFERSIZE];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:3989:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[BUFFERSIZE];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:4080:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char txt[255];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:4105:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char state[8];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:4356:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	MAXTICS = atoi(a->argv[3]);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:4383:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[128];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:4424:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[128];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:4441:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	port = atoi(a->argv[3]);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:5332:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		port = atoi(a->argv[4]);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:5375:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		port = atoi(a->argv[4]);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:5412:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		port = atoi(a->argv[4]);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:5418:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			msg_number = atoi(a->argv[5]);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:5442:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			msg_number = atoi(a->argv[5]);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:5459:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		port = atoi(a->argv[4]);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:5497:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	port = atoi(a->argv[3]);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:5500:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		channel = atoi(a->argv[4]);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:5684:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[BUFFERSIZE];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:5928:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lang[BUFFERSIZE + 1];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:5929:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char faxdetect[BUFFERSIZE + 1];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:5930:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[256];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:5931:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf2[256];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:6043:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char callerid[BUFFERSIZE + 1];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:6782:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char tmp[16];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:6919:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[2] = { digit, 0 };
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:7199:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		tmpcause = atoi(var);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:7356:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char context_tmp[BUFFERSIZE];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:7858:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char group[BUFFERSIZE + 1] = "";
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:7859:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dial_str[128];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:7910:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			channel = atoi(p);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:7911:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			port = atoi(args.intf);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:7914:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			port = atoi(args.intf);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:7931:15:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		record_id = atol(args.ext);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:7958:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char cfg_group[BUFFERSIZE + 1];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:8154:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char newname[255];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:8792:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (tmp && (atoi(tmp) == 1)) {
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:8813:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[32];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:8957:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char id_str[32];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:9100:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[32];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:9906:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char number[sizeof(dialed->number)];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:10245:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char tmp[16];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:11180:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	cc_record = misdn_cc_find_by_id(atoi(args.cc_id));
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:11319:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ports[256] = "";
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:11320:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tempbuf[BUFFERSIZE + 1];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:11321:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ntfile[BUFFERSIZE + 1];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:11649:14:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	record_id = atol(subcommand->arg[0]);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:11746:14:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	record_id = atol(subcommand->arg[0]);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:11828:14:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	record_id = atol(subcommand->arg[0]);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:11831:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	priority = atoi(subcommand->arg[3]);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:11901:14:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	record_id = atol(subcommand->arg[0]);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:11904:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	priority = atoi(subcommand->arg[3]);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:12294:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char group[BUFFERSIZE + 1];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:12320:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	timeout = atoi(args.timeout);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:12332:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char cfg_group[BUFFERSIZE + 1];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:12348:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		port = atoi(port_str);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:12413:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				ch->jb_len = atoi(++tok);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:12417:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				ch->jb_upper_threshold = atoi(++tok);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:12437:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				rxgain = atoi(++tok);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:12448:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				txgain = atoi(++tok);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:12461:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			keyidx = atoi(++tok);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:12463:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char keys[4096];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:12499:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					ch->bc->ec_deftaps = atoi(tok);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:12771:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1024];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:12772:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char port_buf[8];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:12804:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char ctimebuf[30];
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:12810:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fp = fopen(global_tracefile, "a+");
data/asterisk-16.15.0~dfsg/channels/chan_motif.c:307:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char remote_original[XMPP_MAX_JIDLEN];/*!< Identifier of the original remote party (remote may have changed due to redirect) */
data/asterisk-16.15.0~dfsg/channels/chan_motif.c:308:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char remote[XMPP_MAX_JIDLEN];         /*!< Identifier of the remote party */
data/asterisk-16.15.0~dfsg/channels/chan_motif.c:939:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char tmp[30];
data/asterisk-16.15.0~dfsg/channels/chan_motif.c:1002:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char ufrag[17] = "";
data/asterisk-16.15.0~dfsg/channels/chan_motif.c:1314:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char tmp[32];
data/asterisk-16.15.0~dfsg/channels/chan_motif.c:1908:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *dialed, target[1024] = "";
data/asterisk-16.15.0~dfsg/channels/chan_motif.c:2228:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char combined[33] = "";
data/asterisk-16.15.0~dfsg/channels/chan_nbs.c:52:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char context[AST_MAX_EXTENSION] = "default";
data/asterisk-16.15.0~dfsg/channels/chan_nbs.c:60:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char app[16];					/* Our app */
data/asterisk-16.15.0~dfsg/channels/chan_nbs.c:61:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char stream[80];				/* Our stream */
data/asterisk-16.15.0~dfsg/channels/chan_nbs.c:119:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char stream[256];
data/asterisk-16.15.0~dfsg/channels/chan_oss.c:287:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char device[64];			/*!< device to open */
data/asterisk-16.15.0~dfsg/channels/chan_oss.c:295:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ext[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/chan_oss.c:296:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ctx[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/channels/chan_oss.c:297:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char language[MAX_LANGUAGE];
data/asterisk-16.15.0~dfsg/channels/chan_oss.c:298:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_name[256];         /*!< Initial CallerID name */
data/asterisk-16.15.0~dfsg/channels/chan_oss.c:299:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_num[256];          /*!< Initial CallerID number  */
data/asterisk-16.15.0~dfsg/channels/chan_oss.c:300:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mohinterpret[MAX_MUSICCLASS];
data/asterisk-16.15.0~dfsg/channels/chan_oss.c:303:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char oss_write_buf[FRAME_SIZE * 2];
data/asterisk-16.15.0~dfsg/channels/chan_oss.c:308:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char oss_read_buf[FRAME_SIZE * 2 + AST_FRIENDLY_OFFSET];
data/asterisk-16.15.0~dfsg/channels/chan_oss.c:496:21:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = o->sounddev = open(o->device, mode | O_NONBLOCK);
data/asterisk-16.15.0~dfsg/channels/chan_oss.c:691:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(o->oss_write_buf + o->oss_write_dst, f->data.ptr + src, l);
data/asterisk-16.15.0~dfsg/channels/chan_oss.c:697:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(o->oss_write_buf + o->oss_write_dst, f->data.ptr + src, l);
data/asterisk-16.15.0~dfsg/channels/chan_oss.c:1010:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[TEXT_SIZE];
data/asterisk-16.15.0~dfsg/channels/chan_oss.c:1389:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(o->mohinterpret, "default");
data/asterisk-16.15.0~dfsg/channels/chan_oss.c:1485:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&global_jbconf, &default_jbconf, sizeof(struct ast_jb_conf));
data/asterisk-16.15.0~dfsg/channels/chan_phone.c:97:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char context[AST_MAX_EXTENSION] = "default";
data/asterisk-16.15.0~dfsg/channels/chan_phone.c:100:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char language[MAX_LANGUAGE] = "";
data/asterisk-16.15.0~dfsg/channels/chan_phone.c:140:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dev[256];					/* Device name */
data/asterisk-16.15.0~dfsg/channels/chan_phone.c:143:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char offset[AST_FRIENDLY_OFFSET];
data/asterisk-16.15.0~dfsg/channels/chan_phone.c:144:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[PHONE_MAX_BUF];					/* Static buffer for reading frames */
data/asterisk-16.15.0~dfsg/channels/chan_phone.c:151:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/chan_phone.c:152:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char obuf[PHONE_MAX_BUF * 2];
data/asterisk-16.15.0~dfsg/channels/chan_phone.c:153:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ext[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/chan_phone.c:154:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char language[MAX_LANGUAGE];
data/asterisk-16.15.0~dfsg/channels/chan_phone.c:155:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_num[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/chan_phone.c:156:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_name[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/chan_phone.c:159:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char cid_num[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/chan_phone.c:160:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char cid_name[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/chan_phone.c:631:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(p->obuf + p->obuflen, buf, len);
data/asterisk-16.15.0~dfsg/channels/chan_phone.c:670:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmpbuf[4];
data/asterisk-16.15.0~dfsg/channels/chan_phone.c:819:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(tmpbuf, frame->data.ptr, 4);
data/asterisk-16.15.0~dfsg/channels/chan_phone.c:927:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1024];
data/asterisk-16.15.0~dfsg/channels/chan_phone.c:939:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char digit[2] = {0 , 0};
data/asterisk-16.15.0~dfsg/channels/chan_phone.c:1197:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		tmp->fd = open(iface, O_RDWR);
data/asterisk-16.15.0~dfsg/channels/chan_pjsip.c:653:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[512];
data/asterisk-16.15.0~dfsg/channels/chan_pjsip.c:700:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char err[PJ_ERR_MSG_SIZE];
data/asterisk-16.15.0~dfsg/channels/chan_pjsip.c:1324:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ind_data->frame_data, frame_data, datalen);
data/asterisk-16.15.0~dfsg/channels/chan_pjsip.c:1649:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char condition_name[256];
data/asterisk-16.15.0~dfsg/channels/chan_pjsip.c:2091:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char local_info[pj_strlen(&session->inv_session->dlg->local.info_str) + 1];
data/asterisk-16.15.0~dfsg/channels/chan_rtp.c:284:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *opt_args[OPT_ARG_ARRAY_SIZE];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:787:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char default_language[MAX_LANGUAGE];      /*!< Default language setting for new channels */
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:788:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char default_callerid[AST_MAX_EXTENSION]; /*!< Default caller ID for sip messages */
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:789:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char default_mwi_from[80];                /*!< Default caller ID for MWI updates */
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:790:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char default_fromdomain[AST_MAX_EXTENSION]; /*!< Default domain on outound messages */
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:792:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char default_notifymime[AST_MAX_EXTENSION]; /*!< Default MIME media type for MWI notify messages */
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:793:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char default_vmexten[AST_MAX_EXTENSION];    /*!< Default From Username on MWI updates */
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:796:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char default_mohinterpret[MAX_MUSICCLASS];  /*!< Global setting for moh class to use when put on hold */
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:797:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char default_mohsuggest[MAX_MUSICCLASS];    /*!< Global setting for moh class to suggest when putting
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:799:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char default_parkinglot[AST_MAX_CONTEXT];   /*!< Parkinglot */
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:800:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char default_engine[256];                   /*!< Default RTP engine */
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:802:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char default_zone[MAX_TONEZONE_COUNTRY];        /*!< Default tone zone for channels created from the SIP driver */
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:840:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char global_useragent[AST_MAX_EXTENSION];    /*!< Useragent for the SIP channel */
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:841:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char global_sdpsession[AST_MAX_EXTENSION];   /*!< SDP session name for the SIP channel */
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:842:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char global_sdpowner[AST_MAX_EXTENSION];     /*!< SDP owner name for the SIP channel */
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:888:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char used_context[AST_MAX_CONTEXT];        /*!< name of automatically created context for unloading */
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:1132:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char externhost[MAXHOSTNAMELEN];   /*!< External host name */
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:2134:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tuple_id[64];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:2323:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char interface_name[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:2338:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char subscribe_uri[SIPBUFSIZE];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:2339:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char device_name[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:2700:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char data[payload_len + 1];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:2924:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char readbuf[4097];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:2988:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1024] = "";
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:3987:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[80], *c = buf; /* max history length */
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:4001:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(hist->event, buf, l);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:4389:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char method_str[31];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:5168:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char port[10];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:5169:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ipaddr[INET6_ADDRSTRLEN];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:5170:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char regseconds[20];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:5172:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char str_lastms[20];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:5239:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char multi[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:5582:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char portstring[6]; /* up to 5 digits plus null terminator */
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:5689:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ipaddr[INET6_ADDRSTRLEN];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:6320:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char host[MAXHOSTNAMELEN];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:6321:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char service[MAXHOSTNAMELEN];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:6454:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char uri[SIPBUFSIZE] = "";
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:6462:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char device_name[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:6540:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[SIPBUFSIZE / 2];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:6834:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:7312:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char quality_buf[AST_MAX_USER_FIELD];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:8415:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char valuebuf[1024];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:8819:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[33];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:8882:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[33];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:9196:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char invite_branch[32] = { 0, };
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:9460:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char totag[128];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:9461:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fromtag[128];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:9713:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[256] = "";
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:9748:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		if (!(portnum = atoi(porta))) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:10304:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char red_fmtp[100] = "empty";	/* For T.140 RED */
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:10425:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char protocol[18] = {0,};
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:10712:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(offer->decline_m_line, "m=image 0 udptl t38\r\n");
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:10762:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char type[20] = {0,};
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:11273:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char unique[128];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:11375:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char proto[4], host[258];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:11424:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ufrag[256], pwd[256], foundation[33], transport[4], address[46], cand_type[6], relay_address[46] = "";
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:11497:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char value[256], hash[32];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:11549:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mimeSubtype[128];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:11550:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fmtp_string[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:11629:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mimeSubtype[128];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:11632:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fmtp_string[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:11683:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mimeSubtype[128];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:11700:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(red_fmtp, "fmtp:%u ", codec);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:11732:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char s[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:11849:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char supported_value[SIPBUFSIZE];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:11891:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char clen[10];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:11901:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char clen[10];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:11972:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char new[512];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:11979:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char leftmost[512], *others, *rport;
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:12057:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *trans, *maddr, hostname[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:12259:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char newto[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:12289:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char se_hdr[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:12315:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char contact[SIPBUFSIZE];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:12352:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char stripped[80];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:12353:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[80];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:12354:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char newto[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:12487:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char se_hdr[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:12528:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[20];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:12544:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(buf, "Q.850;cause=%i", hangupcause & 0x7f);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:12662:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char minse_str[20];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:12684:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:12696:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[32];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:12733:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[32];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:12745:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[512];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:12772:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmpf[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:12820:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char domain[MAXHOSTNAMELEN];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:12950:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:12987:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp2[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:12988:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lid_name_buf[128];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:13548:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char subject[256];				/* Subject of the session */
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:13549:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char owner[256];				/* Session owner/creator */
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:13550:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char connection[256];				/* Connection data */
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:13552:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char bandwidth[256] = "";			/* Max bitrate */
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:14105:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char uri[SIPBUFSIZE];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:14304:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char stripped[SIPBUFSIZE];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:14400:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[SIPBUFSIZE];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:14429:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp_n[SIPBUFSIZE/2];	/* build a local copy of 'n' if needed */
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:14430:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp_l[SIPBUFSIZE/2];	/* build a local copy of 'l' if needed */
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:14561:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(from_buf + 1, n, name_len);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:14671:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char header_text[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:14672:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char encoded_number[SIPBUFSIZE/2];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:14708:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char escaped_name[SIPBUFSIZE/2];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:14820:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char i2astr[10];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:15092:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char transport[MAXHOSTNAMELEN];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:15213:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hint[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:15343:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char local_display[AST_MAX_EXTENSION * 2];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:15344:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char remote_display[AST_MAX_EXTENSION * 2];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:15464:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char uri[SIPBUFSIZE + sizeof("cc-URI: \r\n") - 1];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:15465:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char state_str[64];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:15466:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char subscription_state_hdr[64];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:15494:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char from[256], to[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:15653:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[SIPBUFSIZE/2];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:16123:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char from[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:16124:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char to[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:16125:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[80];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:16126:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char addr[80];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:16141:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char transport[MAXHOSTNAMELEN];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:16331:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char digest[1024];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:16429:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char from[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:16432:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char referto[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:16595:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char digest[1024];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:16611:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[20];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:16770:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:16771:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char path[SIPBUFSIZE * 2];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:16774:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char full_addr[128];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:16800:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		expire = atoi(args.expiry_str);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:16838:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char contact[SIPBUFSIZE];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:16920:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char contact_buf[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:16988:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char contact[SIPBUFSIZE];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:16989:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data[SIPBUFSIZE];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:16991:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int expire = atoi(expires);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:17373:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char a1_hash[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:17374:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char resp_hash[256]="";
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:17474:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char a1[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:17482:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char a2[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:17483:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char a2_hash[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:17484:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char resp[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:17891:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:17950:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		int expire = atoi(expires);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:17954:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				expire = atoi(expires + 9);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:18217:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pai[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:18218:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char privacy[64];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:18221:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char emptyname[1] = "";
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:18293:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:18421:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256], *exten, *rexten, *rdomain, *rname = NULL;
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:18535:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256] = "", *uri, *unused_password, *domain;
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:18609:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char domain_context[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:19070:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256] = "", *c, *a;
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:19191:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char via[512];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:19519:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char calleridname[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:19703:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name_buf[1024];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:19704:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char val_buf[1024];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:19742:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char from_name[50];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:19743:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char stripped[SIPBUFSIZE];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:19885:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char from_buf[128];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:19945:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ilimits[40];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:19946:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char iused[40];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:20206:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char idtext[256] = "";
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:20260:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char idtext[256] = "";
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:20311:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char idtext[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:20435:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:20436:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char status[20] = "";
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:20598:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:20678:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *oldcontext, *newcontext, *stalecontext, *stringp, newlist[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:20966:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *a[4];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:21008:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char time[128] = "";
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:21009:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char status[128] = "";
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:21043:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char idText[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:21142:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *a[4];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:21208:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char status[30] = "";
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:21209:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cbuf[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:21391:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buffer[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:21536:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cbuf[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:21672:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char host[80];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:21673:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char user[80];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:21674:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmpdat[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:21772:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char durbuf[10];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:22109:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char host[80];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:22762:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char feat[AST_FEATURE_MAX_LEN];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:22941:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[512];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:23028:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char digest[1024];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:23052:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char digest[1024];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:23077:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[512];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:23079:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char oldnonce[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:23154:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char a1[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:23155:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char a2[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:23156:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char a1_hash[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:23157:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char a2_hash[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:23158:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char resp[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:23159:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char resp_hash[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:23160:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char uri[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:23161:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char opaque[256] = "";
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:23162:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cnonce[80];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:23367:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char short_hdr[2] = { header[0], '\0' };
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:23516:49:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		codec = ast_format_cap_get_format(peer->caps, atoi(codecnum));
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:23632:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char contact[SIPBUFSIZE];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:24871:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		r->expiry = atoi(sip_get_header(req, "Min-Expires"));
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:24954:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			expires=atoi(sip_get_header(req, "expires"));
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:25008:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char str_lastms[20];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:25087:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char digest[1024];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:25235:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char tag[128];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:25549:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char tag[128];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:25826:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		respcode = atoi(code);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:25885:49:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			ast_publish_mwi_state(mailbox, "SIP_Remote", atoi(new), atoi(old));
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:25885:60:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			ast_publish_mwi_state(mailbox, "SIP_Remote", atoi(new), atoi(old));
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:26375:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char unsupported[256] = { 0, };
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:26377:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char exten[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:26378:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char context[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:27624:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char quality_buf[AST_MAX_USER_FIELD], *quality;
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:27811:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char unsupported[256] = { 0, };
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:28628:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char totag[128];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:28768:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char buf[200];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:28881:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			p->expiry = atoi(expires_str);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:29209:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char seconds[4];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:29243:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char tag[128];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:29264:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char totag[128];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:29402:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char readbuf[65535];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:29667:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ca->tls_cfg, &default_tls_cfg, sizeof(*ca->tls_cfg));
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:30816:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:30824:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dialstring[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:31083:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[64];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:31217:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char buf[64];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:31853:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char cid_name[80] = { '\0' }, cid_num[80] = { '\0' };
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:31971:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					peer->callingpres = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:32032:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
						char mailbox[AST_MAX_MAILBOX_UNIQUEID];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:32096:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char tmp[4096];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:32108:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				peer->maxcallbitrate = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:32231:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			peer->call_limit = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:32236:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			peer->busy_level = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:32316:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char transport[MAXHOSTNAMELEN];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:32317:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char _srvlookup[MAXHOSTNAMELEN];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:32551:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char newcontexts[AST_MAX_CONTEXT], oldcontexts[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:32800:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&global_jbconf, &default_jbconf, sizeof(struct ast_jb_conf));
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:32875:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			global_t1 = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:32877:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			int tmp = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:32884:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			global_t1min = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:32933:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			int i = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:33065:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			max_expiry = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:33070:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			min_expiry = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:33075:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			default_expiry = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:33080:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			max_subexpiry = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:33086:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			min_subexpiry = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:33092:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			mwi_expiry = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:33116:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			global_reg_timeout = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:33121:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			global_regattempts_max = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:33278:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			default_maxcallbitrate = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:33540:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(sip_tls_desc.tls_cfg, &default_tls_cfg, sizeof(default_tls_cfg));
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:33598:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char tmp[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:33679:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char temp[MAXHOSTNAMELEN];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:34113:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char varbuf[30];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:34226:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char to_header[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:34235:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char ldomain[256];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:35588:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&sip_tech_info, &sip_tech, sizeof(sip_tech));
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:147:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char dbgcli_buf[256];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:206:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char vmexten[AST_MAX_EXTENSION];      /* Voicemail pilot number */
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:207:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char used_context[AST_MAX_EXTENSION]; /* placeholder to check if context are already used in regcontext */
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:208:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char regcontext[AST_MAX_CONTEXT];     /* Context for auto-extension */
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:209:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char date_format[6] = "D-M-Y";
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:210:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char version_id[16] = "P002F202";
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:290:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[16];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:299:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char space2[3];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:314:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char calledParty[24];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:341:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char res[8];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:371:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char displayMessage[80];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:386:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ipAddr[16];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:413:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dateTemplate[6];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:414:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char res[2];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:416:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char res2[4];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:483:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char remoteIp[16];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:501:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char callingPartyName[40];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:502:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char callingParty[24];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:503:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char calledPartyName[40];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:504:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char calledParty[24];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:508:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char originalCalledPartyName[40];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:509:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char originalCalledParty[24];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:510:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lastRedirectingPartyName[40];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:511:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lastRedirectingParty[24];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:514:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char callingPartyVoiceMailbox[24];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:515:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char calledPartyVoiceMailbox[24];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:516:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char originalCalledPartyVoiceMailbox[24];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:517:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lastRedirectingVoiceMailbox[24];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:526:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fwdallnum[24];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:528:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fwdbusynum[24];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:530:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fwdnoanswernum[24];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:536:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char speedDialDirNumber[24];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:537:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char speedDialDisplayName[40];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:543:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lineDirNumber[24];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:544:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lineDisplayName[24];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:625:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char version[16];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:630:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char text[40];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:643:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char errMsg[33];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:648:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char serverName[48];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:684:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char softKeyLabel[16];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1074:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char promptMessage[32];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1089:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char displayMessage[100];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1099:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dialedNumber[24];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1108:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char url[MAX_SERVICEURL];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1109:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char displayName[40];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1119:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char text[MAXDISPLAYNOTIFYSTR];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1137:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char calldetails[MAXCALLINFOSTR];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1144:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char text[MAXDISPLAYNOTIFYSTR];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1152:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char promptMessage[MAXCALLINFOSTR];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1232:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ourhost[256];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1393:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1421:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[80];					\
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1422:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char label[24];					\
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1423:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char accountcode[AST_MAX_ACCOUNT_CODE];		\
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1424:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten[AST_MAX_EXTENSION];			\
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1425:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[AST_MAX_CONTEXT];			\
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1426:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char language[MAX_LANGUAGE];			\
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1427:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_num[AST_MAX_EXTENSION];		\
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1428:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_name[AST_MAX_EXTENSION];		\
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1429:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lastcallerid[AST_MAX_EXTENSION];		\
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1431:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char call_forward_all[AST_MAX_EXTENSION];	\
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1432:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char call_forward_busy[AST_MAX_EXTENSION];	\
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1433:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char call_forward_noanswer[AST_MAX_EXTENSION];	\
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1434:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mailbox[AST_MAX_MAILBOX_UNIQUEID];		\
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1435:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char vmexten[AST_MAX_EXTENSION];		\
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1436:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char regexten[AST_MAX_EXTENSION];		\
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1437:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char regcontext[AST_MAX_CONTEXT];		\
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1438:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char parkinglot[AST_MAX_CONTEXT];		\
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1439:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mohinterpret[MAX_MUSICCLASS];		\
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1440:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mohsuggest[MAX_MUSICCLASS];		\
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1441:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lastnumberdialed[AST_MAX_EXTENSION];	\
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1442:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dialoutexten[AST_MAX_EXTENSION];		\
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1443:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dialoutcontext[AST_MAX_CONTEXT];		\
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1506:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[80];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1507:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1508:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1509:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char stname[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1510:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lnname[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1511:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ourName[40];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1512:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ourNum[24];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1513:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char theirName[40];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1514:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char theirNum[24];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1524:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char label[42];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1525:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1526:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1538:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char url[MAX_SERVICEURL];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1539:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char displayName[40];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1556:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char type[10];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1562:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[80];						\
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1563:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char id[16];						\
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1564:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char version_id[16];					\
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1565:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char vmexten[AST_MAX_EXTENSION];			\
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1619:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char outbuf[SKINNY_MAX_PACKET];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1650:63:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static void dialandactivatesub(struct skinny_subchannel *sub, char exten[AST_MAX_EXTENSION]);
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:1908:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line[256];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:2189:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *oldcontext, *newcontext, *stalecontext, *stringp, newlist[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:2211:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char multi[256];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:2236:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char multi[256];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:2399:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(s->outbuf, req, skinny_header_size);
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:2400:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(s->outbuf+skinny_header_size, &req->data, letohl(req->len));
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:2426:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[16];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:2498:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *thestrings[13];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:3058:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(req->data.startmedia_ip6.remoteIp, &dest.sin_addr.s_addr, sizeof(dest.sin_addr.s_addr));
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:3294:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(req->data.softkeytemplate.softKeyTemplateDefinition,
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:3418:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hint[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:3712:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(ptr, "general "); /* SAFE */
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:3717:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(ptr, "sub "); /* SAFE */
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:3722:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(ptr, "audio "); /* SAFE */
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:3727:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(ptr, "packet "); /* SAFE */
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:3732:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(ptr, "lock "); /* SAFE */
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:3737:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(ptr, "template "); /* SAFE */
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:3742:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(ptr, "thread "); /* SAFE */
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:3747:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(ptr, "hint "); /* SAFE */
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:3752:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(ptr, "keepalive "); /* SAFE */
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:3766:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[32];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:4093:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char idtext[256] = "";
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:4289:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *a[4];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:4331:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char idtext[256] = "";
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:4449:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char group_buf[256];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:4450:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cbuf[256];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:4575:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *a[4];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:4613:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char immed_str[2] = {immed_dialchar, '\0'};
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:4655:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char text_buf[32];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:4667:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			int priority = atoi(argv[4]);
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:4668:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			int timeout = atoi(argv[5]);
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:4713:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			int priority = atoi(argv[4]);
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:4954:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char buf[24];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:4959:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				aatime = atoi(curstr);
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:5148:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(tmp, "%d", digit);
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:6071:63:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static void dialandactivatesub(struct skinny_subchannel *sub, char exten[AST_MAX_EXTENSION])
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:6430:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char extout[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:6453:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char message[sizeof(msg_prefix) + sizeof(extout)];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:7185:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char extout[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:7208:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char message[sizeof(msg_prefix) + sizeof(extout)];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:7690:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&s->sin, &sin, sizeof(sin));
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:7722:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:7782:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char newcontexts[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:7783:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char oldcontexts[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:7797:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				keep_alive = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:7800:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				int timeout = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:7810:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				int limit = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:8019:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				CLINE_OPTS->callfwdtimeout = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:8077:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				CDEV->addr.sin_port = htons(atoi(v->value));
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:8155:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char buf[256];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:8201:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char buf[256];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:8242:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char buf[256];
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:8319:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(l, default_line, sizeof(*default_line));
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:8380:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(d, default_device, sizeof(*default_device));
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:8479:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&global_jbconf, &default_jbconf, sizeof(struct ast_jb_conf));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:374:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[80]; /*! Like 200 */
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:375:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fullname[101]; /*! Like USTM/200\@black */
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:376:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten[AST_MAX_EXTENSION]; /*! Extension where to start */
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:377:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_num[AST_MAX_EXTENSION]; /*! CallerID Number */
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:378:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mailbox[AST_MAX_EXTENSION]; /*! Mailbox for MWI */
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:379:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char musicclass[MAX_MUSICCLASS]; /*! MusicOnHold class */
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:382:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char accountcode[AST_MAX_ACCOUNT_CODE]; /*! Account code (for billing) */
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:385:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char parkinglot[AST_MAX_CONTEXT]; /*! Parkinglot */
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:398:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[AST_MAX_EXTENSION]; /*!< Context to start in */
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:399:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char phone_number[AST_MAX_EXTENSION];	  /*!< the phone number entered by the user */
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:400:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char redial_number[AST_MAX_EXTENSION];	 /*!< the last phone number entered by the user */
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:401:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char id[18];			    /*!< mac address of the current phone in ascii */
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:402:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[DEVICE_NAME_LEN];     /*!< name of the device */
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:404:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char expsoftkeylabel[EXPNUM][11];       /*!< soft key label */
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:405:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char softkeylabel[FAVNUM][11];       /*!< soft key label */
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:406:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char softkeynumber[FAVNUM][AST_MAX_EXTENSION];      /*!< number dialed when the soft key is pressed */
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:407:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char softkeyicon[FAVNUM];	    /*!< icon number */
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:408:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char softkeydevice[FAVNUM][16];      /*!< name of the device monitored */
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:412:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char language[MAX_LANGUAGE];    /*!< Language for asterisk sounds */
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:414:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char maintext0[25];		     /*!< when the phone is idle, display this string on line 0 */
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:415:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char maintext1[25];		     /*!< when the phone is idle, display this string on line 1 */
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:416:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char maintext2[25];		     /*!< when the phone is idle, display this string on line 2 */
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:417:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char titledefault[13];	  /*!< title (text before date/time) */
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:420:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char country[3];			/*!< country used for dial tone frequency */
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:436:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lst_cid[TEXT_LENGTH_MAX];  /*!< Last callerID received */
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:437:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lst_cnm[TEXT_LENGTH_MAX];  /*!< Last callername recevied */
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:438:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char call_forward[AST_MAX_EXTENSION];   /*!< Forward number */
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:448:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char extension_number[11];      /*!< Extension number entered by the user */
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:471:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buff_entry[16];	    /*!< Buffer for temporary datas */
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:472:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char macaddr[18];		       /*!< mac address of the phone (not always available) */
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:473:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char firmware[8];		       /*!< firmware of the phone (not always available) */
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:475:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[MAX_BUF_NUMBER][MAX_BUF_SIZE];	/*!< Buffer array used to keep the lastest non-acked paquets */
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:704:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
#define BUFFSEND unsigned char buffsend[64] = { 0x00, 0x00, 0xaa, 0xbb, 0x02, 0x01 }
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:779:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ustm_strcopy[1024];
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:815:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char tmp[1024], *p, *p_orig = NULL, *p_trans = NULL;
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:826:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		f = fopen(tmp, "r");
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:881:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ustm_strcopy, lang_entry->str_trans, size);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:909:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[CMSG_SPACE(sizeof(struct in_pktinfo))];
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:973:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((void *)data + sizeof(unsigned short), (void *)&seq, sizeof(unsigned short));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:975:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pte->wsabufsend[buf_pos].buf, data, size);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:998:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + SIZE_HEADER, packet_send_ping, sizeof(packet_send_ping));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1006:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cmbuf[0x100];
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1035:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&toAddr->sin_addr, &addr, sizeof(struct in_addr));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1038:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(toAddr, &public_ip, sizeof(*toAddr));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1054:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&s->sin, addr_from, sizeof(struct sockaddr_in));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1086:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + SIZE_HEADER, packet_send_end_call, sizeof(packet_send_end_call));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1133:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + SIZE_HEADER, packet_send_start_timer, sizeof(packet_send_start_timer));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1143:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + SIZE_HEADER, packet_send_stop_timer, sizeof(packet_send_stop_timer));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1153:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + SIZE_HEADER, packet_send_icon, sizeof(packet_send_icon));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1162:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + SIZE_HEADER, packet_send_expansion_next, sizeof(packet_send_expansion_next));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1173:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + SIZE_HEADER, packet_send_expansion_icon, sizeof(packet_send_expansion_icon));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1191:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + SIZE_HEADER, packet_send_expansion_text, sizeof(packet_send_expansion_text));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1197:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + 11, text, i);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1208:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(buffsend + SIZE_HEADER, packet_send_stream_based_tone_off,
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1223:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(buffsend + SIZE_HEADER, packet_send_stream_based_tone_single_freq,
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1230:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(buffsend + SIZE_HEADER, packet_send_stream_based_tone_dual_freq,
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1241:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + SIZE_HEADER, packet_send_stream_based_tone_on,
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1282:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + SIZE_HEADER, packet_send_favorite, sizeof(packet_send_favorite));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1290:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + FAV_MAX_LENGTH + 1, ustmtext(text, pte), i);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1324:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data[256];
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1593:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + SIZE_HEADER, packet_send_text, sizeof(packet_send_text));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1600:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + 12, text, i);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1618:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(buffsend + SIZE_HEADER, packet_send_status2,
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1622:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(buffsend + 10, (j < n) ? (text + j) : "       ", 7);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1629:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + SIZE_HEADER, packet_send_status, sizeof(packet_send_status));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1634:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + 10, text, i);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1645:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + SIZE_HEADER, packet_send_led_update, sizeof(packet_send_led_update));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1660:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + SIZE_HEADER, packet_send_mute, sizeof(packet_send_mute));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1679:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + SIZE_HEADER, packet_send_select_output,
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1725:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + SIZE_HEADER, packet_send_ring, sizeof(packet_send_ring));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1737:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + SIZE_HEADER, packet_send_no_ring, sizeof(packet_send_no_ring));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1748:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + SIZE_HEADER, packet_send_title, sizeof(packet_send_title));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1753:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + 10, text, i);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1765:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char month_name[MONTH_LABEL_SIZE + 1];
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1771:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + SIZE_HEADER, packet_send_monthlabels_download, sizeof(packet_send_monthlabels_download));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1773:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(month_name, &monthlabels[month * MONTH_LABEL_SIZE], MONTH_LABEL_SIZE);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1774:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(buffsend + SIZE_HEADER + 3 + i*MONTH_LABEL_SIZE, ustmtext(month_name, pte), MONTH_LABEL_SIZE);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1793:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + SIZE_HEADER, packet_send_date_time, sizeof(packet_send_date_time));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1812:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + SIZE_HEADER, packet_send_date_time2, sizeof(packet_send_date_time2));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1835:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + SIZE_HEADER, packet_send_date_time3, sizeof(packet_send_date_time3));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1850:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + SIZE_HEADER, packet_send_blink_cursor, sizeof(packet_send_blink_cursor));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1862:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + SIZE_HEADER, packet_send_set_pos_cursor,
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1902:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + SIZE_HEADER, packet_send_charset, packet_size);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1914:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + SIZE_HEADER, packet_send_query_mac_address,
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1950:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dst, src, sizeof(*dst)); /* this over writes the cap ptr, so we have to reset it */
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:2075:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char addrmac[19];
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:2078:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(&addrmac[i], "%02hhx", buf[tmp]);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:2112:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(newd, d, sizeof(*newd));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:2126:48:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
						snprintf(l->name, sizeof(l->name), "%d", atoi(l->name) + 1);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:2239:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + SIZE_HEADER, packet_send_S1, sizeof(packet_send_S1));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:2245:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + SIZE_HEADER, packet_send_query_basic_manager_04,
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:2252:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + SIZE_HEADER, packet_send_query_basic_manager_10,
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:2283:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[AST_CONFIG_MAX_PATH], tmp2[AST_CONFIG_MAX_PATH];
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:2284:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line1[TEXT_LENGTH_MAX + 1];
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:2325:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((f = fopen(tmp, "r"))) {
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:2353:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		f = fopen(tmp, "w");
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:2389:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(f2 = fopen(tmp2, "w"))) {
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:2490:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(data, callerid, size);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:2749:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(buffsend + SIZE_HEADER, packet_send_rtp_packet_size,
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:2757:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + SIZE_HEADER, packet_send_jitter_buffer_conf,
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:2767:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(buffsend + SIZE_HEADER, packet_send_open_audio_stream_tx3,
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:2770:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(buffsend + SIZE_HEADER, packet_send_open_audio_stream_tx,
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:2774:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(buffsend + 28, &public.sin_addr, sizeof(public.sin_addr));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:2780:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(buffsend + 23, &public.sin_addr, sizeof(public.sin_addr));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:2792:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(buffsend + SIZE_HEADER, packet_send_open_audio_stream_rx3,
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:2795:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(buffsend + SIZE_HEADER, packet_send_open_audio_stream_rx,
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:2799:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(buffsend + 28, &public.sin_addr, sizeof(public.sin_addr));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:2805:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(buffsend + 23, &public.sin_addr, sizeof(public.sin_addr));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:2819:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(buffsend + SIZE_HEADER, packet_send_call, sizeof(packet_send_call));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:2820:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(buffsend + 53, &public.sin_addr, sizeof(public.sin_addr));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:2946:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[TEXT_LENGTH_MAX + 1];
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:2960:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(tmp, tmp_number + offset, tmp_copy);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:2967:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(tmp + strlen(tmp), pte->device->phone_number + offset, pte->device->size_phone_number - offset + 1);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:3689:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[128];
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:3734:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[30], buf2[6];
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:3740:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buf, " (G711u=0,");
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:3821:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp_language[40];
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:3986:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line[TEXT_LENGTH_MAX + 1], status[STATUS_LENGTH_MAX + 1], func1[10], func2[10],
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:4060:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[AST_CONFIG_MAX_PATH];
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:4065:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	*f = fopen(tmp, "r");
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:4111:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmpbuf[TEXT_LENGTH_MAX + 1];
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:4132:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char tmp_field[100];
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:4179:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(tmpbuf, "IP : ");
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:4387:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + SIZE_HEADER, packet_send_s4, sizeof(packet_send_s4));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:4394:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + SIZE_HEADER, packet_send_S7, sizeof(packet_send_S7));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:4399:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + SIZE_HEADER, packet_send_Contrast, sizeof(packet_send_Contrast));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:4408:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + SIZE_HEADER, packet_send_s9, sizeof(packet_send_s9));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:4415:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + SIZE_HEADER, packet_send_S7, sizeof(packet_send_S7));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:4431:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char tmp[30];
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:4438:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(tmp, "MAC = ");
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:4451:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + SIZE_HEADER, packet_send_arrow, sizeof(packet_send_arrow));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:4471:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmpbuf[255];
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:4626:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(tmpbuf, " Unknown request packet\n");
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:4638:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmpbuf[255];
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:4855:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char tmpstr[256];
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:5426:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line[256];
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:5540:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[TEXT_LENGTH_MAX + 1];
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:5557:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char label[11];
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:5558:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char number[16];
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:5659:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(tmp, text + TEXT_LENGTH_MAX, TEXT_LENGTH_MAX);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:5665:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(tmp, text + TEXT_LENGTH_MAX, TEXT_LENGTH_MAX);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:5668:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(tmp, text + TEXT_LENGTH_MAX * 2, TEXT_LENGTH_MAX);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:5962:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:6156:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:6207:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffsend + SIZE_HEADER, tmp, j);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:6289:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(out, src, maxlen);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:6290:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		((char *) out)[maxlen] = '\0';
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:6292:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(out, src, maxlen);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:6299:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line[256];
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:6364:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			d->softkeyicon[p] = atoi(icon);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:6507:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char linelabel[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:6582:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			d->rtp_port = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:6584:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			d->rtp_method = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:6586:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			d->status_method = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:6611:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			dateformat = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:6613:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			timeformat = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:6615:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			d->contrast = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:6625:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			ringvolume = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:6627:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			ringstyle = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:6629:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			cwvolume = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:6631:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			cwstyle = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:6633:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			callhistory = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:6637:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			d->interdigit_timer = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:6639:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			d->dtmfduration = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:6707:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(l, lt, sizeof(*l));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:6757:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			d->height = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:6801:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(d->id, "000000000000");
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:6822:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(d->titledefault, "TimeZone ");
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:6825:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(d->titledefault, "TZ ");
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:6871:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&global_jbconf, &default_jbconf, sizeof(struct ast_jb_conf));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:6882:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			unistim_keepalive = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:6884:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			unistim_port = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:115:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char context[AST_MAX_EXTENSION] = "default";
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:118:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char language[MAX_LANGUAGE] = "";
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:284:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dev[256];                    /*!< Device name, eg vpb/1-1 */
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:288:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[VPB_MAX_BUF];            /*!< Static buffer for reading frames */
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:295:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[AST_MAX_EXTENSION];  /*!< The context for this channel */
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:297:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ext[AST_MAX_EXTENSION];      /*!< DTMF buffer for the ext[ens] */
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:298:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char language[MAX_LANGUAGE];      /*!< language being used */
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:299:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char callerid[AST_MAX_EXTENSION]; /*!< CallerId used for directly connected phone */
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:301:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_num[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:302:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_name[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:340:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char play_dtmf[16];
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:734:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1024];
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:1099:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char s[2] = {0};
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:1101:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_num[256];
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:1102:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_name[256];
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:1107:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char str[VPB_MAX_STR];
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:1308:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char str[VPB_MAX_STR];
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:1495:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[64];
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:1773:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char s[2];
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:1806:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dialstring[254] = "";
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:1851:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&call.tone_map,  DialToneMap, sizeof(DialToneMap));
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:1906:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char str[VPB_MAX_STR];
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:2432:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_num[256];
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:2433:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_name[256];
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:2534:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		group = atoi(name + 1);
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:2715:69:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			ast_log(LOG_NOTICE, "VPB Driver configured to use [%d] cards\n", atoi(v->value));
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:2736:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			timer_period_ring = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:2738:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			ec_supp_threshold = (short)atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:2740:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			dtmf_idd = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:2750:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			board = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:2752:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			group = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:2758:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			UsePolarityCID = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:2760:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			UseLoopDrop = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:2762:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			UseNativeBridge = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:2764:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			int channel = atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:2834:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			gruntdetect_timeout = 1000 * atoi(v->value);
data/asterisk-16.15.0~dfsg/channels/console_board.c:274:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(b->text, b->text + row * b->v_w, b->v_w * (b->v_h - row));
data/asterisk-16.15.0~dfsg/channels/console_gui.c:382:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[2] = { digit, '\0' };
data/asterisk-16.15.0~dfsg/channels/console_gui.c:441:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[160];
data/asterisk-16.15.0~dfsg/channels/console_gui.c:587:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			g_data = g->open(p->name, &env->out.loc_src_geometry, env->out.fps);
data/asterisk-16.15.0~dfsg/channels/console_gui.c:797:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char buf[128];
data/asterisk-16.15.0~dfsg/channels/console_gui.c:799:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(buf, "%c%dx%d", button.button == SDL_BUTTON_RIGHT ? '>' : '<',
data/asterisk-16.15.0~dfsg/channels/console_gui.c:877:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[2] = { map_key(ks), '\0' };
data/asterisk-16.15.0~dfsg/channels/console_gui.c:1099:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	gui->outfd = open ("/dev/null", O_WRONLY);	/* discard output, temporary */
data/asterisk-16.15.0~dfsg/channels/console_gui.c:1130:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1024];
data/asterisk-16.15.0~dfsg/channels/console_gui.c:1141:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = fopen(kp_file, "r");
data/asterisk-16.15.0~dfsg/channels/console_gui.c:1242:12:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		long w = atol(e);
data/asterisk-16.15.0~dfsg/channels/console_gui.c:1539:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int i = atoi(s);
data/asterisk-16.15.0~dfsg/channels/console_gui.c:1565:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char s1[16], s2[16];
data/asterisk-16.15.0~dfsg/channels/console_gui.c:1598:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			r->x = atoi(s2);	/* this becomes x0 */
data/asterisk-16.15.0~dfsg/channels/console_video.c:240:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char codec_name[64];        /* the codec we use */
data/asterisk-16.15.0~dfsg/channels/console_video.c:251:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char keypad_file[256];      /* image for the keypad */
data/asterisk-16.15.0~dfsg/channels/console_video.c:252:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char keypad_font[256];      /* font for the keypad */
data/asterisk-16.15.0~dfsg/channels/console_video.c:254:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sdl_videodriver[256];
data/asterisk-16.15.0~dfsg/channels/console_video.c:301:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char in[128];
data/asterisk-16.15.0~dfsg/channels/console_video.c:304:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(in, "ps -o vsz= -o rss= %d", pid);
data/asterisk-16.15.0~dfsg/channels/console_video.c:340:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			g_data = g->open(v->devices[i].name, &v->loc_src_geometry, v->fps);
data/asterisk-16.15.0~dfsg/channels/console_video.c:863:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char save_display[128] = "";
data/asterisk-16.15.0~dfsg/channels/console_video.c:922:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(buf, "hold");
data/asterisk-16.15.0~dfsg/channels/console_video.h:82:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	void *(*open)(const char *name, struct fbuf_t *geom, int fps);
data/asterisk-16.15.0~dfsg/channels/iax2/codec_pref.c:194:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(buf, "(...)"); /* Safe */
data/asterisk-16.15.0~dfsg/channels/iax2/codec_pref.c:224:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(cur, "...");
data/asterisk-16.15.0~dfsg/channels/iax2/firmware.c:67:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char sum[16], buf[1024];
data/asterisk-16.15.0~dfsg/channels/iax2/firmware.c:88:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	ifd = open(s, O_RDONLY);
data/asterisk-16.15.0~dfsg/channels/iax2/firmware.c:93:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(s2, O_RDWR | O_CREAT | O_EXCL, AST_FILE_MODE);
data/asterisk-16.15.0~dfsg/channels/iax2/firmware.c:211:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[PATH_MAX + sizeof(IAX_FIRMWARE_SUBDIR) + sizeof(de->d_name)];
data/asterisk-16.15.0~dfsg/channels/iax2/include/astobj.h:139:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[namelen]; \
data/asterisk-16.15.0~dfsg/channels/iax2/include/codec_pref.h:36:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char order[IAX2_CODEC_PREF_SIZE];
data/asterisk-16.15.0~dfsg/channels/iax2/include/iax2.h:236:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char iedata[0];
data/asterisk-16.15.0~dfsg/channels/iax2/include/iax2.h:243:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char encdata[0];
data/asterisk-16.15.0~dfsg/channels/iax2/include/iax2.h:252:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char data[0];
data/asterisk-16.15.0~dfsg/channels/iax2/include/iax2.h:258:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char encdata[0];
data/asterisk-16.15.0~dfsg/channels/iax2/include/iax2.h:265:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char data[0];
data/asterisk-16.15.0~dfsg/channels/iax2/include/iax2.h:272:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char data[0];
data/asterisk-16.15.0~dfsg/channels/iax2/include/iax2.h:277:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char data[0];
data/asterisk-16.15.0~dfsg/channels/iax2/include/iax2.h:296:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char devname[16];	/*!< Device */
data/asterisk-16.15.0~dfsg/channels/iax2/include/iax2.h:298:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char chksum[16];	/*!< Checksum of all data */
data/asterisk-16.15.0~dfsg/channels/iax2/include/iax2.h:299:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char data[0];
data/asterisk-16.15.0~dfsg/channels/iax2/include/parser.h:81:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *osptokenblock[IAX_MAX_OSPBLOCK_NUM];
data/asterisk-16.15.0~dfsg/channels/iax2/include/parser.h:137:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char semirand[32];
data/asterisk-16.15.0~dfsg/channels/iax2/include/parser.h:144:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char unused[AST_FRIENDLY_OFFSET];
data/asterisk-16.15.0~dfsg/channels/iax2/include/parser.h:145:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char afdata[0];	/* Data for frame */
data/asterisk-16.15.0~dfsg/channels/iax2/include/parser.h:149:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[1024];
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:99:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&addr, value, len);
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:112:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(output + (4 * i), "\\x%02hhx", *((unsigned char *)value + i));
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:199:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&addr, value, len);
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:209:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[256] = "";
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:219:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256]="";
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:224:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			strcat(tmp, ",8khz");
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:226:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			strcat(tmp, ",11.025khz");
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:228:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			strcat(tmp, ",16khz");
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:230:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			strcat(tmp, ",22.05khz");
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:232:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			strcat(tmp, ",44.1khz");
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:234:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			strcat(tmp, ",48khz");
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:365:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char interp[80];
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:366:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:393:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
						strcpy(interp, "Present");
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:417:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char interp[1024];
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:418:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[1046];
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:441:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
						strcpy(interp, "Present");
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:644:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char retries[20];
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:645:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char class2[20];
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:646:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char subclass2[20];
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:650:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[512];
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:672:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(retries, "Yes");
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:674:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(retries, " No");
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:687:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(subclass2, "%c", fh->csub);
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:723:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:731:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ied->buf + ied->pos, data, datalen);
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:795:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256], *tmp2;
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:933:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&ies->apparent_addr , (struct ast_sockaddr *) (data + 2), len);
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:1210:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(fr->af.data.ptr, f->data.ptr, copy_len);
data/asterisk-16.15.0~dfsg/channels/iax2/provision.c:57:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[80];
data/asterisk-16.15.0~dfsg/channels/iax2/provision.c:58:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char src[80];
data/asterisk-16.15.0~dfsg/channels/iax2/provision.c:59:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char user[20];
data/asterisk-16.15.0~dfsg/channels/iax2/provision.c:60:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pass[20];
data/asterisk-16.15.0~dfsg/channels/iax2/provision.c:61:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lang[10];
data/asterisk-16.15.0~dfsg/channels/iax2/provision.c:213:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[40];
data/asterisk-16.15.0~dfsg/channels/iax2/provision.c:260:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[80] = "";
data/asterisk-16.15.0~dfsg/channels/iax2/provision.c:441:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char server[INET_ADDRSTRLEN];
data/asterisk-16.15.0~dfsg/channels/iax2/provision.c:442:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char alternate[INET_ADDRSTRLEN];
data/asterisk-16.15.0~dfsg/channels/iax2/provision.c:443:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char flags[80];	/* Has to be big enough for 'flags' too */
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:280:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char debug[25];
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:310:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(p+2, callid, callid_len);
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:317:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char debug[25];
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:337:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(callid, p+1, *callid_len);
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:1342:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char debug[768];
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:1345:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(debug + (i * 3), " %02hhx", (unsigned char)user[i]);
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:1360:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(p+3, user, user_len);
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:1383:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(user, p+2, (*user_len<=128)?*(user_len):128); /* clip to 128 maximum */
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:1387:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char debug[768];
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:1390:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(debug + (i * 3), " %02hhx", (unsigned char)user[i]);
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:263:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char tone_425_flip[TONE_425_SIZE];
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:264:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char tone_silence_flip[TONE_SILENCE_SIZE];
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:319:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char flip_table[256];
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:818:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buff[32];
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:1040:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buff[1025];
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:1252:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		unsigned char buff[1025];
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:1277:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buff[1025];
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:1456:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1024];
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:1941:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(bc, hold_bc, sizeof(*bc));
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:2303:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char n1[32],n2[32];
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:2306:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(n1,"/tmp/misdn-rx-%d.raw",id);
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:2307:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(n2,"/tmp/misdn-tx-%d.raw",id);
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:2309:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	rx = fopen(n1,"a+");
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:2310:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	tx = fopen(n2,"a+");
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:2332:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[4096 + mISDN_HEADER_LEN];
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:2367:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(data, tone_silence_flip, TONE_SILENCE_SIZE );
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:2372:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(data, tone_silence_flip, rest);
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:2453:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char buf[128];
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:2461:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char buf[128];
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:3118:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buff[1025] = "";
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:3144:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1024];
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:4147:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char plist[1024];
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:4174:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(tone_425_flip,tone_425,TONE_425_SIZE);
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:4177:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(tone_silence_flip,tone_SILENCE,TONE_SILENCE_SIZE);
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:4198:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		int port = atoi(tok);
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:4292:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char buf[1024];
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:4331:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[128];
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:4354:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[128];
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:4385:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[4096 + mISDN_HEADER_LEN];
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:4402:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&buf[mISDN_HEADER_LEN], data,len);
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:4421:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buffer[mISDN_HEADER_LEN+2*sizeof(int)];
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:4472:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buffer[mISDN_HEADER_LEN+sizeof(int)+c2_len];
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:4482:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(d, c2, c2_len);
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:4598:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[mISDN_HEADER_LEN + 128] = "";
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:4707:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data[16] = "";
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.h:266:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char number[MISDN_MAX_NUMBER_LEN];
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.h:269:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char subaddress[MISDN_MAX_SUBADDRESS_LEN];
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.h:295:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[MISDN_MAX_NAME_LEN];
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.h:298:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char number[MISDN_MAX_NUMBER_LEN];
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.h:301:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char subaddress[MISDN_MAX_SUBADDRESS_LEN];
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.h:348:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char incoming_cid_tag[MISDN_MAX_NAME_LEN];
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.h:529:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char crypt_key[255];
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.h:642:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char display[84];
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.h:647:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char keypad[MISDN_MAX_KEYPAD_LEN];
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.h:650:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char info_dad[MISDN_MAX_NUMBER_LEN];
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.h:653:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char infos_pending[MISDN_MAX_NUMBER_LEN];
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.h:663:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 	char uu[256];
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.h:685:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pipeline[128];
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib_intern.h:138:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char channels[MAX_BCHANS + 1 + MISDN_MAX_REGISTER_LINKS];
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_msg_parser.c:82:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[256];
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_msg_parser.c:102:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(p, buf, len);
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_msg_parser.c:330:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(bc->setup_bc_hlc_llc.Bc.Contents, p + 1, *p);
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_msg_parser.c:347:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(bc->setup_bc_hlc_llc.Llc.Contents, p + 1, *p);
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_msg_parser.c:364:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(bc->setup_bc_hlc_llc.Hlc.Contents, p + 1, *p);
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_msg_parser.c:573:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char display[sizeof(bc->display)];
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_msg_parser.c:710:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char display[sizeof(bc->display)];
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_msg_parser.c:1262:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char number[sizeof(bc->redirecting.to.number)];
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_msg_parser.c:1321:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char fac_tmp[256];
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_msg_parser.c:1358:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ie_fac, fac_tmp, len);
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_msg_parser.c:1460:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char number[sizeof(bc->redirecting.to.number)];
data/asterisk-16.15.0~dfsg/channels/misdn/portinfo.c:22:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buff[1025];
data/asterisk-16.15.0~dfsg/channels/misdn_config.c:90:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[BUFFERSIZE];
data/asterisk-16.15.0~dfsg/channels/misdn_config.c:93:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char def[BUFFERSIZE];
data/asterisk-16.15.0~dfsg/channels/misdn_config.c:95:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char desc[BUFFERSIZE];
data/asterisk-16.15.0~dfsg/channels/misdn_config.c:581:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		if (!memcpy(buf, &ptp[port], (bufsize > ptp[port]) ? sizeof(ptp[port]) : bufsize))
data/asterisk-16.15.0~dfsg/channels/misdn_config.c:611:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
						memcpy(buf, port_cfg[port][place].any, bufsize);
data/asterisk-16.15.0~dfsg/channels/misdn_config.c:613:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
						memcpy(buf, port_cfg[0][place].any, bufsize);
data/asterisk-16.15.0~dfsg/channels/misdn_config.c:624:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
						memcpy(buf, general_cfg[place].any, bufsize);
data/asterisk-16.15.0~dfsg/channels/misdn_config.c:781:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[16];
data/asterisk-16.15.0~dfsg/channels/misdn_config.c:791:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(tmp, "%dptp,", i);
data/asterisk-16.15.0~dfsg/channels/misdn_config.c:793:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(tmp, "%d,", i);
data/asterisk-16.15.0~dfsg/channels/misdn_config.c:808:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tempbuf[BUFFERSIZE] = "";
data/asterisk-16.15.0~dfsg/channels/misdn_config.c:986:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(dest->num, &tmp, sizeof(int));
data/asterisk-16.15.0~dfsg/channels/misdn_config.c:1002:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(dest->num, &tmp, sizeof(int));
data/asterisk-16.15.0~dfsg/channels/misdn_config.c:1070:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char ptpbuf[BUFFERSIZE] = "";
data/asterisk-16.15.0~dfsg/channels/misdn_config.c:1108:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(port_cfg[i], cfg_tmp, sizeof(cfg_tmp));
data/asterisk-16.15.0~dfsg/channels/misdn_config.c:1116:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char misdn_init[BUFFERSIZE];
data/asterisk-16.15.0~dfsg/channels/misdn_config.c:1117:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line[BUFFERSIZE];
data/asterisk-16.15.0~dfsg/channels/misdn_config.c:1125:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fp = fopen(misdn_init, "r");
data/asterisk-16.15.0~dfsg/channels/misdn_config.c:1149:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename[128];
data/asterisk-16.15.0~dfsg/channels/misdn_config.c:1154:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fp = fopen(filename, "r");
data/asterisk-16.15.0~dfsg/channels/misdn_config.c:1174:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			_parse(&(port_cfg[0][i]), (char *)port_spec[i].def, port_spec[i].type, port_spec[i].boolint_def);
data/asterisk-16.15.0~dfsg/channels/misdn_config.c:1178:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			_parse(&(general_cfg[i]), (char *)gen_spec[i].def, gen_spec[i].type, gen_spec[i].boolint_def);
data/asterisk-16.15.0~dfsg/channels/misdn_config.c:1221:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&global_jbconf, &default_jbconf, sizeof(struct ast_jb_conf));
data/asterisk-16.15.0~dfsg/channels/pjsip/cli_commands.c:350:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char codec_in_use[7];
data/asterisk-16.15.0~dfsg/channels/pjsip/dialplan_functions.c:541:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *t38state_to_string[T38_MAX_ENUM] = {
data/asterisk-16.15.0~dfsg/channels/sig_analog.c:65:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char analog_defaultcic[64] = "";
data/asterisk-16.15.0~dfsg/channels/sig_analog.c:66:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char analog_defaultozz[64] = "";
data/asterisk-16.15.0~dfsg/channels/sig_analog.c:991:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dest[256]; /* must be same length as p->dialdest */
data/asterisk-16.15.0~dfsg/channels/sig_analog.c:1715:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten[AST_MAX_EXTENSION] = "";
data/asterisk-16.15.0~dfsg/channels/sig_analog.c:1716:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten2[AST_MAX_EXTENSION] = "";
data/asterisk-16.15.0~dfsg/channels/sig_analog.c:1717:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dtmfcid[300];
data/asterisk-16.15.0~dfsg/channels/sig_analog.c:1718:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dtmfbuf[300];
data/asterisk-16.15.0~dfsg/channels/sig_analog.c:1719:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char namebuf[ANALOG_MAX_CID];
data/asterisk-16.15.0~dfsg/channels/sig_analog.c:1720:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char numbuf[ANALOG_MAX_CID];
data/asterisk-16.15.0~dfsg/channels/sig_analog.c:1931:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char anibuf[100];
data/asterisk-16.15.0~dfsg/channels/sig_analog.c:2002:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				caller->ani2 = atoi(s1);
data/asterisk-16.15.0~dfsg/channels/sig_analog.c:3219:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char cid_num[256];
data/asterisk-16.15.0~dfsg/channels/sig_analog.c:3220:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char cid_name[256];
data/asterisk-16.15.0~dfsg/channels/sig_analog.h:133:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dialstr[256];
data/asterisk-16.15.0~dfsg/channels/sig_analog.h:312:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mohsuggest[MAX_MUSICCLASS];
data/asterisk-16.15.0~dfsg/channels/sig_analog.h:313:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_num[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/sig_analog.h:314:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_name[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/sig_analog.h:334:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char callwait_num[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/sig_analog.h:335:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char callwait_name[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/sig_analog.h:336:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lastcid_num[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/sig_analog.h:337:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lastcid_name[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/sig_analog.h:340:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char echorest[20];
data/asterisk-16.15.0~dfsg/channels/sig_analog.h:343:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dialdest[256];
data/asterisk-16.15.0~dfsg/channels/sig_analog.h:347:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char finaldial[64];
data/asterisk-16.15.0~dfsg/channels/sig_analog.h:350:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char call_forward[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:155:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[1];
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:749:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			ptr += sprintf(ptr, "%02hhx", (unsigned char)pri_subaddress->data[x]);
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:754:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(ptr, "%01hhx", (unsigned char)((pri_subaddress->data[len]) >> 4));
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:757:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(ptr, "%02hhx", (unsigned char)pri_subaddress->data[len]);
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:2061:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ex[128];
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:2120:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:2300:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char number[AST_MAX_EXTENSION * 2];
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:2969:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char device_name[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:2970:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dialstring[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:3040:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char device_name[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:5782:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ani2str[6];
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:5783:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char calledtonstr[10];
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:5882:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char plancallingnum[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:5883:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char plancallingani[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:6257:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char idlen[128];
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:6458:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char cause_str[36];
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:6662:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char db_chan_name[20];
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:6663:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char db_answer[15];
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:7763:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				if (atoi(cause)) {
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:7764:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					icause = atoi(cause);
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:7892:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dest[256]; /* must be same length as p->dialdest */
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:7915:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *opt_args[OPT_ARG_ARRAY_SIZE];
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:8295:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char device_name[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:9368:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line[256];
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:9420:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char status[256];
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:9433:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char status[256];
data/asterisk-16.15.0~dfsg/channels/sig_pri.h:289:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/channels/sig_pri.h:290:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mohinterpret[MAX_MUSICCLASS];
data/asterisk-16.15.0~dfsg/channels/sig_pri.h:298:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_num[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/sig_pri.h:299:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_subaddr[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/sig_pri.h:300:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_name[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/sig_pri.h:301:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_ani[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/sig_pri.h:303:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char user_tag[AST_MAX_EXTENSION * 2];
data/asterisk-16.15.0~dfsg/channels/sig_pri.h:304:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/sig_pri.h:308:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dialdest[256];				/* Queued up digits for overlap dialing.  They will be sent out as information messages when setup ACK is received */
data/asterisk-16.15.0~dfsg/channels/sig_pri.h:311:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char keypad_digits[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/sig_pri.h:314:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char deferred_digits[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/sig_pri.h:316:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char moh_suggested[MAX_MUSICCLASS];
data/asterisk-16.15.0~dfsg/channels/sig_pri.h:509:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char internationalprefix[10];			/*!< country access code ('00' for european dialplans) */
data/asterisk-16.15.0~dfsg/channels/sig_pri.h:510:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char nationalprefix[10];				/*!< area access code ('0' for european dialplans) */
data/asterisk-16.15.0~dfsg/channels/sig_pri.h:511:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char localprefix[20];					/*!< area access code + area code ('0'+area code for european dialplans) */
data/asterisk-16.15.0~dfsg/channels/sig_pri.h:512:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char privateprefix[20];					/*!< for private dialplans */
data/asterisk-16.15.0~dfsg/channels/sig_pri.h:513:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char unknownprefix[20];					/*!< for unknown dialplans */
data/asterisk-16.15.0~dfsg/channels/sig_pri.h:531:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mwi_mailboxes[SIG_PRI_MAX_MWI_MAILBOX_STR];
data/asterisk-16.15.0~dfsg/channels/sig_pri.h:538:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mwi_vm_boxes[SIG_PRI_MAX_MWI_VM_NUMBER_STR];
data/asterisk-16.15.0~dfsg/channels/sig_pri.h:544:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mwi_vm_numbers[SIG_PRI_MAX_MWI_VM_NUMBER_STR];
data/asterisk-16.15.0~dfsg/channels/sig_pri.h:550:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char initial_user_tag[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/sig_pri.h:551:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msn_list[AST_MAX_EXTENSION];		/*!< Comma separated list of MSNs to handle.  Empty if disabled. */
data/asterisk-16.15.0~dfsg/channels/sig_pri.h:552:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char idleext[AST_MAX_EXTENSION];		/*!< Where to idle extra calls */
data/asterisk-16.15.0~dfsg/channels/sig_pri.h:553:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char idlecontext[AST_MAX_CONTEXT];		/*!< What context to use for idle */
data/asterisk-16.15.0~dfsg/channels/sig_pri.h:554:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char idledial[AST_MAX_EXTENSION];		/*!< What to dial before dumping */
data/asterisk-16.15.0~dfsg/channels/sig_pri.h:581:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char context[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/channels/sig_pri.h:582:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char mohinterpret[MAX_MUSICCLASS];
data/asterisk-16.15.0~dfsg/channels/sig_ss7.c:642:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char status[32];
data/asterisk-16.15.0~dfsg/channels/sig_ss7.c:977:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/asterisk-16.15.0~dfsg/channels/sig_ss7.c:1229:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(tmp, "%d", p->cug_interlock_code);
data/asterisk-16.15.0~dfsg/channels/sig_ss7.c:1391:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char mb_state[255];
data/asterisk-16.15.0~dfsg/channels/sig_ss7.c:1464:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char cause_str[30];
data/asterisk-16.15.0~dfsg/channels/sig_ss7.c:1518:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
							char connected_num[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/sig_ss7.c:2185:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
						char connected_num[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/sig_ss7.c:2857:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dest[256];
data/asterisk-16.15.0~dfsg/channels/sig_ss7.c:2921:47:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		isup_set_gen_digits(p->ss7call, gen_digits, atoi(gen_dig_type), atoi(gen_dig_scheme));
data/asterisk-16.15.0~dfsg/channels/sig_ss7.c:2921:67:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		isup_set_gen_digits(p->ss7call, gen_digits, atoi(gen_dig_type), atoi(gen_dig_scheme));
data/asterisk-16.15.0~dfsg/channels/sig_ss7.c:2943:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		isup_set_callref(p->ss7call, atoi(call_ref_id),
data/asterisk-16.15.0~dfsg/channels/sig_ss7.c:2944:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				 call_ref_pc ? atoi(call_ref_pc) : 0);
data/asterisk-16.15.0~dfsg/channels/sig_ss7.c:2954:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		isup_set_tmr(p->ss7call, atoi(tmr));
data/asterisk-16.15.0~dfsg/channels/sig_ss7.c:2988:71:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				isup_set_cug(p->ss7call, ss7_cug_indicator, ss7_cug_interlock_ni, atoi(ss7_cug_interlock_code));
data/asterisk-16.15.0~dfsg/channels/sig_ss7.c:3003:49:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		isup_set_forward_indicator_pmbits(p->ss7call, atoi(ss7_forward_indicator_pmbits));
data/asterisk-16.15.0~dfsg/channels/sig_ss7.c:3049:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					if (atoi(cause)) {
data/asterisk-16.15.0~dfsg/channels/sig_ss7.c:3050:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
						icause = atoi(cause);
data/asterisk-16.15.0~dfsg/channels/sig_ss7.c:3327:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line[256];
data/asterisk-16.15.0~dfsg/channels/sig_ss7.h:237:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/channels/sig_ss7.h:238:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mohinterpret[MAX_MUSICCLASS];
data/asterisk-16.15.0~dfsg/channels/sig_ss7.h:244:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_num[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/sig_ss7.h:245:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_subaddr[AST_MAX_EXTENSION];/*!< XXX SS7 may not support. */
data/asterisk-16.15.0~dfsg/channels/sig_ss7.h:246:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_name[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/sig_ss7.h:247:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_ani[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/sig_ss7.h:248:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/channels/sig_ss7.h:251:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char charge_number[50];
data/asterisk-16.15.0~dfsg/channels/sig_ss7.h:252:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char gen_add_number[50];
data/asterisk-16.15.0~dfsg/channels/sig_ss7.h:253:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char gen_dig_number[50];
data/asterisk-16.15.0~dfsg/channels/sig_ss7.h:254:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char orig_called_num[50];
data/asterisk-16.15.0~dfsg/channels/sig_ss7.h:256:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char redirecting_num[50];
data/asterisk-16.15.0~dfsg/channels/sig_ss7.h:264:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char generic_name[50];
data/asterisk-16.15.0~dfsg/channels/sig_ss7.h:271:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char jip_number[50];
data/asterisk-16.15.0~dfsg/channels/sig_ss7.h:277:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lspi_ident[50];
data/asterisk-16.15.0~dfsg/channels/sig_ss7.h:306:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cug_interlock_ni[5];
data/asterisk-16.15.0~dfsg/channels/sig_ss7.h:339:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char internationalprefix[10];		/*!< country access code ('00' for european dialplans) */
data/asterisk-16.15.0~dfsg/channels/sig_ss7.h:340:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char nationalprefix[10];			/*!< area access code ('0' for european dialplans) */
data/asterisk-16.15.0~dfsg/channels/sig_ss7.h:341:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char subscriberprefix[20];			/*!< area access code + area code ('0'+area code for european dialplans) */
data/asterisk-16.15.0~dfsg/channels/sig_ss7.h:342:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char unknownprefix[20];				/*!< for unknown dialplans */
data/asterisk-16.15.0~dfsg/channels/sig_ss7.h:343:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char networkroutedprefix[20];
data/asterisk-16.15.0~dfsg/channels/sip/config_parser.c:42:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[256] = "";
data/asterisk-16.15.0~dfsg/channels/sip/config_parser.c:270:72:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	reg->refresh = reg->expiry = reg->configured_expiry = (host1.expiry ? atoi(ast_strip_quoted(host1.expiry, "\"", "\"")) : default_expiry);
data/asterisk-16.15.0~dfsg/channels/sip/dialplan_functions.c:248:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char quality_buf[AST_MAX_USER_FIELD];
data/asterisk-16.15.0~dfsg/channels/sip/dialplan_functions.c:355:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(stats, s, sizeof(*stats));
data/asterisk-16.15.0~dfsg/channels/sip/dialplan_functions.c:459:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char cmpstr[256];
data/asterisk-16.15.0~dfsg/channels/sip/include/sip.h:715:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[MAXHOSTNAMELEN];      /*!< DNS name of domain/host or IP */
data/asterisk-16.15.0~dfsg/channels/sip/include/sip.h:763:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char regcontext[AST_MAX_CONTEXT];  /*!< Context for auto-extensions */
data/asterisk-16.15.0~dfsg/channels/sip/include/sip.h:764:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char messagecontext[AST_MAX_CONTEXT];  /*!< Default context for out of dialog msgs. */
data/asterisk-16.15.0~dfsg/channels/sip/include/sip.h:772:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char realm[MAXHOSTNAMELEN]; /*!< Default realm */
data/asterisk-16.15.0~dfsg/channels/sip/include/sip.h:775:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char default_context[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/channels/sip/include/sip.h:776:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char default_subscribecontext[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/channels/sip/include/sip.h:777:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char default_record_on_feature[AST_FEATURE_MAX_LEN];
data/asterisk-16.15.0~dfsg/channels/sip/include/sip.h:778:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char default_record_off_feature[AST_FEATURE_MAX_LEN];
data/asterisk-16.15.0~dfsg/channels/sip/include/sip.h:882:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char domain[MAXHOSTNAMELEN];       /*!< SIP domain we are responsible for */
data/asterisk-16.15.0~dfsg/channels/sip/include/sip.h:883:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[AST_MAX_EXTENSION];   /*!< Incoming context for this domain */
data/asterisk-16.15.0~dfsg/channels/sip/include/sip.h:891:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char event[0];	/* actually more, depending on needs */
data/asterisk-16.15.0~dfsg/channels/sip/include/sip.h:897:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char realm[AST_MAX_EXTENSION];  /*!< Realm in which these credentials are valid */
data/asterisk-16.15.0~dfsg/channels/sip/include/sip.h:898:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char username[256];             /*!< Username */
data/asterisk-16.15.0~dfsg/channels/sip/include/sip.h:899:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char secret[256];               /*!< Secret */
data/asterisk-16.15.0~dfsg/channels/sip/include/sip.h:900:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char md5secret[256];            /*!< MD5Secret */
data/asterisk-16.15.0~dfsg/channels/sip/include/sip.h:991:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char stuff[0];
data/asterisk-16.15.0~dfsg/channels/sip/include/sip.h:1057:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char via[128];                          /*!< Via: header */
data/asterisk-16.15.0~dfsg/channels/sip/include/sip.h:1109:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char zone[MAX_TONEZONE_COUNTRY];      /*!< Default tone zone for channels created by this dialog */
data/asterisk-16.15.0~dfsg/channels/sip/include/sip.h:1138:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lastmsg[256];                  /*!< Last Message sent/received */
data/asterisk-16.15.0~dfsg/channels/sip/include/sip.h:1260:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char id[1];
data/asterisk-16.15.0~dfsg/channels/sip/include/sip.h:1267:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[80];                          /*!< the unique name of this object */
data/asterisk-16.15.0~dfsg/channels/sip/include/sip.h:1425:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lastmsg[256];      /*!< Last Message sent/received */
data/asterisk-16.15.0~dfsg/channels/sip/include/sip.h:1648:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char entity_tag[SIPBUFSIZE];
data/asterisk-16.15.0~dfsg/channels/sip/include/sip.h:1654:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char destination[SIPBUFSIZE];
data/asterisk-16.15.0~dfsg/channels/sip/include/sip.h:1661:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char body[SIPBUFSIZE];
data/asterisk-16.15.0~dfsg/channels/sip/include/sip.h:1735:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char entity_tag[30];
data/asterisk-16.15.0~dfsg/channels/sip/include/sip.h:1777:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char original_callid[SIPBUFSIZE];
data/asterisk-16.15.0~dfsg/channels/sip/include/sip.h:1784:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char original_exten[SIPBUFSIZE];
data/asterisk-16.15.0~dfsg/channels/sip/include/sip.h:1795:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char notify_uri[SIPBUFSIZE];
data/asterisk-16.15.0~dfsg/channels/sip/include/sip.h:1802:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char subscribe_uri[SIPBUFSIZE];
data/asterisk-16.15.0~dfsg/channels/sip/reqresp_parser.c:263:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char uri[1024];
data/asterisk-16.15.0~dfsg/channels/sip/reqresp_parser.c:832:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dname[40];
data/asterisk-16.15.0~dfsg/channels/sip/reqresp_parser.c:907:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char header[256];
data/asterisk-16.15.0~dfsg/channels/sip/reqresp_parser.c:908:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp_name[256];
data/asterisk-16.15.0~dfsg/channels/sip/reqresp_parser.c:1267:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1024];
data/asterisk-16.15.0~dfsg/channels/sip/reqresp_parser.c:1310:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char uri[1024];
data/asterisk-16.15.0~dfsg/channels/sip/reqresp_parser.c:1537:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char contactheader[1024];
data/asterisk-16.15.0~dfsg/channels/sip/reqresp_parser.c:1771:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char unsupported[64];
data/asterisk-16.15.0~dfsg/channels/sip/route.c:44:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char uri[0];
data/asterisk-16.15.0~dfsg/channels/sip/security_events.c:45:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char session_id[32];
data/asterisk-16.15.0~dfsg/channels/sip/security_events.c:70:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char session_id[32];
data/asterisk-16.15.0~dfsg/channels/sip/security_events.c:96:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char session_id[32];
data/asterisk-16.15.0~dfsg/channels/sip/security_events.c:125:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char session_id[32];
data/asterisk-16.15.0~dfsg/channels/sip/security_events.c:151:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char session_id[32];
data/asterisk-16.15.0~dfsg/channels/sip/security_events.c:176:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char session_id[32];
data/asterisk-16.15.0~dfsg/channels/sip/security_events.c:177:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char account_id[256];
data/asterisk-16.15.0~dfsg/channels/sip/security_events.c:212:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char session_id[32];
data/asterisk-16.15.0~dfsg/channels/sip/security_events.c:213:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char account_id[256];
data/asterisk-16.15.0~dfsg/channels/sip/security_events.c:246:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char session_id[32];
data/asterisk-16.15.0~dfsg/channels/sip/security_events.c:282:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char aclname[256];
data/asterisk-16.15.0~dfsg/channels/vcodecs.c:202:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[80];
data/asterisk-16.15.0~dfsg/channels/vcodecs.c:212:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(buf, "%04x: ", (unsigned)i);
data/asterisk-16.15.0~dfsg/channels/vcodecs.c:214:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(buf + 6 + x*3, "%02hhx ", b->data[i]);
data/asterisk-16.15.0~dfsg/channels/vcodecs.c:246:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(data+head, start, len);
data/asterisk-16.15.0~dfsg/channels/vcodecs.c:318:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dst, src, len);
data/asterisk-16.15.0~dfsg/channels/vgrabbers.c:213:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(dev, O_RDONLY | O_NONBLOCK);
data/asterisk-16.15.0~dfsg/codecs/codec_a_mu.c:40:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char mu2a[256];
data/asterisk-16.15.0~dfsg/codecs/codec_a_mu.c:41:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char a2mu[256];
data/asterisk-16.15.0~dfsg/codecs/codec_adpcm.c:250:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&tmp->inbuf[pvt->samples], f->data.ptr, f->datalen);
data/asterisk-16.15.0~dfsg/codecs/codec_amr.c:93:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(apvt->buf + pvt->samples, f->data.ptr, f->datalen);
data/asterisk-16.15.0~dfsg/codecs/codec_amr.c:196:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char temp[f->datalen];
data/asterisk-16.15.0~dfsg/codecs/codec_codec2.c:98:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(tmp->buf + pvt->samples, f->data.ptr, f->datalen);
data/asterisk-16.15.0~dfsg/codecs/codec_dahdi.c:398:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&dahdip->ulaw_buffer[dahdip->samples_in_buffer], f->data.ptr, f->samples);
data/asterisk-16.15.0~dfsg/codecs/codec_dahdi.c:619:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fd = open(dev_filename, O_RDWR)) < 0) {
data/asterisk-16.15.0~dfsg/codecs/codec_dahdi.c:730:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&zt->t.src_codec, src_codec, sizeof(*src_codec));
data/asterisk-16.15.0~dfsg/codecs/codec_dahdi.c:731:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&zt->t.dst_codec, dst_codec, sizeof(*dst_codec));
data/asterisk-16.15.0~dfsg/codecs/codec_dahdi.c:812:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fd = open("/dev/dahdi/transcode", O_RDWR)) < 0) {
data/asterisk-16.15.0~dfsg/codecs/codec_gsm.c:82:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		unsigned char data[2 * GSM_FRAME_LEN];
data/asterisk-16.15.0~dfsg/codecs/codec_gsm.c:132:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(tmp->buf + pvt->samples, f->data.ptr, f->datalen);
data/asterisk-16.15.0~dfsg/codecs/codec_ilbc.c:158:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(tmp->buf + pvt->samples, f->data.ptr, f->datalen);
data/asterisk-16.15.0~dfsg/codecs/codec_lpc10.c:154:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(tmp->buf + pvt->samples, f->data.ptr, f->datalen);
data/asterisk-16.15.0~dfsg/codecs/codec_resample.c:170:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&translators[idx].src_codec, &codec_list[x], sizeof(struct ast_codec));
data/asterisk-16.15.0~dfsg/codecs/codec_resample.c:171:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&translators[idx].dst_codec, &codec_list[y], sizeof(struct ast_codec));
data/asterisk-16.15.0~dfsg/codecs/codec_speex.c:267:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(tmp->buf + pvt->samples, f->data.ptr, f->datalen);
data/asterisk-16.15.0~dfsg/codecs/codec_speex.c:598:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			res = abs(atoi(var->value));
data/asterisk-16.15.0~dfsg/codecs/codec_speex.c:605:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			res = abs(atoi(var->value));
data/asterisk-16.15.0~dfsg/codecs/codec_speex.c:626:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			res = abs(atoi(var->value));
data/asterisk-16.15.0~dfsg/codecs/gsm/src/add.c:98:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char const bitoff[ 256 ] = {
data/asterisk-16.15.0~dfsg/codecs/gsm/src/code.c:15:16:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	extern char	* memcpy P((char *, char *, int));
data/asterisk-16.15.0~dfsg/codecs/gsm/src/code.c:96:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	(void)memcpy( (char *)S->dp0, (char *)(S->dp0 + 160),
data/asterisk-16.15.0~dfsg/contrib/utils/eagi_proxy.c:66:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char buf[BUFSIZE];
data/asterisk-16.15.0~dfsg/contrib/utils/eagi_proxy.c:69:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char window[WINSIZE];
data/asterisk-16.15.0~dfsg/contrib/utils/eagi_proxy.c:351:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(be,buf,end-be);/* copy to higher end */
data/asterisk-16.15.0~dfsg/contrib/utils/eagi_proxy.c:357:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(be,buf,size);/* copy to higher end */
data/asterisk-16.15.0~dfsg/contrib/utils/eagi_proxy.c:375:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(be,buf,size);/* copy the new data between end and start */
data/asterisk-16.15.0~dfsg/contrib/utils/rawplayer.c:21:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fd = open(path,O_RDONLY))) {
data/asterisk-16.15.0~dfsg/formats/format_gsm.c:74:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char gsm[2*GSM_FRAME_SIZE];
data/asterisk-16.15.0~dfsg/formats/format_ogg_speex.c:238:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(fs->fr.data.ptr, s->op.packet, s->op.bytes);
data/asterisk-16.15.0~dfsg/formats/format_pcm.c:42:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ulaw_silence[BUF_SIZE];
data/asterisk-16.15.0~dfsg/formats/format_pcm.c:43:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char alaw_silence[BUF_SIZE];
data/asterisk-16.15.0~dfsg/formats/format_pcm.c:200:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char buf[1024];
data/asterisk-16.15.0~dfsg/formats/format_wav.c:170:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[4];
data/asterisk-16.15.0~dfsg/formats/format_wav_gsm.c:421:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		unsigned char msdata[MSGSM_FRAME_SIZE];
data/asterisk-16.15.0~dfsg/formats/format_wav_gsm.c:457:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		unsigned char *src, msdata[MSGSM_FRAME_SIZE];
data/asterisk-16.15.0~dfsg/formats/format_wav_gsm.c:459:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(s->buf + GSM_FRAME_SIZE, f->data.ptr + len, GSM_FRAME_SIZE);
data/asterisk-16.15.0~dfsg/formats/format_wav_gsm.c:464:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(s->buf, f->data.ptr + len, GSM_FRAME_SIZE);
data/asterisk-16.15.0~dfsg/funcs/func_aes.c:89:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char curblock[AES_BLOCK_SIZE] = { 0, };
data/asterisk-16.15.0~dfsg/funcs/func_aes.c:137:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(curblock, tmpP, (data_len < AES_BLOCK_SIZE) ? data_len : AES_BLOCK_SIZE);
data/asterisk-16.15.0~dfsg/funcs/func_aes.c:150:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(buf, tmp, len);
data/asterisk-16.15.0~dfsg/funcs/func_blacklist.c:59:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char blacklist[1];
data/asterisk-16.15.0~dfsg/funcs/func_callerid.c:658:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		name->valid = atoi(value) ? 1 : 0;
data/asterisk-16.15.0~dfsg/funcs/func_callerid.c:666:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			char_set = atoi(val);
data/asterisk-16.15.0~dfsg/funcs/func_callerid.c:686:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			pres = atoi(val);
data/asterisk-16.15.0~dfsg/funcs/func_callerid.c:732:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		number->valid = atoi(value) ? 1 : 0;
data/asterisk-16.15.0~dfsg/funcs/func_callerid.c:738:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			number->plan = atoi(val);
data/asterisk-16.15.0~dfsg/funcs/func_callerid.c:752:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			pres = atoi(val);
data/asterisk-16.15.0~dfsg/funcs/func_callerid.c:796:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		subaddress->valid = atoi(value) ? 1 : 0;
data/asterisk-16.15.0~dfsg/funcs/func_callerid.c:798:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		subaddress->type = atoi(value) ? 2 : 0;
data/asterisk-16.15.0~dfsg/funcs/func_callerid.c:800:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		subaddress->odd_even_indicator = atoi(value) ? 1 : 0;
data/asterisk-16.15.0~dfsg/funcs/func_callerid.c:835:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char name[256];
data/asterisk-16.15.0~dfsg/funcs/func_callerid.c:836:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char num[256];
data/asterisk-16.15.0~dfsg/funcs/func_callerid.c:875:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			pres = atoi(val);
data/asterisk-16.15.0~dfsg/funcs/func_callerid.c:1008:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char name[80];
data/asterisk-16.15.0~dfsg/funcs/func_callerid.c:1009:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char num[80];
data/asterisk-16.15.0~dfsg/funcs/func_callerid.c:1188:46:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					ast_channel_dialed(chan)->number.plan = atoi(val);
data/asterisk-16.15.0~dfsg/funcs/func_callerid.c:1222:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			ast_channel_caller(chan)->ani2 = atoi(val);
data/asterisk-16.15.0~dfsg/funcs/func_callerid.c:1365:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *opt_args[CONNECTED_LINE_OPT_ARG_ARRAY_SIZE];
data/asterisk-16.15.0~dfsg/funcs/func_callerid.c:1410:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			source = atoi(val);
data/asterisk-16.15.0~dfsg/funcs/func_callerid.c:1607:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *opt_args[REDIRECTING_OPT_ARG_ARRAY_SIZE];
data/asterisk-16.15.0~dfsg/funcs/func_callerid.c:1652:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				reason = atoi(val);
data/asterisk-16.15.0~dfsg/funcs/func_callerid.c:1719:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			pres = atoi(val);
data/asterisk-16.15.0~dfsg/funcs/func_callerid.c:1741:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			reason = atoi(val);
data/asterisk-16.15.0~dfsg/funcs/func_callerid.c:1764:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			redirecting.count = atoi(val);
data/asterisk-16.15.0~dfsg/funcs/func_cdr.c:226:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tempbuf[128];
data/asterisk-16.15.0~dfsg/funcs/func_cdr.c:255:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tempbuf[512];
data/asterisk-16.15.0~dfsg/funcs/func_channel.c:284:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char * const transfercapability_table[0x20] = {
data/asterisk-16.15.0~dfsg/funcs/func_channel.c:412:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char groupbuf[256];
data/asterisk-16.15.0~dfsg/funcs/func_channel.c:416:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char groupbuf[256];
data/asterisk-16.15.0~dfsg/funcs/func_config.c:68:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename[0];
data/asterisk-16.15.0~dfsg/funcs/func_curl.c:374:15:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			long tmp = atol(value);
data/asterisk-16.15.0~dfsg/funcs/func_curl.c:677:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char curl_errbuf[CURL_ERROR_SIZE + 1]; /* add one to be safe */
data/asterisk-16.15.0~dfsg/funcs/func_curl.c:707:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				AST_VECTOR_APPEND(&hasfailurecode, atoi(found));
data/asterisk-16.15.0~dfsg/funcs/func_curl.c:730:42:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
						AST_VECTOR_APPEND(&hasfailurecode, atoi(found));
data/asterisk-16.15.0~dfsg/funcs/func_curl.c:877:33:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	curl_params.cb_data.out_file = fopen(args.file_path, "w");
data/asterisk-16.15.0~dfsg/funcs/func_cut.c:155:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *parse, ds[2], *var_expr;
data/asterisk-16.15.0~dfsg/funcs/func_db.c:326:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[128];
data/asterisk-16.15.0~dfsg/funcs/func_devstate.c:186:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[256] = "";
data/asterisk-16.15.0~dfsg/funcs/func_dialgroup.c:81:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/funcs/func_dialgroup.c:85:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/funcs/func_dialgroup.c:301:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char groupname[AST_MAX_EXTENSION], *ptr;
data/asterisk-16.15.0~dfsg/funcs/func_dialplan.c:156:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		priority_int = atoi(args.priority);
data/asterisk-16.15.0~dfsg/funcs/func_enum.c:166:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tech[80];
data/asterisk-16.15.0~dfsg/funcs/func_enum.c:167:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dest[256] = "", tmp[2] = "", num[AST_MAX_EXTENSION] = "";
data/asterisk-16.15.0~dfsg/funcs/func_enum.c:198:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		record = atoi(args.record) ? atoi(args.record) : record;
data/asterisk-16.15.0~dfsg/funcs/func_enum.c:198:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		record = atoi(args.record) ? atoi(args.record) : record;
data/asterisk-16.15.0~dfsg/funcs/func_enum.c:256:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *parse, tech[128], dest[128];
data/asterisk-16.15.0~dfsg/funcs/func_env.c:328:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fbuf[4096];
data/asterisk-16.15.0~dfsg/funcs/func_env.c:331:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(ff = fopen(filename, "r"))) {
data/asterisk-16.15.0~dfsg/funcs/func_env.c:442:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fbuf[4096];
data/asterisk-16.15.0~dfsg/funcs/func_env.c:446:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(ff = fopen(filename, "r"))) {
data/asterisk-16.15.0~dfsg/funcs/func_env.c:491:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fbuf[4096];
data/asterisk-16.15.0~dfsg/funcs/func_env.c:516:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if (!(ff = fopen(args.filename, "r"))) {
data/asterisk-16.15.0~dfsg/funcs/func_env.c:596:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(ff = fopen(args.filename, "r"))) {
data/asterisk-16.15.0~dfsg/funcs/func_env.c:776:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			if (!(ff = fopen(args.filename, "a"))) {
data/asterisk-16.15.0~dfsg/funcs/func_env.c:786:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			if (!(ff = fopen(args.filename, "w"))) {
data/asterisk-16.15.0~dfsg/funcs/func_env.c:797:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if (!(ff = fopen(args.filename, "r+"))) {
data/asterisk-16.15.0~dfsg/funcs/func_env.c:848:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char fbuf[4096];
data/asterisk-16.15.0~dfsg/funcs/func_env.c:874:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char fbuf[4096];
data/asterisk-16.15.0~dfsg/funcs/func_env.c:954:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			if (!(ff = fopen(args.filename, "a"))) {
data/asterisk-16.15.0~dfsg/funcs/func_env.c:967:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			if (!(ff = fopen(args.filename, "w"))) {
data/asterisk-16.15.0~dfsg/funcs/func_env.c:994:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			if (!(ff = fopen(args.filename, "r+"))) {
data/asterisk-16.15.0~dfsg/funcs/func_groupcount.c:103:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char group[80] = "", category[80] = "";
data/asterisk-16.15.0~dfsg/funcs/func_groupcount.c:152:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char group[80] = "";
data/asterisk-16.15.0~dfsg/funcs/func_groupcount.c:153:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char category[80] = "";
data/asterisk-16.15.0~dfsg/funcs/func_groupcount.c:210:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char grpcat[256];
data/asterisk-16.15.0~dfsg/funcs/func_groupcount.c:244:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp1[1024] = "";
data/asterisk-16.15.0~dfsg/funcs/func_groupcount.c:245:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp2[1024] = "";
data/asterisk-16.15.0~dfsg/funcs/func_lock.c:132:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];
data/asterisk-16.15.0~dfsg/funcs/func_odbc.c:116:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char readhandle[5][30];
data/asterisk-16.15.0~dfsg/funcs/func_odbc.c:117:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char writehandle[5][30];
data/asterisk-16.15.0~dfsg/funcs/func_odbc.c:136:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data[0];
data/asterisk-16.15.0~dfsg/funcs/func_odbc.c:142:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char names[0];
data/asterisk-16.15.0~dfsg/funcs/func_odbc.c:153:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];
data/asterisk-16.15.0~dfsg/funcs/func_odbc.c:471:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			unsigned char state[10], diagnostic[256];
data/asterisk-16.15.0~dfsg/funcs/func_odbc.c:512:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *t, varname[15];
data/asterisk-16.15.0~dfsg/funcs/func_odbc.c:717:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char varname[15], rowcount[12] = "-1";
data/asterisk-16.15.0~dfsg/funcs/func_odbc.c:922:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char colname[256];
data/asterisk-16.15.0~dfsg/funcs/func_odbc.c:1409:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *char_args, varname[15];
data/asterisk-16.15.0~dfsg/funcs/func_odbc.c:1505:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char colname[256];
data/asterisk-16.15.0~dfsg/funcs/func_odbc.c:1625:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *char_args, *char_values, varname[15];
data/asterisk-16.15.0~dfsg/funcs/func_periodic_hook.c:299:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char uid[32];
data/asterisk-16.15.0~dfsg/funcs/func_periodic_hook.c:500:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char args[AST_MAX_EXTENSION + AST_MAX_CONTEXT + 32];
data/asterisk-16.15.0~dfsg/funcs/func_pjsip_contact.c:128:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char aor_name[aor_name_len + 1];
data/asterisk-16.15.0~dfsg/funcs/func_presencestate.c:234:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char decoded_subtype[256] = { 0, };
data/asterisk-16.15.0~dfsg/funcs/func_presencestate.c:235:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char decoded_message[256] = { 0, };
data/asterisk-16.15.0~dfsg/funcs/func_presencestate.c:250:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1301] = "";
data/asterisk-16.15.0~dfsg/funcs/func_presencestate.c:265:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char tmp[1301];
data/asterisk-16.15.0~dfsg/funcs/func_presencestate.c:328:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char state_info[1301];
data/asterisk-16.15.0~dfsg/funcs/func_presencestate.c:713:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pres[1301];
data/asterisk-16.15.0~dfsg/funcs/func_presencestate.c:744:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char out_state[32];
data/asterisk-16.15.0~dfsg/funcs/func_presencestate.c:745:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char out_subtype[32];
data/asterisk-16.15.0~dfsg/funcs/func_presencestate.c:746:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char out_message[32];
data/asterisk-16.15.0~dfsg/funcs/func_presencestate.c:782:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char out_state[32];
data/asterisk-16.15.0~dfsg/funcs/func_presencestate.c:783:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char out_subtype[32];
data/asterisk-16.15.0~dfsg/funcs/func_presencestate.c:784:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char out_message[32];
data/asterisk-16.15.0~dfsg/funcs/func_presencestate.c:785:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char encoded_subtype[64];
data/asterisk-16.15.0~dfsg/funcs/func_presencestate.c:786:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char encoded_message[64];
data/asterisk-16.15.0~dfsg/funcs/func_realtime.c:367:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char storeid[32];
data/asterisk-16.15.0~dfsg/funcs/func_shell.c:56:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char plbuff[4096];
data/asterisk-16.15.0~dfsg/funcs/func_speex.c:146:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char source[80];
data/asterisk-16.15.0~dfsg/funcs/func_sprintf.c:74:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char formatbuf[256] = "";
data/asterisk-16.15.0~dfsg/funcs/func_srv.c:78:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char id[1];
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:450:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char delim[2] = "";
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:514:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char delim[2] = "";
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:718:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char allowed[256] = "";
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:799:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char find[256]; /* Only 256 characters possible */
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:800:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char replace[2] = "";
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:915:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		|| (max_matches = atoi(args.max_replacements)) <= 0) {
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:1011:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char prefix[80];
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:1176:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char varname[256];
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:1204:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char varname[256];
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:1220:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char colnames[4096];
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:1571:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *after, delimiter[2] = ",", *varsubst;
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:1631:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char delimiter[2] = ",", *varsubst;
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:1709:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char expression[256];
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:1781:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char expression[256];
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:1870:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char tmp[256], tmp2[256] = "";
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:1923:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char tmp[512], tmp2[512] = "";
data/asterisk-16.15.0~dfsg/funcs/func_timeout.c:126:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char timestr[64];
data/asterisk-16.15.0~dfsg/include/asterisk.h:57:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define	open(a,...)	__ast_fdleak_open(__FILE__,__LINE__,__PRETTY_FUNCTION__, a, __VA_ARGS__)
data/asterisk-16.15.0~dfsg/include/asterisk.h:63:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define	fopen(a,b)	__ast_fdleak_fopen(a, b, __FILE__,__LINE__,__PRETTY_FUNCTION__)
data/asterisk-16.15.0~dfsg/include/asterisk/abstract_jb.h:78:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char impl[AST_JB_IMPL_NAME_SIZE];
data/asterisk-16.15.0~dfsg/include/asterisk/abstract_jb.h:123:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[AST_JB_IMPL_NAME_SIZE];
data/asterisk-16.15.0~dfsg/include/asterisk/acl.h:71:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[ACL_NAME_LENGTH];     /*!< If this was retrieved from the named ACL subsystem, this is the name of the ACL. */
data/asterisk-16.15.0~dfsg/include/asterisk/agi.h:43:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char * const cmda[AST_MAX_CMD_LEN];		/*!< Null terminated list of the words of the command */
data/asterisk-16.15.0~dfsg/include/asterisk/alaw.h:41:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern unsigned char __ast_lin2a[8192];
data/asterisk-16.15.0~dfsg/include/asterisk/alaw.h:43:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern unsigned char __ast_lin2a[AST_ALAW_TAB_SIZE];
data/asterisk-16.15.0~dfsg/include/asterisk/aoc.h:114:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char currency_name[AOC_CURRENCY_NAME_SIZE];
data/asterisk-16.15.0~dfsg/include/asterisk/aoc.h:135:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char currency_name[AOC_CURRENCY_NAME_SIZE];
data/asterisk-16.15.0~dfsg/include/asterisk/aoc.h:142:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char currency_name[AOC_CURRENCY_NAME_SIZE];
data/asterisk-16.15.0~dfsg/include/asterisk/aoc.h:192:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char number[32];
data/asterisk-16.15.0~dfsg/include/asterisk/app.h:1239:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char *argv[sizeof(struct {arglist}) / sizeof(char *)]; \
data/asterisk-16.15.0~dfsg/include/asterisk/astdb.h:34:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data[0];
data/asterisk-16.15.0~dfsg/include/asterisk/astmm.h:306:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy (__new, __old, __len);                             \
data/asterisk-16.15.0~dfsg/include/asterisk/bridge_channel.h:175:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char collected[MAXIMUM_DTMF_FEATURE_STRING];
data/asterisk-16.15.0~dfsg/include/asterisk/bridge_features.h:222:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char code[MAXIMUM_DTMF_FEATURE_STRING];
data/asterisk-16.15.0~dfsg/include/asterisk/bridge_features.h:289:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/include/asterisk/bridge_features.h:297:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/include/asterisk/bridge_features.h:299:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char abort[MAXIMUM_DTMF_FEATURE_STRING];
data/asterisk-16.15.0~dfsg/include/asterisk/bridge_features.h:301:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char threeway[MAXIMUM_DTMF_FEATURE_STRING];
data/asterisk-16.15.0~dfsg/include/asterisk/bridge_features.h:303:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char complete[MAXIMUM_DTMF_FEATURE_STRING];
data/asterisk-16.15.0~dfsg/include/asterisk/bridge_features.h:305:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char swap[MAXIMUM_DTMF_FEATURE_STRING];
data/asterisk-16.15.0~dfsg/include/asterisk/bucket.h:53:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data[0];
data/asterisk-16.15.0~dfsg/include/asterisk/bucket.h:95:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char path[PATH_MAX];
data/asterisk-16.15.0~dfsg/include/asterisk/ccss.h:839:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char device_name[1];
data/asterisk-16.15.0~dfsg/include/asterisk/ccss.h:875:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char device_name[1];
data/asterisk-16.15.0~dfsg/include/asterisk/cdr.h:278:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char clid[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/include/asterisk/cdr.h:280:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char src[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/include/asterisk/cdr.h:282:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dst[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/include/asterisk/cdr.h:284:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dcontext[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/include/asterisk/cdr.h:286:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char channel[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/include/asterisk/cdr.h:288:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dstchannel[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/include/asterisk/cdr.h:290:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lastapp[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/include/asterisk/cdr.h:292:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lastdata[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/include/asterisk/cdr.h:308:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char accountcode[AST_MAX_ACCOUNT_CODE];
data/asterisk-16.15.0~dfsg/include/asterisk/cdr.h:310:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char peeraccount[AST_MAX_ACCOUNT_CODE];
data/asterisk-16.15.0~dfsg/include/asterisk/cdr.h:314:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char uniqueid[AST_MAX_UNIQUEID];
data/asterisk-16.15.0~dfsg/include/asterisk/cdr.h:316:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char linkedid[AST_MAX_UNIQUEID];
data/asterisk-16.15.0~dfsg/include/asterisk/cdr.h:318:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char userfield[AST_MAX_USER_FIELD];
data/asterisk-16.15.0~dfsg/include/asterisk/channel.h:870:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char args[0];
data/asterisk-16.15.0~dfsg/include/asterisk/channel.h:4114:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char read_filename[FILENAME_MAX];
data/asterisk-16.15.0~dfsg/include/asterisk/channel.h:4115:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char write_filename[FILENAME_MAX];
data/asterisk-16.15.0~dfsg/include/asterisk/channel.h:4116:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename_base[FILENAME_MAX];
data/asterisk-16.15.0~dfsg/include/asterisk/channel.h:4117:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char beep_id[64];
data/asterisk-16.15.0~dfsg/include/asterisk/chanvars.h:31:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];
data/asterisk-16.15.0~dfsg/include/asterisk/cli.h:172:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char * const cmda[AST_MAX_CMD_LEN];	/*!< words making up the command.
data/asterisk-16.15.0~dfsg/include/asterisk/config.h:106:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char stuff[0];
data/asterisk-16.15.0~dfsg/include/asterisk/core_unreal.h:99:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[AST_MAX_EXTENSION + AST_MAX_CONTEXT + 2];
data/asterisk-16.15.0~dfsg/include/asterisk/dns_internal.h:60:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data[0];
data/asterisk-16.15.0~dfsg/include/asterisk/dns_internal.h:70:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data[0];
data/asterisk-16.15.0~dfsg/include/asterisk/dns_internal.h:88:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data[0];
data/asterisk-16.15.0~dfsg/include/asterisk/dns_internal.h:113:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data[0];
data/asterisk-16.15.0~dfsg/include/asterisk/dns_internal.h:133:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[0];
data/asterisk-16.15.0~dfsg/include/asterisk/dns_internal.h:153:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];
data/asterisk-16.15.0~dfsg/include/asterisk/dns_internal.h:173:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];
data/asterisk-16.15.0~dfsg/include/asterisk/dundi.h:41:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char ies[0];
data/asterisk-16.15.0~dfsg/include/asterisk/dundi.h:47:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char iedata[0];
data/asterisk-16.15.0~dfsg/include/asterisk/dundi.h:98:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char iv[16];			/*!< Initialization vector of random data */
data/asterisk-16.15.0~dfsg/include/asterisk/dundi.h:99:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char encdata[0];		/*!< Encrypted / compressed data */
data/asterisk-16.15.0~dfsg/include/asterisk/dundi.h:107:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char data[0];			/*!< Protocol specific URI */
data/asterisk-16.15.0~dfsg/include/asterisk/dundi.h:112:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char data[0];			/*!< For data for hint */
data/asterisk-16.15.0~dfsg/include/asterisk/dundi.h:136:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char desc[0];				/*!< Textual description */
data/asterisk-16.15.0~dfsg/include/asterisk/dundi.h:231:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid_str[20];
data/asterisk-16.15.0~dfsg/include/asterisk/dundi.h:232:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tech[10];
data/asterisk-16.15.0~dfsg/include/asterisk/dundi.h:233:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dest[256];
data/asterisk-16.15.0~dfsg/include/asterisk/dundi.h:237:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char country[80];
data/asterisk-16.15.0~dfsg/include/asterisk/dundi.h:238:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char stateprov[80];
data/asterisk-16.15.0~dfsg/include/asterisk/dundi.h:239:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char locality[80];
data/asterisk-16.15.0~dfsg/include/asterisk/dundi.h:240:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char org[80];
data/asterisk-16.15.0~dfsg/include/asterisk/dundi.h:241:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char orgunit[80];
data/asterisk-16.15.0~dfsg/include/asterisk/dundi.h:242:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char email[80];
data/asterisk-16.15.0~dfsg/include/asterisk/dundi.h:243:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char phone[80];
data/asterisk-16.15.0~dfsg/include/asterisk/dundi.h:244:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ipaddr[80];
data/asterisk-16.15.0~dfsg/include/asterisk/extconf.h:39:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cmt[0];
data/asterisk-16.15.0~dfsg/include/asterisk/extconf.h:51:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char stuff[0];
data/asterisk-16.15.0~dfsg/include/asterisk/extconf.h:55:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[80];
data/asterisk-16.15.0~dfsg/include/asterisk/extconf.h:89:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];				/*!< Name of the application */
data/asterisk-16.15.0~dfsg/include/asterisk/extconf.h:111:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char stuff[0];
data/asterisk-16.15.0~dfsg/include/asterisk/extconf.h:130:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char stuff[0];
data/asterisk-16.15.0~dfsg/include/asterisk/extconf.h:141:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char stuff[0];
data/asterisk-16.15.0~dfsg/include/asterisk/extconf.h:148:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char pattern[0];
data/asterisk-16.15.0~dfsg/include/asterisk/extconf.h:161:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];				/*!< Name of the context */
data/asterisk-16.15.0~dfsg/include/asterisk/extconf.h:237:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *incstack[AST_PBX_MAX_STACK];      /* filled during the search */
data/asterisk-16.15.0~dfsg/include/asterisk/features_config.h:248:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dtmf[AST_FEATURE_MAX_LEN];
data/asterisk-16.15.0~dfsg/include/asterisk/frame.h:179:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	union { void *ptr; uint32_t uint32; char pad[8]; } data;
data/asterisk-16.15.0~dfsg/include/asterisk/frame.h:363:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char payload[0];
data/asterisk-16.15.0~dfsg/include/asterisk/frame.h:410:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char chan_name[AST_CHANNEL_NAME];	/*!< Name of the channel that originated the cause information */
data/asterisk-16.15.0~dfsg/include/asterisk/frame.h:413:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char code[1];				/*!< Tech-specific cause code information, beginning with the name of the tech */
data/asterisk-16.15.0~dfsg/include/asterisk/indications.h:76:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char country[MAX_TONEZONE_COUNTRY];
data/asterisk-16.15.0~dfsg/include/asterisk/indications.h:82:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char description[40];
data/asterisk-16.15.0~dfsg/include/asterisk/json.h:837:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char text[AST_JSON_ERROR_TEXT_LENGTH];
data/asterisk-16.15.0~dfsg/include/asterisk/json.h:839:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char source[AST_JSON_ERROR_TEXT_LENGTH];
data/asterisk-16.15.0~dfsg/include/asterisk/lock.h:112:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *file[AST_MAX_REENTRANCY];
data/asterisk-16.15.0~dfsg/include/asterisk/lock.h:115:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *func[AST_MAX_REENTRANCY];
data/asterisk-16.15.0~dfsg/include/asterisk/lock.h:332:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char __filename[80], __func[80], __mutex_name[80]; \
data/asterisk-16.15.0~dfsg/include/asterisk/lock.h:354:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char __filename[80], __func[80], __mutex_name[80]; \
data/asterisk-16.15.0~dfsg/include/asterisk/lock.h:376:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char __filename[80], __func[80], __mutex_name[80]; \
data/asterisk-16.15.0~dfsg/include/asterisk/lock.h:410:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char __filename[80], __func[80], __mutex_name[80]; \
data/asterisk-16.15.0~dfsg/include/asterisk/manager.h:146:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *headers[AST_MAX_MANHEADERS];
data/asterisk-16.15.0~dfsg/include/asterisk/md5.h:30:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char in[64] __attribute__((aligned(__alignof__(uint32_t))));
data/asterisk-16.15.0~dfsg/include/asterisk/md5.h:36:24:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void MD5Final(unsigned char digest[16], struct MD5Context *context);
data/asterisk-16.15.0~dfsg/include/asterisk/mod_format.h:44:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[80];		/*!< Name of format */
data/asterisk-16.15.0~dfsg/include/asterisk/mod_format.h:45:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exts[80];		/*!< Extensions (separated by | if more than one)
data/asterisk-16.15.0~dfsg/include/asterisk/mod_format.h:47:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mime_types[80]; /*!< MIME Types related to the format (separated by | if more than one)*/
data/asterisk-16.15.0~dfsg/include/asterisk/mod_format.h:56:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	int (*open)(struct ast_filestream *s);
data/asterisk-16.15.0~dfsg/include/asterisk/module.h:363:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char buildopt_sum[33];
data/asterisk-16.15.0~dfsg/include/asterisk/netsock2.h:157:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dst, src, len);
data/asterisk-16.15.0~dfsg/include/asterisk/netsock2.h:174:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dst, src, src->len);
data/asterisk-16.15.0~dfsg/include/asterisk/options.h:203:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char record_cache_dir[AST_CACHE_DIR_LEN];
data/asterisk-16.15.0~dfsg/include/asterisk/pbx.h:99:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char device_name[1];
data/asterisk-16.15.0~dfsg/include/asterisk/pbx.h:1624:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *incstack[AST_PBX_MAX_STACK];      /* filled during the search */
data/asterisk-16.15.0~dfsg/include/asterisk/res_fax.h:104:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename[0];
data/asterisk-16.15.0~dfsg/include/asterisk/res_odbc.h:50:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char file[80];
data/asterisk-16.15.0~dfsg/include/asterisk/res_odbc.h:51:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char function[80];
data/asterisk-16.15.0~dfsg/include/asterisk/res_pjsip.h:335:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];
data/asterisk-16.15.0~dfsg/include/asterisk/res_pjsip.h:552:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/include/asterisk/res_pjsip_body_generator_types.h:52:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char local[PJSIP_MAX_URL_SIZE];
data/asterisk-16.15.0~dfsg/include/asterisk/res_pjsip_body_generator_types.h:54:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char remote[PJSIP_MAX_URL_SIZE];
data/asterisk-16.15.0~dfsg/include/asterisk/res_pjsip_body_generator_types.h:74:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char message_account[PJSIP_MAX_URL_SIZE];
data/asterisk-16.15.0~dfsg/include/asterisk/res_pjsip_pubsub.h:320:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *accept[AST_SIP_MAX_ACCEPT];
data/asterisk-16.15.0~dfsg/include/asterisk/res_pjsip_session.h:113:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mslabel[AST_UUID_STR_LEN];
data/asterisk-16.15.0~dfsg/include/asterisk/res_pjsip_session.h:115:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char label[AST_UUID_STR_LEN];
data/asterisk-16.15.0~dfsg/include/asterisk/res_pjsip_session.h:171:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/include/asterisk/rtp_engine.h:426:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char channel_uniqueid[MAX_CHANNEL_ID];
data/asterisk-16.15.0~dfsg/include/asterisk/sched.h:191:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *list[10];
data/asterisk-16.15.0~dfsg/include/asterisk/sha1.h:215:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char k_opad[USHA_Max_Message_Block_Size];
data/asterisk-16.15.0~dfsg/include/asterisk/sha1.h:230:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char prk[USHAMaxHashSize];
data/asterisk-16.15.0~dfsg/include/asterisk/sha1.h:327:53:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern int hkdf(SHAversion whichSha, const unsigned char *salt,
data/asterisk-16.15.0~dfsg/include/asterisk/sha1.h:328:46:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                int salt_len, const unsigned char *ikm, int ikm_len,
data/asterisk-16.15.0~dfsg/include/asterisk/sha1.h:329:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                const unsigned char *info, int info_len,
data/asterisk-16.15.0~dfsg/include/asterisk/sha1.h:331:60:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern int hkdfExtract(SHAversion whichSha, const unsigned char *salt,
data/asterisk-16.15.0~dfsg/include/asterisk/sha1.h:332:53:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                       int salt_len, const unsigned char *ikm,
data/asterisk-16.15.0~dfsg/include/asterisk/sha1.h:335:51:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                      int prk_len, const unsigned char *info,
data/asterisk-16.15.0~dfsg/include/asterisk/sha1.h:351:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                      const unsigned char *info, int info_len,
data/asterisk-16.15.0~dfsg/include/asterisk/smdi.h:52:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[SMDI_MESG_NAME_LEN];
data/asterisk-16.15.0~dfsg/include/asterisk/smdi.h:53:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fwd_st[SMDI_MAX_STATION_NUM_LEN + 1];		/* forwarding station number */
data/asterisk-16.15.0~dfsg/include/asterisk/smdi.h:54:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cause[SMDI_MWI_FAIL_CAUSE_LEN + 1];		/* the type of failure */
data/asterisk-16.15.0~dfsg/include/asterisk/smdi.h:66:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[SMDI_MESG_NAME_LEN];
data/asterisk-16.15.0~dfsg/include/asterisk/smdi.h:67:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mesg_desk_num[SMDI_MESG_DESK_NUM_LEN + 1];		/* message desk number */
data/asterisk-16.15.0~dfsg/include/asterisk/smdi.h:68:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mesg_desk_term[SMDI_MESG_DESK_TERM_LEN + 1];	/* message desk terminal */
data/asterisk-16.15.0~dfsg/include/asterisk/smdi.h:69:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fwd_st[SMDI_MAX_STATION_NUM_LEN + 1];		/* forwarding station number */
data/asterisk-16.15.0~dfsg/include/asterisk/smdi.h:70:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char calling_st[SMDI_MAX_STATION_NUM_LEN + 1];		/* calling station number */
data/asterisk-16.15.0~dfsg/include/asterisk/sorcery.h:284:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	void *(*open)(const char *data);
data/asterisk-16.15.0~dfsg/include/asterisk/stasis.h:905:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char description[0];        /*!< The description of the change to the subscription associated with the uniqueid */
data/asterisk-16.15.0~dfsg/include/asterisk/stasis_bridges.h:321:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/include/asterisk/stasis_bridges.h:323:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/include/asterisk/stasis_bridges.h:400:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char bridge[AST_UUID_STR_LEN];
data/asterisk-16.15.0~dfsg/include/asterisk/stasis_bridges.h:402:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char app[AST_MAX_APP];
data/asterisk-16.15.0~dfsg/include/asterisk/stream.h:88:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern const char *ast_stream_state_map[AST_STREAM_STATE_END];
data/asterisk-16.15.0~dfsg/include/asterisk/stringfields.h:213:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char base[0] __attribute__((aligned(__alignof__(ast_string_field_allocation)))); /*!< storage space for the fields */
data/asterisk-16.15.0~dfsg/include/asterisk/stringfields.h:496:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(* (void **) __p__, __d__, __dlen__);                                            \
data/asterisk-16.15.0~dfsg/include/asterisk/strings.h:591:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char __AST_STR_STR[0];			/*!< The string buffer */
data/asterisk-16.15.0~dfsg/include/asterisk/strings.h:794:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((*dst)->__AST_STR_STR, src->__AST_STR_STR, src->__AST_STR_USED + 1);
data/asterisk-16.15.0~dfsg/include/asterisk/tcptls.h:96:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char certhash[41];
data/asterisk-16.15.0~dfsg/include/asterisk/tcptls.h:97:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pvthash[41];
data/asterisk-16.15.0~dfsg/include/asterisk/tcptls.h:98:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cahash[41];
data/asterisk-16.15.0~dfsg/include/asterisk/tcptls.h:133:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hostname[MAXHOSTNAMELEN]; /*!< only necessary for SSL clients so we can compare to common name */
data/asterisk-16.15.0~dfsg/include/asterisk/translate.h:138:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[80];                         /*!< Name of translator */
data/asterisk-16.15.0~dfsg/include/asterisk/ulaw.h:39:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern unsigned char __ast_lin2mu[16384];
data/asterisk-16.15.0~dfsg/include/asterisk/ulaw.h:41:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern unsigned char __ast_lin2mu[AST_ULAW_TAB_SIZE];
data/asterisk-16.15.0~dfsg/include/asterisk/utils.h:210:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1024];
data/asterisk-16.15.0~dfsg/include/asterisk/utils.h:727:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char eid[6];
data/asterisk-16.15.0~dfsg/include/asterisk/vector.h:232:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(new_elems, (vec)->elems,				\
data/asterisk-16.15.0~dfsg/include/asterisk/xmpp.h:85:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char node[200];        /*!< Node string from the capabilities stanza in presence notification */
data/asterisk-16.15.0~dfsg/include/asterisk/xmpp.h:86:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char version[50];      /*!< Version string from the capabilities stanza in presence notification */
data/asterisk-16.15.0~dfsg/include/asterisk/xmpp.h:93:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char resource[XMPP_MAX_RESJIDLEN]; /*!< JID of the resource */
data/asterisk-16.15.0~dfsg/include/asterisk/xmpp.h:104:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char id[25];                           /*!< Identifier for the message */
data/asterisk-16.15.0~dfsg/include/asterisk/xmpp.h:113:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char id[XMPP_MAX_JIDLEN];        /*!< JID of the buddy */
data/asterisk-16.15.0~dfsg/include/asterisk/xmpp.h:125:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mid[6];
data/asterisk-16.15.0~dfsg/main/abstract_jb.c:195:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&jb0->timebase, &jb1->timebase, sizeof(struct timeval));
data/asterisk-16.15.0~dfsg/main/abstract_jb.c:214:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&jb1->timebase, &jb0->timebase, sizeof(struct timeval));
data/asterisk-16.15.0~dfsg/main/abstract_jb.c:420:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char logfile_pathname[20 + AST_JB_IMPL_NAME_SIZE + 2*AST_CHANNEL_NAME + 1];
data/asterisk-16.15.0~dfsg/main/abstract_jb.c:421:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name1[AST_CHANNEL_NAME], name2[AST_CHANNEL_NAME], *tmp;
data/asterisk-16.15.0~dfsg/main/abstract_jb.c:452:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char safe_logfile[30] = "/tmp/logfile-XXXXXX";
data/asterisk-16.15.0~dfsg/main/abstract_jb.c:471:13:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
		safe_fd = mkstemp(safe_logfile);
data/asterisk-16.15.0~dfsg/main/abstract_jb.c:562:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		if ((tmp = atoi(value)) > 0)
data/asterisk-16.15.0~dfsg/main/abstract_jb.c:565:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		if ((tmp = atoi(value)) > 0)
data/asterisk-16.15.0~dfsg/main/abstract_jb.c:595:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&ast_channel_jb(chan)->conf, conf, sizeof(*conf));
data/asterisk-16.15.0~dfsg/main/abstract_jb.c:601:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(conf, &ast_channel_jb((struct ast_channel *) chan)->conf, sizeof(*conf));
data/asterisk-16.15.0~dfsg/main/abstract_jb.c:1222:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&framedata->jb_conf, jb_conf, sizeof(*jb_conf));
data/asterisk-16.15.0~dfsg/main/acl.c:114:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(best_addr, &sin->sin_addr, sizeof(*best_addr));
data/asterisk-16.15.0~dfsg/main/acl.c:423:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&addr->ss, &sin6, sizeof(sin6));
data/asterisk-16.15.0~dfsg/main/acl.c:820:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char iabuf[INET_ADDRSTRLEN];
data/asterisk-16.15.0~dfsg/main/acl.c:821:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char iabuf2[INET_ADDRSTRLEN];
data/asterisk-16.15.0~dfsg/main/acl.c:899:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char srv[256];
data/asterisk-16.15.0~dfsg/main/acl.c:900:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char host[256];
data/asterisk-16.15.0~dfsg/main/acl.c:1054:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ourhost[MAXHOSTNAMELEN] = "";
data/asterisk-16.15.0~dfsg/main/acl.c:1089:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char addr[AST_SOCKADDR_BUFLEN];
data/asterisk-16.15.0~dfsg/main/alaw.c:146:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char __ast_lin2a[8192];
data/asterisk-16.15.0~dfsg/main/alaw.c:148:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char __ast_lin2a[AST_ALAW_TAB_SIZE];
data/asterisk-16.15.0~dfsg/main/aoc.c:201:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char data[0];
data/asterisk-16.15.0~dfsg/main/aoc.c:214:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char currency_name[AOC_CURRENCY_NAME_SIZE];
data/asterisk-16.15.0~dfsg/main/aoc.c:248:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data[0];
data/asterisk-16.15.0~dfsg/main/aoc.c:254:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[AOC_CURRENCY_NAME_SIZE];
data/asterisk-16.15.0~dfsg/main/aoc.c:386:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&ie, data + 2, len);
data/asterisk-16.15.0~dfsg/main/aoc.c:397:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&ie, data + 2, len);
data/asterisk-16.15.0~dfsg/main/aoc.c:406:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&ie, data + 2, len);
data/asterisk-16.15.0~dfsg/main/aoc.c:426:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&ie, data + 2, len);
data/asterisk-16.15.0~dfsg/main/aoc.c:513:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[1024];
data/asterisk-16.15.0~dfsg/main/aoc.c:531:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ied->buf + ied->pos, data, datalen);
data/asterisk-16.15.0~dfsg/main/aoc.c:677:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(encoded->data, ied.buf, ied.pos);
data/asterisk-16.15.0~dfsg/main/aoc.c:1446:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char prefix[32];
data/asterisk-16.15.0~dfsg/main/aoc.c:1515:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char prefix[32];
data/asterisk-16.15.0~dfsg/main/aoc.c:1564:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char prefix[32];
data/asterisk-16.15.0~dfsg/main/app.c:1015:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmpf[256];
data/asterisk-16.15.0~dfsg/main/app.c:1031:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fd = open(tmpf, O_RDONLY);
data/asterisk-16.15.0~dfsg/main/app.c:1507:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char comment[256];
data/asterisk-16.15.0~dfsg/main/app.c:1510:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *sfmt[AST_MAX_FORMATS];
data/asterisk-16.15.0~dfsg/main/app.c:1519:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char prependfile[PATH_MAX];
data/asterisk-16.15.0~dfsg/main/app.c:1935:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/asterisk-16.15.0~dfsg/main/app.c:1962:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char group[80] = "", category[80] = "";
data/asterisk-16.15.0~dfsg/main/app.c:2199:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(fs, O_WRONLY | O_CREAT | O_EXCL, AST_FILE_MODE);
data/asterisk-16.15.0~dfsg/main/app.c:2286:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fd = open(fs, O_WRONLY | O_CREAT, 0600)) < 0) {
data/asterisk-16.15.0~dfsg/main/app.c:2629:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten[AST_MAX_EXTENSION] = "s";
data/asterisk-16.15.0~dfsg/main/app.c:2728:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fd = open(filename, O_RDONLY)) < 0) {
data/asterisk-16.15.0~dfsg/main/app.c:3039:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char u[10];
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:314:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char extra_error_message[4095];
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:1354:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:1371:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char yyformat[sizeof yyunexpected
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:1782:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char yymsgbuf[128];
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:2682:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char s[4096];
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:2683:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char out[4096];
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:2693:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		infile = fopen(argv[1],"r");
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:2771:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char numbuf[30];
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:3058:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char workspace[512];
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:3126:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buffer[2000];
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:3421:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					v1 = atoi(a->u.s);
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:3435:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					v1 = atoi(a->u.s);
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:3558:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char errbuf[256];
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:3609:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char errbuf[256];
data/asterisk-16.15.0~dfsg/main/ast_expr2f.c:2472:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char extra_error_message[4095];
data/asterisk-16.15.0~dfsg/main/ast_expr2f.c:2589:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char spacebuf[8000]; /* best safe than sorry */
data/asterisk-16.15.0~dfsg/main/asterisk.c:351:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *_argv[256];
data/asterisk-16.15.0~dfsg/main/asterisk.c:384:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char canary_filename[128];
data/asterisk-16.15.0~dfsg/main/asterisk.c:387:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char randompool[256];
data/asterisk-16.15.0~dfsg/main/asterisk.c:449:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZ];
data/asterisk-16.15.0~dfsg/main/asterisk.c:451:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid_str[128];
data/asterisk-16.15.0~dfsg/main/asterisk.c:453:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pbx_uuid[AST_UUID_STR_LEN];
data/asterisk-16.15.0~dfsg/main/asterisk.c:857:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			min = atoi(a->argv[3]); \
data/asterisk-16.15.0~dfsg/main/asterisk.c:859:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				max = atoi(a->argv[4]); \
data/asterisk-16.15.0~dfsg/main/asterisk.c:1100:8:  [2] (race) vfork:
  On some old systems, vfork() permits race conditions, and it's very
  difficult to use correctly (CWE-362). Use fork() instead.
	pid = vfork();
data/asterisk-16.15.0~dfsg/main/asterisk.c:1118:10:  [2] (race) vfork:
  On some old systems, vfork() permits race conditions, and it's very
  difficult to use correctly (CWE-362). Use fork() instead.
			pid = vfork();
data/asterisk-16.15.0~dfsg/main/asterisk.c:1386:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hostname[MAXHOSTNAMELEN] = "";
data/asterisk-16.15.0~dfsg/main/asterisk.c:1387:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char inbuf[512];
data/asterisk-16.15.0~dfsg/main/asterisk.c:1388:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char outbuf[512];
data/asterisk-16.15.0~dfsg/main/asterisk.c:2115:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char date[40];
data/asterisk-16.15.0~dfsg/main/asterisk.c:2164:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char prefix[80];
data/asterisk-16.15.0~dfsg/main/asterisk.c:2589:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[80];
data/asterisk-16.15.0~dfsg/main/asterisk.c:2631:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[EL_BUF_SIZE];
data/asterisk-16.15.0~dfsg/main/asterisk.c:2726:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[100];
data/asterisk-16.15.0~dfsg/main/asterisk.c:2746:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char hostname[MAXHOSTNAMELEN] = "";
data/asterisk-16.15.0~dfsg/main/asterisk.c:3120:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char histfile[80] = "";
data/asterisk-16.15.0~dfsg/main/asterisk.c:3131:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char histfile[80] = "";
data/asterisk-16.15.0~dfsg/main/asterisk.c:3142:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[256] = "";
data/asterisk-16.15.0~dfsg/main/asterisk.c:3186:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		pid = atoi(cpid);
data/asterisk-16.15.0~dfsg/main/asterisk.c:3201:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char buffer[512] = "", *curline = buffer, *nextline;
data/asterisk-16.15.0~dfsg/main/asterisk.c:3442:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open("/dev/null", O_RDWR);
data/asterisk-16.15.0~dfsg/main/asterisk.c:3682:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(argv[0], "rasterisk");
data/asterisk-16.15.0~dfsg/main/asterisk.c:3723:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if (!(fd = open("/dev/null", O_RDONLY))) {
data/asterisk-16.15.0~dfsg/main/asterisk.c:3862:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char dir[PATH_MAX];
data/asterisk-16.15.0~dfsg/main/asterisk.c:3948:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pbx_uuid[AST_UUID_STR_LEN];
data/asterisk-16.15.0~dfsg/main/asterisk.c:3996:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char canary_binary[PATH_MAX], ppid[12];
data/asterisk-16.15.0~dfsg/main/asterisk.c:4023:6:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	f = fopen(ast_config_AST_PID, "w");
data/asterisk-16.15.0~dfsg/main/asterisk.c:4200:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char title[256];
data/asterisk-16.15.0~dfsg/main/asterisk.c:4201:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char hostname[MAXHOSTNAMELEN] = "";
data/asterisk-16.15.0~dfsg/main/astfd.c:54:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char file[40];
data/asterisk-16.15.0~dfsg/main/astfd.c:55:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char function[25];
data/asterisk-16.15.0~dfsg/main/astfd.c:56:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char callargs[100];
data/asterisk-16.15.0~dfsg/main/astfd.c:92:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#undef open
data/asterisk-16.15.0~dfsg/main/astfd.c:103:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		res = open(path, flags, mode);
data/asterisk-16.15.0~dfsg/main/astfd.c:105:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char sflags[80];
data/asterisk-16.15.0~dfsg/main/astfd.c:127:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		res = open(path, flags);
data/asterisk-16.15.0~dfsg/main/astfd.c:212:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sdomain[20], stype[20], *sproto = NULL;
data/asterisk-16.15.0~dfsg/main/astfd.c:263:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#undef fopen
data/asterisk-16.15.0~dfsg/main/astfd.c:266:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE *res = fopen(path, mode);
data/asterisk-16.15.0~dfsg/main/astfd.c:322:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line[24];
data/asterisk-16.15.0~dfsg/main/astfd.c:345:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char datestring[256];
data/asterisk-16.15.0~dfsg/main/astmm.c:115:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char file[64];
data/asterisk-16.15.0~dfsg/main/astmm.c:116:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char func[40];
data/asterisk-16.15.0~dfsg/main/astmm.c:134:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char data[0] __attribute__((aligned));
data/asterisk-16.15.0~dfsg/main/astmm.c:594:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(new_mem, ptr, size);
data/asterisk-16.15.0~dfsg/main/astmm.c:596:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(new_mem, ptr, len);
data/asterisk-16.15.0~dfsg/main/astmm.c:630:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ptr, s, len);
data/asterisk-16.15.0~dfsg/main/astmm.c:740:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[80];
data/asterisk-16.15.0~dfsg/main/astmm.c:778:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			strcat(buf, "byline");
data/asterisk-16.15.0~dfsg/main/astmm.c:782:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
				strcat(buf, " | ");
data/asterisk-16.15.0~dfsg/main/astmm.c:784:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			strcat(buf, "byfunc");
data/asterisk-16.15.0~dfsg/main/astmm.c:788:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
				strcat(buf, " | ");
data/asterisk-16.15.0~dfsg/main/astmm.c:790:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			strcat(buf, "byfile");
data/asterisk-16.15.0~dfsg/main/astmm.c:793:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(buf, "Off");
data/asterisk-16.15.0~dfsg/main/astmm.c:934:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char name[my_max(sizeof(reg->file), sizeof(reg->func))];
data/asterisk-16.15.0~dfsg/main/astmm.c:1536:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename[PATH_MAX];
data/asterisk-16.15.0~dfsg/main/astmm.c:1544:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	mmlog = fopen(filename, "a+");
data/asterisk-16.15.0~dfsg/main/astobj2.c:209:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char bad_magic[100];
data/asterisk-16.15.0~dfsg/main/astobj2.c:577:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char excessive_ref_buf[100];
data/asterisk-16.15.0~dfsg/main/astobj2.c:1070:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	lim = atoi(a->argv[2]);
data/asterisk-16.15.0~dfsg/main/astobj2.c:1091:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(obj, "-- this is obj %d --", i);
data/asterisk-16.15.0~dfsg/main/astobj2.c:1168:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ref_filename[1024];
data/asterisk-16.15.0~dfsg/main/astobj2.c:1172:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		ref_log = fopen(ref_filename, "w");
data/asterisk-16.15.0~dfsg/main/astobj2_container.c:891:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[1];
data/asterisk-16.15.0~dfsg/main/astobj2_hash.c:99:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char check[1 / (AO2_TRAVERSAL_STATE_SIZE / sizeof(struct hash_traversal_state))];
data/asterisk-16.15.0~dfsg/main/astobj2_rbtree.c:125:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char check[1 / (AO2_TRAVERSAL_STATE_SIZE / sizeof(struct rbtree_traversal_state))];
data/asterisk-16.15.0~dfsg/main/backtrace.c:187:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msg[MSG_BUFF_LEN];
data/asterisk-16.15.0~dfsg/main/bridge.c:144:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char builtin_features_dtmf[AST_BRIDGE_BUILTIN_END][MAXIMUM_DTMF_FEATURE_STRING];
data/asterisk-16.15.0~dfsg/main/bridge.c:392:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char data[1024];
data/asterisk-16.15.0~dfsg/main/bridge.c:787:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char uuid_hold[AST_UUID_STR_LEN];
data/asterisk-16.15.0~dfsg/main/bridge.c:4205:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char chan_name[AST_MAX_EXTENSION + AST_MAX_CONTEXT + 2];
data/asterisk-16.15.0~dfsg/main/bridge.c:5173:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char print_time[32];
data/asterisk-16.15.0~dfsg/main/bridge.c:5214:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char print_time[32];
data/asterisk-16.15.0~dfsg/main/bridge_basic.c:166:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char missing_features[strlen(features) + 1];
data/asterisk-16.15.0~dfsg/main/bridge_basic.c:371:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dtmf[AST_FEATURE_MAX_LEN];
data/asterisk-16.15.0~dfsg/main/bridge_basic.c:433:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char app_name[0];
data/asterisk-16.15.0~dfsg/main/bridge_basic.c:462:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char app_name[0];
data/asterisk-16.15.0~dfsg/main/bridge_basic.c:2606:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char destination[AST_MAX_EXTENSION + AST_MAX_CONTEXT + 2];
data/asterisk-16.15.0~dfsg/main/bridge_basic.c:3300:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char destination[AST_MAX_EXTENSION + AST_MAX_CONTEXT + 1];
data/asterisk-16.15.0~dfsg/main/bridge_basic.c:3301:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten[AST_MAX_EXTENSION] = "";
data/asterisk-16.15.0~dfsg/main/bridge_basic.c:3474:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char xfer_exten[AST_MAX_EXTENSION] = "";
data/asterisk-16.15.0~dfsg/main/bridge_channel.c:91:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char data[0];
data/asterisk-16.15.0~dfsg/main/bridge_channel.c:978:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(sync_payload->data, data, datalen);
data/asterisk-16.15.0~dfsg/main/bridge_channel.c:1257:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char app_name[0];
data/asterisk-16.15.0~dfsg/main/bridge_channel.c:1351:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char playfile[0];
data/asterisk-16.15.0~dfsg/main/bridge_channel.c:1423:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char payload[0];
data/asterisk-16.15.0~dfsg/main/bridge_channel.c:1474:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(cb_data->payload, payload, payload_size);/* Safe */
data/asterisk-16.15.0~dfsg/main/bridge_channel.c:1500:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char parkee_uuid[0];
data/asterisk-16.15.0~dfsg/main/bridge_channel.c:1765:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char check[1 / (ARRAY_LEN(bridge_channel->dtmf_hook_state.collected) == ARRAY_LEN(hook->dtmf.code))];
data/asterisk-16.15.0~dfsg/main/bridge_channel.c:1931:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/main/bridge_channel.c:1932:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/main/bridge_channel.c:1943:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char connected_line_data[1024];
data/asterisk-16.15.0~dfsg/main/bridge_channel.c:1979:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(frame_payload->payload, connected_line_data, payload_size);
data/asterisk-16.15.0~dfsg/main/bridge_channel.c:2548:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dtmf[2];
data/asterisk-16.15.0~dfsg/main/bridge_channel.c:3088:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char unbridged_chan_name[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/main/bridge_roles.c:55:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char role[AST_ROLE_LEN];
data/asterisk-16.15.0~dfsg/main/bucket.c:100:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];
data/asterisk-16.15.0~dfsg/main/bucket.c:733:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[4096];	/* XXX make it lerger. */
data/asterisk-16.15.0~dfsg/main/bucket.c:735:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((ifd = open(infile, O_RDONLY)) < 0) {
data/asterisk-16.15.0~dfsg/main/bucket.c:739:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((ofd = open(outfile, O_WRONLY | O_TRUNC | O_CREAT, AST_FILE_MODE)) < 0) {
data/asterisk-16.15.0~dfsg/main/bucket.c:904:7:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
	fd = mkstemp(file->path);
data/asterisk-16.15.0~dfsg/main/callerid.c:47:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char rawdata[256];
data/asterisk-16.15.0~dfsg/main/callerid.c:53:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[64];
data/asterisk-16.15.0~dfsg/main/callerid.c:54:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char number[64];
data/asterisk-16.15.0~dfsg/main/callerid.c:218:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		code = atoi(&cidstring[1]);
data/asterisk-16.15.0~dfsg/main/callerid.c:318:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buf, cid->oldstuff, cid->oldlen);
data/asterisk-16.15.0~dfsg/main/callerid.c:536:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(cid->oldstuff, buf, mylen * 2);
data/asterisk-16.15.0~dfsg/main/callerid.c:556:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buf, cid->oldstuff, cid->oldlen);
data/asterisk-16.15.0~dfsg/main/callerid.c:652:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
								memcpy(cid->number, cid->rawdata + x + 1, res);
data/asterisk-16.15.0~dfsg/main/callerid.c:666:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
							memcpy(cid->name, cid->rawdata + x + 1, res);
data/asterisk-16.15.0~dfsg/main/callerid.c:726:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(cid->oldstuff, buf, mylen * 2);
data/asterisk-16.15.0~dfsg/main/callerid.c:813:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msg[256];
data/asterisk-16.15.0~dfsg/main/callerid.c:908:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msg[256];
data/asterisk-16.15.0~dfsg/main/callerid.c:1033:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char tmp[256];
data/asterisk-16.15.0~dfsg/main/callerid.c:1078:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char name_buf[128];
data/asterisk-16.15.0~dfsg/main/ccss.c:170:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cc_callback_macro[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/main/ccss.c:171:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cc_callback_sub[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/main/ccss.c:172:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cc_agent_dialstring[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/main/ccss.c:293:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char device_name[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/main/ccss.c:305:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dialstring[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/main/ccss.c:1274:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char type[32];
data/asterisk-16.15.0~dfsg/main/ccss.c:1776:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char original_dialstring[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/main/ccss.c:1795:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char device_name[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/main/ccss.c:2642:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_num[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/main/ccss.c:2650:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_name[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/main/ccss.c:2658:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/main/ccss.c:2666:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/main/ccss.c:2943:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char caller[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/main/ccss.c:2998:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char debug[1];
data/asterisk-16.15.0~dfsg/main/ccss.c:3332:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dummy[1];
data/asterisk-16.15.0~dfsg/main/ccss.c:3443:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char device_name[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/main/ccss.c:3560:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dialstring_search[AST_CHANNEL_NAME + 1];
data/asterisk-16.15.0~dfsg/main/ccss.c:4153:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char device_name[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/main/ccss.c:4201:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char device_name[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/main/ccss.c:4260:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char device_name[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/main/ccss.c:4311:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char device_name[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/main/ccss.c:4563:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char core_id_str[20];
data/asterisk-16.15.0~dfsg/main/cdr.c:330:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[20];
data/asterisk-16.15.0~dfsg/main/cdr.c:331:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char desc[80];
data/asterisk-16.15.0~dfsg/main/cdr.c:714:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char userfield[AST_MAX_USER_FIELD];     /*!< Userfield for the channel */
data/asterisk-16.15.0~dfsg/main/cdr.c:1627:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char park_info[128];
data/asterisk-16.15.0~dfsg/main/cdr.c:3377:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char workspace[256];
data/asterisk-16.15.0~dfsg/main/cdr.c:4013:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char start_time_buffer[64];
data/asterisk-16.15.0~dfsg/main/cdr.c:4014:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char answer_time_buffer[64];
data/asterisk-16.15.0~dfsg/main/cdr.c:4015:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char end_time_buffer[64];
data/asterisk-16.15.0~dfsg/main/cdr.c:4076:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char clid[64];
data/asterisk-16.15.0~dfsg/main/cdr.c:4077:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char start_time_buffer[64];
data/asterisk-16.15.0~dfsg/main/cdr.c:4078:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char answer_time_buffer[64];
data/asterisk-16.15.0~dfsg/main/cdr.c:4079:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char end_time_buffer[64];
data/asterisk-16.15.0~dfsg/main/cel.c:166:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char id[0];
data/asterisk-16.15.0~dfsg/main/cel.c:174:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char uniqueid[AST_MAX_UNIQUEID];
data/asterisk-16.15.0~dfsg/main/cel.c:176:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dialstatus[0];
data/asterisk-16.15.0~dfsg/main/cel.c:305:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char * const cel_event_types[CEL_MAX_EVENT_IDS] = {
data/asterisk-16.15.0~dfsg/main/cel.c:328:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];                /*!< Name of this backend */
data/asterisk-16.15.0~dfsg/main/cel.c:665:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char timebuf[30];
data/asterisk-16.15.0~dfsg/main/channel.c:2208:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char device_name[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/main/channel.c:4374:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char causevar[256];
data/asterisk-16.15.0~dfsg/main/channel.c:4432:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char current[1024];
data/asterisk-16.15.0~dfsg/main/channel.c:4433:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char proposed[1024];
data/asterisk-16.15.0~dfsg/main/channel.c:4959:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char nothing[128];
data/asterisk-16.15.0~dfsg/main/channel.c:5901:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmpchan[256];
data/asterisk-16.15.0~dfsg/main/channel.c:5902:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char forwarder[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/main/channel.c:6852:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp_name[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/main/channel.c:7354:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[AST_CHANNEL_NAME], *dashptr;
data/asterisk-16.15.0~dfsg/main/channel.c:7448:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char offset[AST_FRIENDLY_OFFSET];
data/asterisk-16.15.0~dfsg/main/channel.c:7620:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[1];
data/asterisk-16.15.0~dfsg/main/channel.c:8002:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char num[3];
data/asterisk-16.15.0~dfsg/main/channel.c:8241:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[256];
data/asterisk-16.15.0~dfsg/main/channel.c:8319:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(data + pos, name->str, length);
data/asterisk-16.15.0~dfsg/main/channel.c:8393:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(data + pos, number->str, length);
data/asterisk-16.15.0~dfsg/main/channel.c:8467:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(data + pos, subaddress->str, length);
data/asterisk-16.15.0~dfsg/main/channel.c:8580:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(data + pos, id->tag, length);
data/asterisk-16.15.0~dfsg/main/channel.c:8733:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(data + pos, &value, sizeof(value));
data/asterisk-16.15.0~dfsg/main/channel.c:8776:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(connected->id.name.str, data + pos, ie_len);
data/asterisk-16.15.0~dfsg/main/channel.c:8809:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(connected->id.number.str, data + pos, ie_len);
data/asterisk-16.15.0~dfsg/main/channel.c:8842:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(connected->id.subaddress.str, data + pos, ie_len);
data/asterisk-16.15.0~dfsg/main/channel.c:8876:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(connected->id.tag, data + pos, ie_len);
data/asterisk-16.15.0~dfsg/main/channel.c:8895:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(connected->priv.name.str, data + pos, ie_len);
data/asterisk-16.15.0~dfsg/main/channel.c:8928:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(connected->priv.number.str, data + pos, ie_len);
data/asterisk-16.15.0~dfsg/main/channel.c:8961:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(connected->priv.subaddress.str, data + pos, ie_len);
data/asterisk-16.15.0~dfsg/main/channel.c:8995:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(connected->priv.tag, data + pos, ie_len);
data/asterisk-16.15.0~dfsg/main/channel.c:9049:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char data[1024];	/* This should be large enough */
data/asterisk-16.15.0~dfsg/main/channel.c:9062:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char data[1024];	/* This should be large enough */
data/asterisk-16.15.0~dfsg/main/channel.c:9202:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(data + pos, &value, sizeof(value));
data/asterisk-16.15.0~dfsg/main/channel.c:9213:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(data + pos, reason->str, length);
data/asterisk-16.15.0~dfsg/main/channel.c:9425:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(data + pos, &value, sizeof(value));
data/asterisk-16.15.0~dfsg/main/channel.c:9470:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(redirecting->orig.name.str, data + pos, ie_len);
data/asterisk-16.15.0~dfsg/main/channel.c:9503:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(redirecting->orig.number.str, data + pos, ie_len);
data/asterisk-16.15.0~dfsg/main/channel.c:9536:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(redirecting->orig.subaddress.str, data + pos, ie_len);
data/asterisk-16.15.0~dfsg/main/channel.c:9570:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(redirecting->orig.tag, data + pos, ie_len);
data/asterisk-16.15.0~dfsg/main/channel.c:9579:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(redirecting->from.name.str, data + pos, ie_len);
data/asterisk-16.15.0~dfsg/main/channel.c:9612:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(redirecting->from.number.str, data + pos, ie_len);
data/asterisk-16.15.0~dfsg/main/channel.c:9655:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(redirecting->from.subaddress.str, data + pos, ie_len);
data/asterisk-16.15.0~dfsg/main/channel.c:9689:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(redirecting->from.tag, data + pos, ie_len);
data/asterisk-16.15.0~dfsg/main/channel.c:9698:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(redirecting->to.name.str, data + pos, ie_len);
data/asterisk-16.15.0~dfsg/main/channel.c:9731:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(redirecting->to.number.str, data + pos, ie_len);
data/asterisk-16.15.0~dfsg/main/channel.c:9774:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(redirecting->to.subaddress.str, data + pos, ie_len);
data/asterisk-16.15.0~dfsg/main/channel.c:9808:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(redirecting->to.tag, data + pos, ie_len);
data/asterisk-16.15.0~dfsg/main/channel.c:9817:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(redirecting->priv_orig.name.str, data + pos, ie_len);
data/asterisk-16.15.0~dfsg/main/channel.c:9850:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(redirecting->priv_orig.number.str, data + pos, ie_len);
data/asterisk-16.15.0~dfsg/main/channel.c:9883:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(redirecting->priv_orig.subaddress.str, data + pos, ie_len);
data/asterisk-16.15.0~dfsg/main/channel.c:9917:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(redirecting->priv_orig.tag, data + pos, ie_len);
data/asterisk-16.15.0~dfsg/main/channel.c:9926:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(redirecting->priv_from.name.str, data + pos, ie_len);
data/asterisk-16.15.0~dfsg/main/channel.c:9959:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(redirecting->priv_from.number.str, data + pos, ie_len);
data/asterisk-16.15.0~dfsg/main/channel.c:9992:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(redirecting->priv_from.subaddress.str, data + pos, ie_len);
data/asterisk-16.15.0~dfsg/main/channel.c:10026:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(redirecting->priv_from.tag, data + pos, ie_len);
data/asterisk-16.15.0~dfsg/main/channel.c:10035:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(redirecting->priv_to.name.str, data + pos, ie_len);
data/asterisk-16.15.0~dfsg/main/channel.c:10068:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(redirecting->priv_to.number.str, data + pos, ie_len);
data/asterisk-16.15.0~dfsg/main/channel.c:10101:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(redirecting->priv_to.subaddress.str, data + pos, ie_len);
data/asterisk-16.15.0~dfsg/main/channel.c:10135:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(redirecting->priv_to.tag, data + pos, ie_len);
data/asterisk-16.15.0~dfsg/main/channel.c:10154:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(redirecting->reason.str, data + pos, ie_len);
data/asterisk-16.15.0~dfsg/main/channel.c:10173:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(redirecting->orig_reason.str, data + pos, ie_len);
data/asterisk-16.15.0~dfsg/main/channel.c:10238:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char data[1024];	/* This should be large enough */
data/asterisk-16.15.0~dfsg/main/channel.c:10251:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char data[1024];	/* This should be large enough */
data/asterisk-16.15.0~dfsg/main/channel_internal_api.c:60:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char unique_id[AST_MAX_UNIQUEID];	/*!< Unique Identifier */
data/asterisk-16.15.0~dfsg/main/channel_internal_api.c:208:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[AST_MAX_CONTEXT];			/*!< Dialplan: Current extension context */
data/asterisk-16.15.0~dfsg/main/channel_internal_api.c:209:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten[AST_MAX_EXTENSION];			/*!< Dialplan: Current extension number */
data/asterisk-16.15.0~dfsg/main/channel_internal_api.c:210:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char macrocontext[AST_MAX_CONTEXT];		/*!< Macro: Current non-macro context. See app_macro.c */
data/asterisk-16.15.0~dfsg/main/channel_internal_api.c:211:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char macroexten[AST_MAX_EXTENSION];		/*!< Macro: Current non-macro extension. See app_macro.c */
data/asterisk-16.15.0~dfsg/main/channel_internal_api.c:764:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char call_identifier_from[AST_CALLID_BUFFER_LENGTH];
data/asterisk-16.15.0~dfsg/main/channel_internal_api.c:765:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char call_identifier_to[AST_CALLID_BUFFER_LENGTH];
data/asterisk-16.15.0~dfsg/main/channel_internal_api.c:1258:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ao2_cause_code, cause_code, datalen);
data/asterisk-16.15.0~dfsg/main/cli.c:101:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char module[0];
data/asterisk-16.15.0~dfsg/main/cli.c:368:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char next[13];
data/asterisk-16.15.0~dfsg/main/cli.c:409:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char was_buf[30];
data/asterisk-16.15.0~dfsg/main/cli.c:435:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char now_buf[30];
data/asterisk-16.15.0~dfsg/main/cli.c:1127:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char durbuf[16] = "-";
data/asterisk-16.15.0~dfsg/main/cli.c:1162:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char locbuf[40] = "(None)";
data/asterisk-16.15.0~dfsg/main/cli.c:1163:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char appdata[40] = "(None)";
data/asterisk-16.15.0~dfsg/main/cli.c:1326:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char command[AST_MAX_ARGS] = "";
data/asterisk-16.15.0~dfsg/main/cli.c:1619:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cdrtime[256];
data/asterisk-16.15.0~dfsg/main/cli.c:1630:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char callid_buf[32];
data/asterisk-16.15.0~dfsg/main/cli.c:1677:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(cdrtime, "N/A");
data/asterisk-16.15.0~dfsg/main/cli.c:2058:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[80];
data/asterisk-16.15.0~dfsg/main/cli.c:2371:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char cmdline[80];
data/asterisk-16.15.0~dfsg/main/cli.c:2374:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *myargv[AST_MAX_CMD_LEN] = { NULL, };
data/asterisk-16.15.0~dfsg/main/cli.c:2533:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char matchstr[80] = "";
data/asterisk-16.15.0~dfsg/main/cli.c:2563:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fullcmd[80];
data/asterisk-16.15.0~dfsg/main/cli.c:2840:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *argv[AST_MAX_ARGS];
data/asterisk-16.15.0~dfsg/main/cli.c:2845:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char matchstr[80] = "";
data/asterisk-16.15.0~dfsg/main/cli.c:2950:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *args[AST_MAX_ARGS + 1];
data/asterisk-16.15.0~dfsg/main/cli.c:2954:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[AST_MAX_ARGS + 1];
data/asterisk-16.15.0~dfsg/main/cli.c:3015:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cmd[512];
data/asterisk-16.15.0~dfsg/main/config.c:87:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cmt[0];
data/asterisk-16.15.0~dfsg/main/config.c:94:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char include[0];
data/asterisk-16.15.0~dfsg/main/config.c:111:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename[0];
data/asterisk-16.15.0~dfsg/main/config.c:138:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(s, str, len);
data/asterisk-16.15.0~dfsg/main/config.c:211:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char stuff[0];
data/asterisk-16.15.0~dfsg/main/config.c:220:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[80]; /* redundant? */
data/asterisk-16.15.0~dfsg/main/config.c:226:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[80];
data/asterisk-16.15.0~dfsg/main/config.c:1751:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exec_file[512];
data/asterisk-16.15.0~dfsg/main/config.c:1860:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char real_inclusion_name[256];
data/asterisk-16.15.0~dfsg/main/config.c:1924:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char cmd[1024];
data/asterisk-16.15.0~dfsg/main/config.c:2044:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256];
data/asterisk-16.15.0~dfsg/main/config.c:2046:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[512];
data/asterisk-16.15.0~dfsg/main/config.c:2048:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[8192];
data/asterisk-16.15.0~dfsg/main/config.c:2199:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
				if (!(f = fopen(fn, "r"))) {
data/asterisk-16.15.0~dfsg/main/config.c:2401:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char date[256]="";
data/asterisk-16.15.0~dfsg/main/config.c:2558:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[PATH_MAX];
data/asterisk-16.15.0~dfsg/main/config.c:2603:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			f = fopen(fn, "w");
data/asterisk-16.15.0~dfsg/main/config.c:2620:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		(f = fopen(fn, "w+"))
data/asterisk-16.15.0~dfsg/main/config.c:2622:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		(f = fopen(fn, "w"))
data/asterisk-16.15.0~dfsg/main/config.c:2639:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			f = fopen(fn, "a");
data/asterisk-16.15.0~dfsg/main/config.c:2744:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
				f = fopen(fn, "a");
data/asterisk-16.15.0~dfsg/main/config.c:2776:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char escaped[escaped_len];
data/asterisk-16.15.0~dfsg/main/config.c:2825:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			f = fopen(fn, "a");
data/asterisk-16.15.0~dfsg/main/config.c:2931:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[512];
data/asterisk-16.15.0~dfsg/main/config.c:2954:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		if (!textpri || !(pri = atoi(textpri))) {
data/asterisk-16.15.0~dfsg/main/config.c:3114:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char db[256];
data/asterisk-16.15.0~dfsg/main/config.c:3115:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char table[256];
data/asterisk-16.15.0~dfsg/main/config.c:3269:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char db[256];
data/asterisk-16.15.0~dfsg/main/config.c:3270:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char table[256];
data/asterisk-16.15.0~dfsg/main/config.c:3385:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char db[256];
data/asterisk-16.15.0~dfsg/main/config.c:3386:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char table[256];
data/asterisk-16.15.0~dfsg/main/config.c:3409:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char db[256];
data/asterisk-16.15.0~dfsg/main/config.c:3410:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char table[256];
data/asterisk-16.15.0~dfsg/main/config.c:3429:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char db[256];
data/asterisk-16.15.0~dfsg/main/config.c:3430:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char table[256];
data/asterisk-16.15.0~dfsg/main/config.c:3472:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char db[256];
data/asterisk-16.15.0~dfsg/main/config.c:3473:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char table[256];
data/asterisk-16.15.0~dfsg/main/config.c:3509:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char db[256];
data/asterisk-16.15.0~dfsg/main/config.c:3510:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char table[256];
data/asterisk-16.15.0~dfsg/main/config.c:3553:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char db[256];
data/asterisk-16.15.0~dfsg/main/config.c:3554:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char table[256];
data/asterisk-16.15.0~dfsg/main/config.c:3590:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char db[256];
data/asterisk-16.15.0~dfsg/main/config.c:3591:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char table[256];
data/asterisk-16.15.0~dfsg/main/config_options.c:176:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[len];
data/asterisk-16.15.0~dfsg/main/config_options.c:1222:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char option_type[64];
data/asterisk-16.15.0~dfsg/main/config_options.c:1274:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char option_name[64];
data/asterisk-16.15.0~dfsg/main/core_local.c:236:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/main/core_local.c:238:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/main/core_unreal.c:485:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char frame_data[1024];
data/asterisk-16.15.0~dfsg/main/core_unreal.c:1093:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(uniqueid2, ";2");/* Safe */
data/asterisk-16.15.0~dfsg/main/crypt.c:192:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char salt[MAX_SALT_LEN] = {};
data/asterisk-16.15.0~dfsg/main/datastore.c:141:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char uuid_buf[AST_UUID_STR_LEN];
data/asterisk-16.15.0~dfsg/main/db.c:248:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(dbname, ".sqlite3");
data/asterisk-16.15.0~dfsg/main/db.c:329:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fullkey[MAX_DB_FIELD];
data/asterisk-16.15.0~dfsg/main/db.c:376:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fullkey[MAX_DB_FIELD];
data/asterisk-16.15.0~dfsg/main/db.c:431:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fullkey[MAX_DB_FIELD];
data/asterisk-16.15.0~dfsg/main/db.c:460:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char prefix[MAX_DB_FIELD];
data/asterisk-16.15.0~dfsg/main/db.c:517:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(cur->data, value, value_len + 1);
data/asterisk-16.15.0~dfsg/main/db.c:518:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(cur->key, key, key_len + 1);
data/asterisk-16.15.0~dfsg/main/db.c:533:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char prefix[MAX_DB_FIELD];
data/asterisk-16.15.0~dfsg/main/db.c:573:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char prefix[MAX_DB_FIELD];
data/asterisk-16.15.0~dfsg/main/db.c:638:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[MAX_DB_FIELD];
data/asterisk-16.15.0~dfsg/main/db.c:727:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char prefix[MAX_DB_FIELD];
data/asterisk-16.15.0~dfsg/main/db.c:911:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char idText[256];
data/asterisk-16.15.0~dfsg/main/db.c:914:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[MAX_DB_FIELD];
data/asterisk-16.15.0~dfsg/main/devicestate.c:192:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char label[40];
data/asterisk-16.15.0~dfsg/main/devicestate.c:203:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char device[1];
data/asterisk-16.15.0~dfsg/main/devicestate.c:290:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char match[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/main/devicestate.c:512:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/main/dial.c:85:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char app[AST_MAX_APP]; /*!< Application name */
data/asterisk-16.15.0~dfsg/main/dial.c:454:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char forwarder[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/main/dial.c:522:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char destination[AST_MAX_CONTEXT + AST_MAX_EXTENSION + 1];
data/asterisk-16.15.0~dfsg/main/dns.c:500:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char answer[MAX_SIZE];
data/asterisk-16.15.0~dfsg/main/dns.c:543:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char dns_response[MAX_SIZE];
data/asterisk-16.15.0~dfsg/main/dns_core.c:401:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			in_port = htons(atoi(port));
data/asterisk-16.15.0~dfsg/main/dns_core.c:413:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&sin6.sin6_addr, data, data_size);
data/asterisk-16.15.0~dfsg/main/dns_core.c:415:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&address->ss, &sin6, sizeof(sin6));
data/asterisk-16.15.0~dfsg/main/dns_core.c:423:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&sin4.sin_addr, data, data_size);
data/asterisk-16.15.0~dfsg/main/dns_core.c:425:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&address->ss, &sin4, sizeof(sin4));
data/asterisk-16.15.0~dfsg/main/dns_core.c:495:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buf_ptr, answer, answer_size); /* SAFE */
data/asterisk-16.15.0~dfsg/main/dns_core.c:578:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(record->data_ptr, data, size);
data/asterisk-16.15.0~dfsg/main/dns_naptr.c:278:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pattern_str[pattern_size + 1];
data/asterisk-16.15.0~dfsg/main/dns_naptr.c:283:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pattern_str, pattern, pattern_size);
data/asterisk-16.15.0~dfsg/main/dns_naptr.c:392:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char replacement[256] = "";
data/asterisk-16.15.0~dfsg/main/dns_srv.c:51:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char host[NI_MAXHOST] = "";
data/asterisk-16.15.0~dfsg/main/dns_test.c:68:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buf, DNS_HEADER, ARRAY_LEN(DNS_HEADER));
data/asterisk-16.15.0~dfsg/main/dns_test.c:70:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&buf[6], &net_num_records, sizeof(num_records));
data/asterisk-16.15.0~dfsg/main/dns_test.c:104:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buf, DNS_QUESTION, ARRAY_LEN(DNS_QUESTION));
data/asterisk-16.15.0~dfsg/main/dns_test.c:139:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buf, NAPTR_ANSWER, ARRAY_LEN(NAPTR_ANSWER));
data/asterisk-16.15.0~dfsg/main/dns_test.c:142:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&buf[6], &net_ttl, sizeof(int));
data/asterisk-16.15.0~dfsg/main/dns_test.c:173:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&buf[1], string->val, strlen(string->val));
data/asterisk-16.15.0~dfsg/main/dns_test.c:239:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ptr, &net_rdlength, 2);
data/asterisk-16.15.0~dfsg/main/dns_txt.c:105:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(s, &data[1], bytes);
data/asterisk-16.15.0~dfsg/main/dnsmgr.c:82:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[1];
data/asterisk-16.15.0~dfsg/main/dsp.c:305:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char digits[MAX_DTMF_DIGITS + 1];
data/asterisk-16.15.0~dfsg/main/ecdisa.h:3:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char ecdisa[80] = {
data/asterisk-16.15.0~dfsg/main/enum.c:91:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ienum_branchlabel[32] = "i";
data/asterisk-16.15.0~dfsg/main/enum.c:119:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char digits[3] = "";
data/asterisk-16.15.0~dfsg/main/enum.c:146:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char txt[1024];		/* TXT record in TXT lookup */
data/asterisk-16.15.0~dfsg/main/enum.c:204:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char domain[128] = "";
data/asterisk-16.15.0~dfsg/main/enum.c:234:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		ret = atoi(context.txt);
data/asterisk-16.15.0~dfsg/main/enum.c:249:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char separator[256];		/* label to insert */
data/asterisk-16.15.0~dfsg/main/enum.c:251:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char apex[256];			/* new Apex */
data/asterisk-16.15.0~dfsg/main/enum.c:333:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char domain[128] = "";
data/asterisk-16.15.0~dfsg/main/enum.c:391:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(data, src, len);
data/asterisk-16.15.0~dfsg/main/enum.c:399:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tech_return[80];
data/asterisk-16.15.0~dfsg/main/enum.c:401:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char flags[512] = "";
data/asterisk-16.15.0~dfsg/main/enum.c:402:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char services[512] = "";
data/asterisk-16.15.0~dfsg/main/enum.c:404:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char regexp[512] = "";
data/asterisk-16.15.0~dfsg/main/enum.c:405:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char repl[512] = "";
data/asterisk-16.15.0~dfsg/main/enum.c:406:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tempdst[512] = "";
data/asterisk-16.15.0~dfsg/main/enum.c:407:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char errbuff[512] = "";
data/asterisk-16.15.0~dfsg/main/enum.c:568:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(d, (naptrinput + (int) pmatch[matchindex].rm_so), size);  /* copy input substring into backreference marker */
data/asterisk-16.15.0~dfsg/main/enum.c:634:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&c->naptr_rrs[c->naptr_rrs_count].naptr, answer, sizeof(c->naptr_rrs->naptr));
data/asterisk-16.15.0~dfsg/main/enum.c:652:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[512];
data/asterisk-16.15.0~dfsg/main/enum.c:653:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char domain[256];
data/asterisk-16.15.0~dfsg/main/enum.c:654:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char left[128];
data/asterisk-16.15.0~dfsg/main/enum.c:655:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char middle[128];
data/asterisk-16.15.0~dfsg/main/enum.c:656:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char naptrinput[128];
data/asterisk-16.15.0~dfsg/main/enum.c:657:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char apex[128] = "";
data/asterisk-16.15.0~dfsg/main/enum.c:777:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char cc[8];
data/asterisk-16.15.0~dfsg/main/enum.c:778:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char sep[256], n_apex[256];
data/asterisk-16.15.0~dfsg/main/enum.c:986:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(dst, &suffix[1], suffix_length);
data/asterisk-16.15.0~dfsg/main/enum.c:988:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(dst, suffix, suffix_length + 1);
data/asterisk-16.15.0~dfsg/main/event.c:57:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char ie_payload[0];
data/asterisk-16.15.0~dfsg/main/event.c:67:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char str[1];
data/asterisk-16.15.0~dfsg/main/event.c:87:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char payload[0];
data/asterisk-16.15.0~dfsg/main/event.c:109:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char * const event_names[AST_EVENT_TOTAL] = {
data/asterisk-16.15.0~dfsg/main/event.c:395:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ie->ie_payload, data, data_len);
data/asterisk-16.15.0~dfsg/main/event.c:447:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(ie_value->payload.raw, data, datalen);
data/asterisk-16.15.0~dfsg/main/features.c:269:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(df_copy, df, sizeof(*df));
data/asterisk-16.15.0~dfsg/main/features.c:763:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[256];
data/asterisk-16.15.0~dfsg/main/features.c:891:22:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	config->timelimit = atol(limit_str);
data/asterisk-16.15.0~dfsg/main/features.c:893:26:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		config->play_warning = atol(warning_str);
data/asterisk-16.15.0~dfsg/main/features.c:895:26:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		config->warning_freq = atol(warnfreq_str);
data/asterisk-16.15.0~dfsg/main/features.c:1005:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *opt_args[OPT_ARG_ARRAY_SIZE];
data/asterisk-16.15.0~dfsg/main/file.c:274:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[4096];	/* XXX make it lerger. */
data/asterisk-16.15.0~dfsg/main/file.c:276:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((ifd = open(infile, O_RDONLY)) < 0) {
data/asterisk-16.15.0~dfsg/main/file.c:280:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((ofd = open(outfile, O_WRONLY | O_TRUNC | O_CREAT, AST_FILE_MODE)) < 0) {
data/asterisk-16.15.0~dfsg/main/file.c:474:40:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (mode == WRAP_OPEN && (openfn = f->open) && openfn(s))
data/asterisk-16.15.0~dfsg/main/file.c:523:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char storage[strlen(f->exts) + 1];
data/asterisk-16.15.0~dfsg/main/file.c:560:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
				if ( (bfile = fopen(fn, "r")) == NULL) {
data/asterisk-16.15.0~dfsg/main/file.c:1331:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		bfile = fopen(fn, "r");
data/asterisk-16.15.0~dfsg/main/file.c:1401:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fd = open(fn, flags | myflags, mode);
data/asterisk-16.15.0~dfsg/main/file.c:1432:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			fd = open(fn, flags | myflags, mode);
data/asterisk-16.15.0~dfsg/main/file.c:1635:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					const char exten[2] = { fr->subclass.integer, '\0' };
data/asterisk-16.15.0~dfsg/main/file.c:1829:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *fmts_str[AST_MAX_FORMATS];
data/asterisk-16.15.0~dfsg/main/fixedjitterbuf.c:93:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(frame, fr, sizeof(struct fixed_jb_frame));
data/asterisk-16.15.0~dfsg/main/fixedjitterbuf.c:108:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&jb->conf, conf, sizeof(struct fixed_jb_conf));
data/asterisk-16.15.0~dfsg/main/format.c:61:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char codec[0];
data/asterisk-16.15.0~dfsg/main/frame.c:282:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(newdata, fr->data.ptr, fr->datalen);
data/asterisk-16.15.0~dfsg/main/frame.c:364:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(out->data.ptr, f->data.ptr, out->datalen);
data/asterisk-16.15.0~dfsg/main/frame.c:713:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ftype[40] = "Unknown Frametype";
data/asterisk-16.15.0~dfsg/main/frame.c:714:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cft[80];
data/asterisk-16.15.0~dfsg/main/frame.c:715:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char subclass[40] = "Unknown Subclass";
data/asterisk-16.15.0~dfsg/main/frame.c:716:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char csub[80];
data/asterisk-16.15.0~dfsg/main/frame.c:717:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char moreinfo[40] = "";
data/asterisk-16.15.0~dfsg/main/frame.c:718:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cn[60];
data/asterisk-16.15.0~dfsg/main/frame.c:719:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cp[40];
data/asterisk-16.15.0~dfsg/main/frame.c:720:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cmn[40];
data/asterisk-16.15.0~dfsg/main/http.c:104:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char http_server_name[MAX_SERVER_NAME_LENGTH];
data/asterisk-16.15.0~dfsg/main/http.c:141:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char prefix[MAX_PREFIX];
data/asterisk-16.15.0~dfsg/main/http.c:172:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char target[0];
data/asterisk-16.15.0~dfsg/main/http.c:248:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char wkspace[80];
data/asterisk-16.15.0~dfsg/main/http.c:255:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char timebuf[80], etag[23];
data/asterisk-16.15.0~dfsg/main/http.c:311:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(path, O_RDONLY);
data/asterisk-16.15.0~dfsg/main/http.c:463:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char timebuf[80];
data/asterisk-16.15.0~dfsg/main/http.c:464:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[256];
data/asterisk-16.15.0~dfsg/main/http.c:570:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char server_name[MAX_SERVER_NAME_LENGTH];
data/asterisk-16.15.0~dfsg/main/http.c:1044:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char header_line[MAX_HTTP_LINE_LENGTH];
data/asterisk-16.15.0~dfsg/main/http.c:1072:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char chunk_sync[2];
data/asterisk-16.15.0~dfsg/main/http.c:1102:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char header_line[MAX_HTTP_LINE_LENGTH];
data/asterisk-16.15.0~dfsg/main/http.c:1585:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char decoded[256] = {};
data/asterisk-16.15.0~dfsg/main/http.c:1679:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(buf_end, p, s - p);
data/asterisk-16.15.0~dfsg/main/http.c:1761:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char header_line[MAX_HTTP_LINE_LENGTH];
data/asterisk-16.15.0~dfsg/main/http.c:1849:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char request_line[MAX_HTTP_LINE_LENGTH];
data/asterisk-16.15.0~dfsg/main/http.c:2084:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char newprefix[MAX_PREFIX] = "";
data/asterisk-16.15.0~dfsg/main/http.c:2085:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char server_name[MAX_SERVER_NAME_LENGTH];
data/asterisk-16.15.0~dfsg/main/image.c:104:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[256];
data/asterisk-16.15.0~dfsg/main/image.c:105:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[80];
data/asterisk-16.15.0~dfsg/main/image.c:139:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fd = open(buf, O_RDONLY);
data/asterisk-16.15.0~dfsg/main/indications.c:110:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char offset[AST_FRIENDLY_OFFSET];
data/asterisk-16.15.0~dfsg/main/indications.c:905:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1024];
data/asterisk-16.15.0~dfsg/main/indications.c:915:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		if (!isdigit(ring[0]) || (value = atoi(ring)) == -1) {
data/asterisk-16.15.0~dfsg/main/iostream.c:48:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char rbuf[2048];
data/asterisk-16.15.0~dfsg/main/iostream.c:171:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char err[256];
data/asterisk-16.15.0~dfsg/main/iostream.c:291:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(buffer, stream->rbufhead, r);
data/asterisk-16.15.0~dfsg/main/iostream.c:325:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(buffer + accum_size, stream->rbufhead, stream->rbuflen);
data/asterisk-16.15.0~dfsg/main/iostream.c:349:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffer + accum_size, stream->rbufhead, len);
data/asterisk-16.15.0~dfsg/main/iostream.c:359:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1024];
data/asterisk-16.15.0~dfsg/main/iostream.c:404:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char err[256];
data/asterisk-16.15.0~dfsg/main/iostream.c:493:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sbuf[512], *buf = sbuf;
data/asterisk-16.15.0~dfsg/main/iostream.c:551:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char err[256];
data/asterisk-16.15.0~dfsg/main/iostream.c:645:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char err[256];
data/asterisk-16.15.0~dfsg/main/json.c:651:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[AST_ISO8601_LEN];
data/asterisk-16.15.0~dfsg/main/loader.c:138:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char buildopt_sum[33] = AST_BUILDOPT_SUM;
data/asterisk-16.15.0~dfsg/main/loader.c:164:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];
data/asterisk-16.15.0~dfsg/main/loader.c:331:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char resource[0];
data/asterisk-16.15.0~dfsg/main/loader.c:633:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char module[0];
data/asterisk-16.15.0~dfsg/main/loader.c:876:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[256]; /* large enough so we don't have to worry */
data/asterisk-16.15.0~dfsg/main/loader.c:879:10:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		pos += sprintf(buf + pos, " %02hhx", *d++);
data/asterisk-16.15.0~dfsg/main/loader.c:901:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char digest[16];
data/asterisk-16.15.0~dfsg/main/loader.c:991:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[PATH_MAX] = "";
data/asterisk-16.15.0~dfsg/main/loader.c:1155:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[PATH_MAX];
data/asterisk-16.15.0~dfsg/main/loader.c:1554:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char res_buffer[8];
data/asterisk-16.15.0~dfsg/main/loader.c:1678:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/asterisk-16.15.0~dfsg/main/logger.c:77:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char dateformat[256] = "%b %e %T";		/* Original Asterisk Format */
data/asterisk-16.15.0~dfsg/main/logger.c:79:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char queue_log_name[256] = QUEUELOG;
data/asterisk-16.15.0~dfsg/main/logger.c:80:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char exec_after_rotate[256] = "";
data/asterisk-16.15.0~dfsg/main/logger.c:110:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char hostname[MAXHOSTNAMELEN];
data/asterisk-16.15.0~dfsg/main/logger.c:145:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename[PATH_MAX];
data/asterisk-16.15.0~dfsg/main/logger.c:153:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char components[0];
data/asterisk-16.15.0~dfsg/main/logger.c:204:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *levels[NUMLOGLEVELS] = {
data/asterisk-16.15.0~dfsg/main/logger.c:261:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char call_identifier_str[13];
data/asterisk-16.15.0~dfsg/main/logger.c:365:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char call_identifier_str[13];
data/asterisk-16.15.0~dfsg/main/logger.c:388:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char linestr[32];
data/asterisk-16.15.0~dfsg/main/logger.c:429:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char call_identifier_str[13];
data/asterisk-16.15.0~dfsg/main/logger.c:430:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char linestr[32];
data/asterisk-16.15.0~dfsg/main/logger.c:601:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename[PATH_MAX];
data/asterisk-16.15.0~dfsg/main/logger.c:621:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char datestring[256];
data/asterisk-16.15.0~dfsg/main/logger.c:655:25:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if (!(chan->fileptr = fopen(chan->filename, "a"))) {
data/asterisk-16.15.0~dfsg/main/logger.c:869:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char qlog_msg[8192];
data/asterisk-16.15.0~dfsg/main/logger.c:871:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char time_str[30];
data/asterisk-16.15.0~dfsg/main/logger.c:946:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char old[PATH_MAX];
data/asterisk-16.15.0~dfsg/main/logger.c:947:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char new[PATH_MAX];
data/asterisk-16.15.0~dfsg/main/logger.c:949:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *suffixes[4] = { "", ".gz", ".bz2", ".Z" };
data/asterisk-16.15.0~dfsg/main/logger.c:958:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			fd = open(new, O_RDONLY);
data/asterisk-16.15.0~dfsg/main/logger.c:986:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
				fd = open(new, O_RDONLY);
data/asterisk-16.15.0~dfsg/main/logger.c:1002:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
				fd = open(old, O_RDONLY);
data/asterisk-16.15.0~dfsg/main/logger.c:1028:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[512];
data/asterisk-16.15.0~dfsg/main/logger.c:1086:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char qfname[PATH_MAX];
data/asterisk-16.15.0~dfsg/main/logger.c:1103:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	qlog = fopen(qfname, "a");
data/asterisk-16.15.0~dfsg/main/logger.c:1233:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename[PATH_MAX];
data/asterisk-16.15.0~dfsg/main/logger.c:1553:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZ];
data/asterisk-16.15.0~dfsg/main/logger.c:1661:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char datestring[256];
data/asterisk-16.15.0~dfsg/main/logger.c:1786:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char qfname[PATH_MAX];
data/asterisk-16.15.0~dfsg/main/logger.c:1799:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		qlog = fopen(qfname, "a");
data/asterisk-16.15.0~dfsg/main/logger_category.c:29:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];
data/asterisk-16.15.0~dfsg/main/logger_category.c:180:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char name[len];
data/asterisk-16.15.0~dfsg/main/manager.c:1465:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eventdata[1];	/*!< really variable size, allocated by append_event() */
data/asterisk-16.15.0~dfsg/main/manager.c:1484:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char global_realm[MAXHOSTNAMELEN];	/*!< Default realm */
data/asterisk-16.15.0~dfsg/main/manager.c:1525:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *words[AST_MAX_CMD_LEN];
data/asterisk-16.15.0~dfsg/main/manager.c:1592:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char username[80];	/*!< Logged in username */
data/asterisk-16.15.0~dfsg/main/manager.c:1593:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char challenge[10];	/*!< Authentication challenge */
data/asterisk-16.15.0~dfsg/main/manager.c:1597:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char inbuf[1025];	/*!< Buffer -  we use the extra byte to add a '\\0' and simplify parsing */
data/asterisk-16.15.0~dfsg/main/manager.c:1645:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char username[80];
data/asterisk-16.15.0~dfsg/main/manager.c:2166:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		return atoi(string);
data/asterisk-16.15.0~dfsg/main/manager.c:2348:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char syntax_title[64], description_title[64], synopsis_title[64], seealso_title[64];
data/asterisk-16.15.0~dfsg/main/manager.c:2349:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char arguments_title[64], privilege_title[64], final_response_title[64], list_responses_title[64];
data/asterisk-16.15.0~dfsg/main/manager.c:3287:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char session_id[32];
data/asterisk-16.15.0~dfsg/main/manager.c:3312:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char session_id[32];
data/asterisk-16.15.0~dfsg/main/manager.c:3337:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char session_id[32];
data/asterisk-16.15.0~dfsg/main/manager.c:3362:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char session_id[32];
data/asterisk-16.15.0~dfsg/main/manager.c:3387:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char session_id[32];
data/asterisk-16.15.0~dfsg/main/manager.c:3388:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char request_type[64];
data/asterisk-16.15.0~dfsg/main/manager.c:3416:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char session_id[32];
data/asterisk-16.15.0~dfsg/main/manager.c:3417:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char request_type[64];
data/asterisk-16.15.0~dfsg/main/manager.c:3446:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char session_id[32];
data/asterisk-16.15.0~dfsg/main/manager.c:3475:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char session_id[32];
data/asterisk-16.15.0~dfsg/main/manager.c:3532:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char md5key[256] = "";
data/asterisk-16.15.0~dfsg/main/manager.c:3534:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			unsigned char digest[16];
data/asterisk-16.15.0~dfsg/main/manager.c:3541:12:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				len += sprintf(md5key + len, "%02hhx", digest[x]);
data/asterisk-16.15.0~dfsg/main/manager.c:3822:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hdr[40];
data/asterisk-16.15.0~dfsg/main/manager.c:3873:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char copy[strlen(options) + 1];
data/asterisk-16.15.0~dfsg/main/manager.c:4196:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fd = open(ast_str_buffer(filepath), O_CREAT | O_EXCL, AST_FILE_MODE)) != -1) {
data/asterisk-16.15.0~dfsg/main/manager.c:4213:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char idText[256];
data/asterisk-16.15.0~dfsg/main/manager.c:4348:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char id_text[256];
data/asterisk-16.15.0~dfsg/main/manager.c:4467:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char idText[256];
data/asterisk-16.15.0~dfsg/main/manager.c:4616:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char workspace[1024];
data/asterisk-16.15.0~dfsg/main/manager.c:4702:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char valbuf[512], *ret = NULL;
data/asterisk-16.15.0~dfsg/main/manager.c:4788:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char id_text[256];
data/asterisk-16.15.0~dfsg/main/manager.c:4880:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(obj->payload, payload, payload_size);
data/asterisk-16.15.0~dfsg/main/manager.c:4975:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[256];
data/asterisk-16.15.0~dfsg/main/manager.c:5170:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char feature_code[AST_FEATURE_MAX_LEN];
data/asterisk-16.15.0~dfsg/main/manager.c:5262:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *cmd_words[AST_MAX_CMD_LEN] = { NULL, };
data/asterisk-16.15.0~dfsg/main/manager.c:5313:12:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
	if ((fd = mkstemp(template)) < 0) {
data/asterisk-16.15.0~dfsg/main/manager.c:5419:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char requested_channel[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/main/manager.c:5749:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/asterisk-16.15.0~dfsg/main/manager.c:5750:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp2[256];
data/asterisk-16.15.0~dfsg/main/manager.c:5831:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char error_buf[64];
data/asterisk-16.15.0~dfsg/main/manager.c:5978:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hint[256];
data/asterisk-16.15.0~dfsg/main/manager.c:6279:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char idText[150];
data/asterisk-16.15.0~dfsg/main/manager.c:6321:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char idText[150];
data/asterisk-16.15.0~dfsg/main/manager.c:6322:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char startuptime[150], startupdate[150];
data/asterisk-16.15.0~dfsg/main/manager.c:6323:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char reloadtime[150], reloaddate[150];
data/asterisk-16.15.0~dfsg/main/manager.c:6393:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char idText[256];
data/asterisk-16.15.0~dfsg/main/manager.c:6417:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char durbuf[16] = "";
data/asterisk-16.15.0~dfsg/main/manager.c:6480:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char idText[256];
data/asterisk-16.15.0~dfsg/main/manager.c:6481:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename[PATH_MAX];
data/asterisk-16.15.0~dfsg/main/manager.c:6710:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[512];
data/asterisk-16.15.0~dfsg/main/manager.c:6860:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char header_buf[sizeof(s->session->inbuf)] = { '\0' };
data/asterisk-16.15.0~dfsg/main/manager.c:7296:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hint[512];
data/asterisk-16.15.0~dfsg/main/manager.c:7647:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[256];
data/asterisk-16.15.0~dfsg/main/manager.c:7669:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(dst, "&lt;");
data/asterisk-16.15.0~dfsg/main/manager.c:7674:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(dst, "&gt;");
data/asterisk-16.15.0~dfsg/main/manager.c:7679:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(dst, "&quot;");
data/asterisk-16.15.0~dfsg/main/manager.c:7684:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(dst, "&apos;");
data/asterisk-16.15.0~dfsg/main/manager.c:7689:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(dst, "&amp;");
data/asterisk-16.15.0~dfsg/main/manager.c:7976:7:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
	fd = mkstemp(template);	/* create a temporary file for command output */
data/asterisk-16.15.0~dfsg/main/manager.c:8146:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char resp_hash[256]="";
data/asterisk-16.15.0~dfsg/main/manager.c:8148:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char u_username[80];
data/asterisk-16.15.0~dfsg/main/manager.c:8212:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char a2_hash[33];
data/asterisk-16.15.0~dfsg/main/manager.c:8213:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char resp[256];
data/asterisk-16.15.0~dfsg/main/manager.c:8326:7:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
	fd = mkstemp(template);	/* create a temporary file for command output */
data/asterisk-16.15.0~dfsg/main/manager.c:8801:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char syntax_title[64], description_title[64], synopsis_title[64], seealso_title[64], arguments_title[64];
data/asterisk-16.15.0~dfsg/main/manager.c:9159:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char a1[256];
data/asterisk-16.15.0~dfsg/main/manager.c:9160:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char a1_hash[256];
data/asterisk-16.15.0~dfsg/main/manager.c:9328:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			newhttptimeout = atoi(val);
data/asterisk-16.15.0~dfsg/main/manager.c:9330:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			int timeout = atoi(var->value);
data/asterisk-16.15.0~dfsg/main/manager.c:9338:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			int limit = atoi(var->value);
data/asterisk-16.15.0~dfsg/main/manager.c:9463:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					int value = atoi(user_writetimeout);
data/asterisk-16.15.0~dfsg/main/manager.c:9545:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				int value = atoi(var->value);
data/asterisk-16.15.0~dfsg/main/manager.c:9553:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char varbuf[256];
data/asterisk-16.15.0~dfsg/main/md5.c:92:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(p, buf, len);
data/asterisk-16.15.0~dfsg/main/md5.c:95:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(p, buf, t);
data/asterisk-16.15.0~dfsg/main/md5.c:104:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ctx->in, buf, 64);
data/asterisk-16.15.0~dfsg/main/md5.c:113:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ctx->in, buf, len);
data/asterisk-16.15.0~dfsg/main/md5.c:120:24:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void MD5Final(unsigned char digest[16], struct MD5Context *ctx)
data/asterisk-16.15.0~dfsg/main/md5.c:159:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(digest, ctx->buf, 16);
data/asterisk-16.15.0~dfsg/main/media_cache.c:98:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hash[41]; /* 40 character SHA1 hash */
data/asterisk-16.15.0~dfsg/main/media_cache.c:163:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char found_ext[32];
data/asterisk-16.15.0~dfsg/main/media_cache.c:164:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char new_path[PATH_MAX + sizeof(found_ext)];
data/asterisk-16.15.0~dfsg/main/media_cache.c:290:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[128];
data/asterisk-16.15.0~dfsg/main/media_cache.c:610:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char file_path[PATH_MAX];
data/asterisk-16.15.0~dfsg/main/media_index.c:51:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char variant[0];				/*!< The variant this media is available in */
data/asterisk-16.15.0~dfsg/main/media_index.c:73:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(variant->variant, variant_str, str_sz);
data/asterisk-16.15.0~dfsg/main/media_index.c:101:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];                    /*!< The file name of the media */
data/asterisk-16.15.0~dfsg/main/media_index.c:122:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(info->name, name, name_sz);
data/asterisk-16.15.0~dfsg/main/media_index.c:151:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char base_dir[0];                       /*!< Base directory for indexing */
data/asterisk-16.15.0~dfsg/main/media_index.c:171:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(index->base_dir, base_dir, base_dir_sz);
data/asterisk-16.15.0~dfsg/main/media_index.c:392:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[256];
data/asterisk-16.15.0~dfsg/main/media_index.c:394:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[2048];
data/asterisk-16.15.0~dfsg/main/media_index.c:406:6:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	f = fopen(ast_str_buffer(description_file_path), "r");
data/asterisk-16.15.0~dfsg/main/message.c:1275:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char base64decoded[1301] = { 0, };
data/asterisk-16.15.0~dfsg/main/message.c:1376:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[0];
data/asterisk-16.15.0~dfsg/main/message.c:1471:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dest, msg, msg->length);
data/asterisk-16.15.0~dfsg/main/named_acl.c:110:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[ACL_NAME_LENGTH]; /* Same max length as a configuration category */
data/asterisk-16.15.0~dfsg/main/named_acl.c:209:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			p_value = atoi(p_var->value);
data/asterisk-16.15.0~dfsg/main/named_acl.c:217:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			q_value = atoi(q_var->value);
data/asterisk-16.15.0~dfsg/main/named_locks.c:38:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[0];
data/asterisk-16.15.0~dfsg/main/netsock2.c:69:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char host[NI_MAXHOST];
data/asterisk-16.15.0~dfsg/main/netsock2.c:70:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char port[NI_MAXSERV];
data/asterisk-16.15.0~dfsg/main/netsock2.c:272:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&addr->ss, res->ai_addr, addr->len);
data/asterisk-16.15.0~dfsg/main/netsock2.c:327:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&(*addrs)[i].ss, ai->ai_addr, ai->ai_addrlen);
data/asterisk-16.15.0~dfsg/main/netsock2.c:378:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&result->ss, &result6, sizeof(result6));
data/asterisk-16.15.0~dfsg/main/netsock2.c:692:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&addr->ss, sin, sizeof(*sin));
data/asterisk-16.15.0~dfsg/main/options.c:96:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char record_cache_dir[AST_CACHE_DIR_LEN] = DEFAULT_TMP_DIR;
data/asterisk-16.15.0~dfsg/main/options.c:98:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char ast_defaultlanguage[MAX_LANGUAGE] = DEFAULT_LANGUAGE;
data/asterisk-16.15.0~dfsg/main/options.c:101:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char config_dir[PATH_MAX];
data/asterisk-16.15.0~dfsg/main/options.c:102:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char module_dir[PATH_MAX];
data/asterisk-16.15.0~dfsg/main/options.c:103:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char spool_dir[PATH_MAX];
data/asterisk-16.15.0~dfsg/main/options.c:104:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char monitor_dir[PATH_MAX];
data/asterisk-16.15.0~dfsg/main/options.c:105:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char recording_dir[PATH_MAX];
data/asterisk-16.15.0~dfsg/main/options.c:106:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char var_dir[PATH_MAX];
data/asterisk-16.15.0~dfsg/main/options.c:107:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data_dir[PATH_MAX];
data/asterisk-16.15.0~dfsg/main/options.c:108:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char log_dir[PATH_MAX];
data/asterisk-16.15.0~dfsg/main/options.c:109:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char agi_dir[PATH_MAX];
data/asterisk-16.15.0~dfsg/main/options.c:110:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char run_dir[PATH_MAX];
data/asterisk-16.15.0~dfsg/main/options.c:111:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key_dir[PATH_MAX];
data/asterisk-16.15.0~dfsg/main/options.c:113:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char config_file[PATH_MAX];
data/asterisk-16.15.0~dfsg/main/options.c:114:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char db_path[PATH_MAX];
data/asterisk-16.15.0~dfsg/main/options.c:115:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sbin_dir[PATH_MAX];
data/asterisk-16.15.0~dfsg/main/options.c:116:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pid_path[PATH_MAX];
data/asterisk-16.15.0~dfsg/main/options.c:117:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char socket_path[PATH_MAX];
data/asterisk-16.15.0~dfsg/main/options.c:118:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char run_user[PATH_MAX];
data/asterisk-16.15.0~dfsg/main/options.c:119:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char run_group[PATH_MAX];
data/asterisk-16.15.0~dfsg/main/options.c:120:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char system_name[128];
data/asterisk-16.15.0~dfsg/main/options.c:121:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ctl_perms[PATH_MAX];
data/asterisk-16.15.0~dfsg/main/options.c:122:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ctl_owner[PATH_MAX];
data/asterisk-16.15.0~dfsg/main/options.c:123:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ctl_group[PATH_MAX];
data/asterisk-16.15.0~dfsg/main/options.c:124:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ctl_file[PATH_MAX];
data/asterisk-16.15.0~dfsg/main/options.c:211:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hostname[MAXHOSTNAMELEN] = "";
data/asterisk-16.15.0~dfsg/main/options.c:300:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			option_verbose_new = atoi(v->value);
data/asterisk-16.15.0~dfsg/main/options.c:401:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			ast_option_maxfiles = atoi(v->value);
data/asterisk-16.15.0~dfsg/main/pbx.c:257:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char stuff[0];
data/asterisk-16.15.0~dfsg/main/pbx.c:269:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char x[1];       /* the pattern itself-- matches a single char */
data/asterisk-16.15.0~dfsg/main/pbx.c:297:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];				/*!< Name of the context */
data/asterisk-16.15.0~dfsg/main/pbx.c:342:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context_name[AST_MAX_CONTEXT];/*!< Context of destroyed hint extension. */
data/asterisk-16.15.0~dfsg/main/pbx.c:343:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten_name[AST_MAX_EXTENSION];/*!< Extension of destroyed hint extension. */
data/asterisk-16.15.0~dfsg/main/pbx.c:376:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hintdevice[1];
data/asterisk-16.15.0~dfsg/main/pbx.c:389:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[1];
data/asterisk-16.15.0~dfsg/main/pbx.c:878:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char dummy_name[1024];
data/asterisk-16.15.0~dfsg/main/pbx.c:1083:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char extenstr[40];
data/asterisk-16.15.0~dfsg/main/pbx.c:1113:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char extenstr[40];
data/asterisk-16.15.0~dfsg/main/pbx.c:1456:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[256];
data/asterisk-16.15.0~dfsg/main/pbx.c:1667:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char extenbuf[512];
data/asterisk-16.15.0~dfsg/main/pbx.c:2085:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		unsigned char left_bitwise[32] = { 0, };
data/asterisk-16.15.0~dfsg/main/pbx.c:2086:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		unsigned char right_bitwise[32] = { 0, };
data/asterisk-16.15.0~dfsg/main/pbx.c:2440:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[256];
data/asterisk-16.15.0~dfsg/main/pbx.c:2883:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char passdata[EXT_DATA_SIZE];
data/asterisk-16.15.0~dfsg/main/pbx.c:3308:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char match[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/main/pbx.c:3378:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context_name[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/main/pbx.c:3379:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten_name[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/main/pbx.c:3469:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context_name[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/main/pbx.c:3470:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten_name[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/main/pbx.c:4370:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char dst_exten[256];	/* buffer to accumulate digits */
data/asterisk-16.15.0~dfsg/main/pbx.c:4992:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dummy_name[1024];
data/asterisk-16.15.0~dfsg/main/pbx.c:4993:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dummy_cid[1024];
data/asterisk-16.15.0~dfsg/main/pbx.c:5211:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[AST_MAX_EXTENSION+AST_MAX_CONTEXT+2];
data/asterisk-16.15.0~dfsg/main/pbx.c:5310:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[AST_MAX_EXTENSION+AST_MAX_CONTEXT+2];
data/asterisk-16.15.0~dfsg/main/pbx.c:5528:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[1024], buf2[1024];
data/asterisk-16.15.0~dfsg/main/pbx.c:5530:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[256], buf2[256];
data/asterisk-16.15.0~dfsg/main/pbx.c:5645:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char ignorepat[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/main/pbx.c:5737:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *incstack[AST_PBX_MAX_STACK];
data/asterisk-16.15.0~dfsg/main/pbx.c:5804:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *incstack[AST_PBX_MAX_STACK];
data/asterisk-16.15.0~dfsg/main/pbx.c:5981:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char ignorepat[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/main/pbx.c:6023:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *incstack[AST_PBX_MAX_STACK];
data/asterisk-16.15.0~dfsg/main/pbx.c:6024:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char idtext[256];
data/asterisk-16.15.0~dfsg/main/pbx.c:6042:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char errorbuf[BUFSIZ];
data/asterisk-16.15.0~dfsg/main/pbx.c:6049:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char errorbuf[BUFSIZ];
data/asterisk-16.15.0~dfsg/main/pbx.c:6289:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data[0];
data/asterisk-16.15.0~dfsg/main/pbx.c:7340:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char expand_buf[VAR_BUF_SIZE];
data/asterisk-16.15.0~dfsg/main/pbx.c:7342:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dummy_name[1024];
data/asterisk-16.15.0~dfsg/main/pbx.c:7595:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char app[AST_MAX_APP];
data/asterisk-16.15.0~dfsg/main/pbx.c:7599:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/main/pbx.c:7601:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/main/pbx.c:7765:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp_cid_name[128];
data/asterisk-16.15.0~dfsg/main/pbx.c:7766:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp_cid_num[128];
data/asterisk-16.15.0~dfsg/main/pbx.c:7997:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char failed_reason[12];
data/asterisk-16.15.0~dfsg/main/pbx.c:8170:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
						char extension[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/main/pbx.c:8171:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
						char cidmatch[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/main/pbx.c:8296:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *remainder, result[30], timezone[80];
data/asterisk-16.15.0~dfsg/main/pbx.c:8809:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char rest[2] = "";
data/asterisk-16.15.0~dfsg/main/pbx_app.c:59:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];				/*!< Name of the application */
data/asterisk-16.15.0~dfsg/main/pbx_builtins.c:762:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		delay = atoi(data);
data/asterisk-16.15.0~dfsg/main/pbx_builtins.c:1024:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char key[2];
data/asterisk-16.15.0~dfsg/main/pbx_builtins.c:1041:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *opts[1] = { NULL };
data/asterisk-16.15.0~dfsg/main/pbx_builtins.c:1118:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *parse, exten[2] = "";
data/asterisk-16.15.0~dfsg/main/pbx_builtins.c:1221:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[2] = { 0, };
data/asterisk-16.15.0~dfsg/main/pbx_builtins.c:1264:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/asterisk-16.15.0~dfsg/main/pbx_builtins.c:1428:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[VAR_BUF_SIZE];
data/asterisk-16.15.0~dfsg/main/pbx_builtins.c:1460:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[AST_MAX_APP];
data/asterisk-16.15.0~dfsg/main/pbx_functions.c:147:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char infotitle[64 + AST_MAX_APP + 22], syntitle[40], destitle[40], argtitle[40], seealsotitle[40];
data/asterisk-16.15.0~dfsg/main/pbx_functions.c:148:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char info[64 + AST_MAX_APP], *synopsis = NULL, *description = NULL, *seealso = NULL;
data/asterisk-16.15.0~dfsg/main/pbx_functions.c:149:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char stxtitle[40], *syntax = NULL, *arguments = NULL;
data/asterisk-16.15.0~dfsg/main/pbx_ignorepat.c:39:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char pattern[0];
data/asterisk-16.15.0~dfsg/main/pbx_include.c:47:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char stuff[0];
data/asterisk-16.15.0~dfsg/main/pbx_sw.c:45:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char stuff[0];
data/asterisk-16.15.0~dfsg/main/pbx_variables.c:255:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char workspace[20];
data/asterisk-16.15.0~dfsg/main/pbx_variables.c:629:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ltmp[VAR_BUF_SIZE];
data/asterisk-16.15.0~dfsg/main/pbx_variables.c:630:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char var[VAR_BUF_SIZE];
data/asterisk-16.15.0~dfsg/main/pbx_variables.c:675:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(cp2, whereweare, pos);
data/asterisk-16.15.0~dfsg/main/pbx_variables.c:688:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char workspace[VAR_BUF_SIZE] = "";
data/asterisk-16.15.0~dfsg/main/pbx_variables.c:768:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(cp2, cp4, length);
data/asterisk-16.15.0~dfsg/main/plc.c:75:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		 memcpy(s->history, buf + len - PLC_HISTORY_LEN, sizeof(int16_t) * PLC_HISTORY_LEN);
data/asterisk-16.15.0~dfsg/main/plc.c:81:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(s->history + s->buf_ptr, buf, sizeof(int16_t) * (PLC_HISTORY_LEN - s->buf_ptr));
data/asterisk-16.15.0~dfsg/main/plc.c:83:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(s->history, buf + (PLC_HISTORY_LEN - s->buf_ptr), sizeof(int16_t)*len);
data/asterisk-16.15.0~dfsg/main/plc.c:88:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(s->history + s->buf_ptr, buf, sizeof(int16_t)*len);
data/asterisk-16.15.0~dfsg/main/plc.c:100:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(tmp, s->history, sizeof(int16_t)*s->buf_ptr);
data/asterisk-16.15.0~dfsg/main/plc.c:102:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(s->history + PLC_HISTORY_LEN - s->buf_ptr, tmp, sizeof(int16_t) * s->buf_ptr);
data/asterisk-16.15.0~dfsg/main/presencestate.c:95:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char label[40];
data/asterisk-16.15.0~dfsg/main/presencestate.c:355:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/main/presencestate.c:418:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char provider[80];
data/asterisk-16.15.0~dfsg/main/privacy.c:48:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256] = "";
data/asterisk-16.15.0~dfsg/main/privacy.c:52:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[256], result[256];
data/asterisk-16.15.0~dfsg/main/privacy.c:84:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256] = "";
data/asterisk-16.15.0~dfsg/main/privacy.c:88:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[256];
data/asterisk-16.15.0~dfsg/main/rtp_engine.c:219:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char channel_uniqueid[AST_MAX_UNIQUEID];
data/asterisk-16.15.0~dfsg/main/rtp_engine.c:235:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char * const rtp_extension_uris[AST_RTP_EXTENSION_MAX] = {
data/asterisk-16.15.0~dfsg/main/rtp_engine.c:255:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char type[16];
data/asterisk-16.15.0~dfsg/main/rtp_engine.c:257:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char subtype[64];
data/asterisk-16.15.0~dfsg/main/rtp_engine.c:2502:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char quality_buf[AST_MAX_USER_FIELD];
data/asterisk-16.15.0~dfsg/main/rtp_engine.c:3404:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char str_lsr[32];
data/asterisk-16.15.0~dfsg/main/rtp_engine.c:3423:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char sec[32];
data/asterisk-16.15.0~dfsg/main/rtp_engine.c:3424:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char usec[32];
data/asterisk-16.15.0~dfsg/main/say.c:65:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fnbuf[10], asciibuf[20] = "letters/ascii";
data/asterisk-16.15.0~dfsg/main/say.c:118:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(fnbuf, "digits/X");
data/asterisk-16.15.0~dfsg/main/say.c:146:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(fnbuf, "uppercase");
data/asterisk-16.15.0~dfsg/main/say.c:148:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(fnbuf, "lowercase");
data/asterisk-16.15.0~dfsg/main/say.c:150:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(fnbuf, "letters/X");
data/asterisk-16.15.0~dfsg/main/say.c:178:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fnbuf[256];
data/asterisk-16.15.0~dfsg/main/say.c:228:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(fnbuf, "digits/X");
data/asterisk-16.15.0~dfsg/main/say.c:235:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(fnbuf, "phonetic/X_p");
data/asterisk-16.15.0~dfsg/main/say.c:258:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fnbuf[256];
data/asterisk-16.15.0~dfsg/main/say.c:284:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(fnbuf, "digits/X");
data/asterisk-16.15.0~dfsg/main/say.c:569:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256] = "";
data/asterisk-16.15.0~dfsg/main/say.c:663:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256] = "";
data/asterisk-16.15.0~dfsg/main/say.c:763:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256] = "";
data/asterisk-16.15.0~dfsg/main/say.c:875:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256] = "";
data/asterisk-16.15.0~dfsg/main/say.c:876:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fna[256] = "";
data/asterisk-16.15.0~dfsg/main/say.c:1010:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256] = "";
data/asterisk-16.15.0~dfsg/main/say.c:1089:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256] = "";
data/asterisk-16.15.0~dfsg/main/say.c:1194:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256] = "";
data/asterisk-16.15.0~dfsg/main/say.c:1287:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[SAY_NUM_BUF_SIZE] = "";
data/asterisk-16.15.0~dfsg/main/say.c:1456:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256] = "";
data/asterisk-16.15.0~dfsg/main/say.c:1538:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256] = "";
data/asterisk-16.15.0~dfsg/main/say.c:1657:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256] = "";
data/asterisk-16.15.0~dfsg/main/say.c:1812:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256] = "";
data/asterisk-16.15.0~dfsg/main/say.c:1911:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256] = "";
data/asterisk-16.15.0~dfsg/main/say.c:1989:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *cyfry[10];
data/asterisk-16.15.0~dfsg/main/say.c:1990:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *cyfry2[10];
data/asterisk-16.15.0~dfsg/main/say.c:1991:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *setki[10];
data/asterisk-16.15.0~dfsg/main/say.c:1992:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *dziesiatki[10];
data/asterisk-16.15.0~dfsg/main/say.c:1993:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *nastki[10];
data/asterisk-16.15.0~dfsg/main/say.c:1994:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *rzedy[3][3];
data/asterisk-16.15.0~dfsg/main/say.c:2019:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char file_name[255] = "digits/";
data/asterisk-16.15.0~dfsg/main/say.c:2086:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char buf[10];
data/asterisk-16.15.0~dfsg/main/say.c:2233:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(odmiana_nieosobowa->cyfry2, nijaki_cyfry2, sizeof(odmiana_nieosobowa->cyfry));
data/asterisk-16.15.0~dfsg/main/say.c:2246:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(odmiana_zenska->cyfry2, zenski_cyfry2, sizeof(odmiana_zenska->cyfry));
data/asterisk-16.15.0~dfsg/main/say.c:2259:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(odmiana_meska->cyfry2, meski_cyfry2, sizeof(odmiana_meska->cyfry));
data/asterisk-16.15.0~dfsg/main/say.c:2293:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256] = "";
data/asterisk-16.15.0~dfsg/main/say.c:2392:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256] = "";
data/asterisk-16.15.0~dfsg/main/say.c:2475:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[20] = "";
data/asterisk-16.15.0~dfsg/main/say.c:2476:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256] = "";
data/asterisk-16.15.0~dfsg/main/say.c:2585:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256] = "";
data/asterisk-16.15.0~dfsg/main/say.c:2671:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256] = "";
data/asterisk-16.15.0~dfsg/main/say.c:2750:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256] = "";
data/asterisk-16.15.0~dfsg/main/say.c:2824:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256] = "";
data/asterisk-16.15.0~dfsg/main/say.c:2937:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256] = "";
data/asterisk-16.15.0~dfsg/main/say.c:3034:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256] = "";
data/asterisk-16.15.0~dfsg/main/say.c:3055:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256] = "", fna[256] = "";
data/asterisk-16.15.0~dfsg/main/say.c:3218:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256] = "", fna[256] = "";
data/asterisk-16.15.0~dfsg/main/say.c:3379:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256] = "";
data/asterisk-16.15.0~dfsg/main/say.c:3469:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256] = "", fna[256] = "";
data/asterisk-16.15.0~dfsg/main/say.c:3685:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256];
data/asterisk-16.15.0~dfsg/main/say.c:3714:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256];
data/asterisk-16.15.0~dfsg/main/say.c:3763:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256];
data/asterisk-16.15.0~dfsg/main/say.c:3813:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256];
data/asterisk-16.15.0~dfsg/main/say.c:3845:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256];
data/asterisk-16.15.0~dfsg/main/say.c:3874:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256];
data/asterisk-16.15.0~dfsg/main/say.c:3903:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256];
data/asterisk-16.15.0~dfsg/main/say.c:3939:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256];
data/asterisk-16.15.0~dfsg/main/say.c:3966:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256];
data/asterisk-16.15.0~dfsg/main/say.c:4000:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256];
data/asterisk-16.15.0~dfsg/main/say.c:4102:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sndfile[256], nextmsg[256];
data/asterisk-16.15.0~dfsg/main/say.c:4349:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sndfile[256], nextmsg[256];
data/asterisk-16.15.0~dfsg/main/say.c:4551:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sndfile[256], nextmsg[256];
data/asterisk-16.15.0~dfsg/main/say.c:4754:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sndfile[256], nextmsg[256];
data/asterisk-16.15.0~dfsg/main/say.c:4966:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sndfile[256], nextmsg[256];
data/asterisk-16.15.0~dfsg/main/say.c:5157:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sndfile[256], nextmsg[256];
data/asterisk-16.15.0~dfsg/main/say.c:5298:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sndfile[256], nextmsg[256];
data/asterisk-16.15.0~dfsg/main/say.c:5489:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sndfile[256], nextmsg[256];
data/asterisk-16.15.0~dfsg/main/say.c:5685:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sndfile[256], nextmsg[256];
data/asterisk-16.15.0~dfsg/main/say.c:5917:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sndfile[256], nextmsg[256];
data/asterisk-16.15.0~dfsg/main/say.c:6122:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sndfile[256], nextmsg[256];
data/asterisk-16.15.0~dfsg/main/say.c:6339:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sndfile[256], nextmsg[256];
data/asterisk-16.15.0~dfsg/main/say.c:6631:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sndfile[256], nextmsg[256];
data/asterisk-16.15.0~dfsg/main/say.c:7278:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256];
data/asterisk-16.15.0~dfsg/main/say.c:7374:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256];
data/asterisk-16.15.0~dfsg/main/say.c:7434:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256];
data/asterisk-16.15.0~dfsg/main/say.c:7515:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256];
data/asterisk-16.15.0~dfsg/main/say.c:7558:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256];
data/asterisk-16.15.0~dfsg/main/say.c:7618:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256];
data/asterisk-16.15.0~dfsg/main/say.c:7711:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256];
data/asterisk-16.15.0~dfsg/main/say.c:7749:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256];
data/asterisk-16.15.0~dfsg/main/say.c:7787:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256];
data/asterisk-16.15.0~dfsg/main/say.c:7837:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256];
data/asterisk-16.15.0~dfsg/main/say.c:7878:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256] = "";
data/asterisk-16.15.0~dfsg/main/say.c:7922:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256] = "";
data/asterisk-16.15.0~dfsg/main/say.c:7992:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256] = "";
data/asterisk-16.15.0~dfsg/main/say.c:8068:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256];
data/asterisk-16.15.0~dfsg/main/say.c:8103:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256];
data/asterisk-16.15.0~dfsg/main/say.c:8242:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256];
data/asterisk-16.15.0~dfsg/main/say.c:8275:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256];
data/asterisk-16.15.0~dfsg/main/say.c:8343:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sndfile[256], nextmsg[256];
data/asterisk-16.15.0~dfsg/main/say.c:8515:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sndfile[256], nextmsg[256];
data/asterisk-16.15.0~dfsg/main/say.c:8783:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sndfile[256], nextmsg[256];
data/asterisk-16.15.0~dfsg/main/say.c:9016:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[256];
data/asterisk-16.15.0~dfsg/main/say.c:9156:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[512] = "";
data/asterisk-16.15.0~dfsg/main/say.c:9173:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(new_string, "digits/");
data/asterisk-16.15.0~dfsg/main/say.c:9235:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256];
data/asterisk-16.15.0~dfsg/main/say.c:9334:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256];
data/asterisk-16.15.0~dfsg/main/serializer.c:80:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tps_name[AST_TASKPROCESSOR_MAX_NAME + 1];
data/asterisk-16.15.0~dfsg/main/slinfactory.c:156:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(offset, sf->offset, sf->holdlen * sizeof(*offset));
data/asterisk-16.15.0~dfsg/main/slinfactory.c:163:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(offset, sf->offset, ineed * sizeof(*offset));
data/asterisk-16.15.0~dfsg/main/slinfactory.c:175:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(offset, frame_data, frame_ptr->samples * sizeof(*offset));
data/asterisk-16.15.0~dfsg/main/slinfactory.c:180:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(offset, frame_data, ineed * sizeof(*offset));
data/asterisk-16.15.0~dfsg/main/slinfactory.c:186:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(sf->hold, frame_data, remain * sizeof(*offset));
data/asterisk-16.15.0~dfsg/main/smoother.c:51:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data[SMOOTHER_SIZE];
data/asterisk-16.15.0~dfsg/main/smoother.c:52:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char framedata[SMOOTHER_SIZE + AST_FRIENDLY_OFFSET];
data/asterisk-16.15.0~dfsg/main/smoother.c:68:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(s->data + s->len, f->data.ptr, f->datalen);
data/asterisk-16.15.0~dfsg/main/smoother.c:203:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(s->f.data.ptr, s->data, len);
data/asterisk-16.15.0~dfsg/main/sorcery.c:47:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#undef open
data/asterisk-16.15.0~dfsg/main/sorcery.c:120:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char wizard_args[0];
data/asterisk-16.15.0~dfsg/main/sorcery.c:132:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char type[MAX_OBJECT_TYPE];
data/asterisk-16.15.0~dfsg/main/sorcery.c:147:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[MAX_OBJECT_TYPE];
data/asterisk-16.15.0~dfsg/main/sorcery.c:204:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[MAX_OBJECT_FIELD];
data/asterisk-16.15.0~dfsg/main/sorcery.c:223:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char module_name[0];
data/asterisk-16.15.0~dfsg/main/sorcery.c:701:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tps_name[AST_TASKPROCESSOR_MAX_NAME + 1];
data/asterisk-16.15.0~dfsg/main/sorcery.c:919:33:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (internal_wizard->callbacks.open && !(object_wizard->data = internal_wizard->callbacks.open(wizard_args))) {
data/asterisk-16.15.0~dfsg/main/sorcery.c:919:92:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (internal_wizard->callbacks.open && !(object_wizard->data = internal_wizard->callbacks.open(wizard_args))) {
data/asterisk-16.15.0~dfsg/main/sorcery.c:1752:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char uuid[AST_UUID_STR_LEN];
data/asterisk-16.15.0~dfsg/main/srv.c:62:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char host[1];
data/asterisk-16.15.0~dfsg/main/srv.c:81:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char repl[256] = "";
data/asterisk-16.15.0~dfsg/main/stasis.c:363:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];
data/asterisk-16.15.0~dfsg/main/stasis.c:402:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[0];
data/asterisk-16.15.0~dfsg/main/stasis.c:672:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char uniqueid[0];
data/asterisk-16.15.0~dfsg/main/stasis.c:893:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char tps_name[AST_TASKPROCESSOR_MAX_NAME + 1];
data/asterisk-16.15.0~dfsg/main/stasis.c:1708:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];
data/asterisk-16.15.0~dfsg/main/stasis.c:2416:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char print_time[32];
data/asterisk-16.15.0~dfsg/main/stasis_channels.c:533:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char role[0];							/*!< The role assigned to the channel */
data/asterisk-16.15.0~dfsg/main/stdtime/localtime.c:160:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char    name[TZ_STRLEN_MAX + 1];
data/asterisk-16.15.0~dfsg/main/stdtime/localtime.c:168:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char	types[TZ_MAX_TIMES];
data/asterisk-16.15.0~dfsg/main/stdtime/localtime.c:170:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		chars[BIGGEST(BIGGEST(TZ_MAX_CHARS + 1, sizeof gmt),
data/asterisk-16.15.0~dfsg/main/stdtime/localtime.c:245:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];
data/asterisk-16.15.0~dfsg/main/stdtime/localtime.c:335:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char name[FILENAME_MAX + 1];
data/asterisk-16.15.0~dfsg/main/stdtime/localtime.c:436:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char fullpath[FILENAME_MAX + 1] = "";
data/asterisk-16.15.0~dfsg/main/stdtime/localtime.c:575:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char   watchdir[PATH_MAX + 1] = "";
data/asterisk-16.15.0~dfsg/main/stdtime/localtime.c:625:73:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (readlink(path, watchdir, sizeof(watchdir) - 1) != -1 && (sp->fds = open(path, O_RDONLY | O_SYMLINK
data/asterisk-16.15.0~dfsg/main/stdtime/localtime.c:679:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((sp->fd = open(path, O_RDONLY
data/asterisk-16.15.0~dfsg/main/stdtime/localtime.c:715:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		fullname[FILENAME_MAX + 1];
data/asterisk-16.15.0~dfsg/main/stdtime/localtime.c:862:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		buf[2 * sizeof(struct tzhead) +
data/asterisk-16.15.0~dfsg/main/stdtime/localtime.c:878:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		fullname[FILENAME_MAX + 1];
data/asterisk-16.15.0~dfsg/main/stdtime/localtime.c:900:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ((fid = open(name, OPEN_MODE)) == -1)
data/asterisk-16.15.0~dfsg/main/stdtime/localtime.c:2403:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char name[6];
data/asterisk-16.15.0~dfsg/main/stdtime/localtime.c:2498:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				fptr += sprintf(fptr, "%0*ld", decimals, fraction);
data/asterisk-16.15.0~dfsg/main/stdtime/localtime.c:2542:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(tm, &tm2, sizeof(tm2));
data/asterisk-16.15.0~dfsg/main/stdtime/test.c:11:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	*zone[4] = { "America/New_York", "America/Chicago", "America/Denver", "America/Los_Angeles" };
data/asterisk-16.15.0~dfsg/main/stdtime/tzfile.h:55:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	tzh_magic[4];		/* TZ_MAGIC */
data/asterisk-16.15.0~dfsg/main/stdtime/tzfile.h:56:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	tzh_version[1];		/* '\0' or '2' as of 2005 */
data/asterisk-16.15.0~dfsg/main/stdtime/tzfile.h:57:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	tzh_reserved[15];	/* reserved--must be zero */
data/asterisk-16.15.0~dfsg/main/stdtime/tzfile.h:58:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	tzh_ttisgmtcnt[4];	/* coded number of trans. time flags */
data/asterisk-16.15.0~dfsg/main/stdtime/tzfile.h:59:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	tzh_ttisstdcnt[4];	/* coded number of trans. time flags */
data/asterisk-16.15.0~dfsg/main/stdtime/tzfile.h:60:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	tzh_leapcnt[4];		/* coded number of leap seconds */
data/asterisk-16.15.0~dfsg/main/stdtime/tzfile.h:61:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	tzh_timecnt[4];		/* coded number of transition times */
data/asterisk-16.15.0~dfsg/main/stdtime/tzfile.h:62:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	tzh_typecnt[4];		/* coded number of local time types */
data/asterisk-16.15.0~dfsg/main/stdtime/tzfile.h:63:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	tzh_charcnt[4];		/* coded number of abbr. chars */
data/asterisk-16.15.0~dfsg/main/strcompat.c:155:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	return memcpy(new, s, len);
data/asterisk-16.15.0~dfsg/main/strcompat.c:336:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((LOADAVG = fopen("/proc/loadavg", "r"))) {
data/asterisk-16.15.0~dfsg/main/strcompat.c:370:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		unsigned char c[8];
data/asterisk-16.15.0~dfsg/main/strcompat.c:396:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		unsigned char c[8];
data/asterisk-16.15.0~dfsg/main/strcompat.c:561:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			fd = open(path, O_CREAT | O_EXCL | O_RDWR, S_IRUSR | S_IWUSR);
data/asterisk-16.15.0~dfsg/main/stream.c:44:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name_value[0];
data/asterisk-16.15.0~dfsg/main/stream.c:86:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];
data/asterisk-16.15.0~dfsg/main/stream.c:147:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(new_stream, stream, sizeof(*new_stream));
data/asterisk-16.15.0~dfsg/main/stringfields.c:40:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char string[1];
data/asterisk-16.15.0~dfsg/main/stun.c:75:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char ies[0];
data/asterisk-16.15.0~dfsg/main/stun.c:81:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char value[0];
data/asterisk-16.15.0~dfsg/main/stun.c:211:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((*attr)->value, s, str_length);
data/asterisk-16.15.0~dfsg/main/stun.c:331:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		unsigned char respdata[1024];
data/asterisk-16.15.0~dfsg/main/stun.c:335:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char combined[33];
data/asterisk-16.15.0~dfsg/main/stun.c:389:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char req_buf[1024];
data/asterisk-16.15.0~dfsg/main/stun.c:390:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char rsp_buf[1024];
data/asterisk-16.15.0~dfsg/main/taskprocessor.c:97:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];
data/asterisk-16.15.0~dfsg/main/taskprocessor.c:125:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char subsystem[0];
data/asterisk-16.15.0~dfsg/main/tcptls.c:366:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(cert_file + cert_file_len - 8, key_type_extension, 5);
data/asterisk-16.15.0~dfsg/main/tcptls.c:692:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char hash[41];
data/asterisk-16.15.0~dfsg/main/tcptls.c:704:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(desc->tls_cfg->certhash, hash, 41);
data/asterisk-16.15.0~dfsg/main/tcptls.c:712:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(desc->tls_cfg->pvthash, hash, 41);
data/asterisk-16.15.0~dfsg/main/tcptls.c:720:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(desc->tls_cfg->cahash, hash, 41);
data/asterisk-16.15.0~dfsg/main/tcptls.c:826:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(desc->old_tls_cfg->certhash, desc->tls_cfg->certhash, 41);
data/asterisk-16.15.0~dfsg/main/tcptls.c:827:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(desc->old_tls_cfg->pvthash, desc->tls_cfg->pvthash, 41);
data/asterisk-16.15.0~dfsg/main/tcptls.c:828:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(desc->old_tls_cfg->cahash, desc->tls_cfg->cahash, 41);
data/asterisk-16.15.0~dfsg/main/tdd.c:49:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char rawdata[256];
data/asterisk-16.15.0~dfsg/main/tdd.c:66:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char ltrs[32] = { '<','E','\n','A',' ','S','I','U',
data/asterisk-16.15.0~dfsg/main/tdd.c:70:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char figs[32] = { '<','3','\n','-',' ','\'','8','7',
data/asterisk-16.15.0~dfsg/main/tdd.c:154:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(outbuf + pos, ecdisa, cnt);
data/asterisk-16.15.0~dfsg/main/tdd.c:174:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buf, tdd->oldstuff, tdd->oldlen);
data/asterisk-16.15.0~dfsg/main/tdd.c:204:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(tdd->oldstuff, buf, mylen * 2);
data/asterisk-16.15.0~dfsg/main/tdd.c:303:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static unsigned char lstr[31] = "\000E\nA SIU\rDRJNFCKTZLWHYPQOBG\000MXV";
data/asterisk-16.15.0~dfsg/main/tdd.c:305:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static unsigned char fstr[31] = "\0003\n- \00787\r$4',!:(5\")2\0006019?+\000./;";
data/asterisk-16.15.0~dfsg/main/term.c:45:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char enddata[80] = "";
data/asterisk-16.15.0~dfsg/main/term.c:46:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char quitdata[80] = "";
data/asterisk-16.15.0~dfsg/main/term.c:59:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[AST_TERM_MAX_ROTATING_BUFFERS][AST_TERM_MAX_ESCAPE_CHARS];
data/asterisk-16.15.0~dfsg/main/term.c:95:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char termfile[256] = "";
data/asterisk-16.15.0~dfsg/main/term.c:96:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[512] = "";
data/asterisk-16.15.0~dfsg/main/term.c:118:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		termfd = open(termfile, O_RDONLY);
data/asterisk-16.15.0~dfsg/main/test.c:384:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char result_buf[32] = { 0 };
data/asterisk-16.15.0~dfsg/main/test.c:514:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if (!(f_xml = fopen(xml_path, "w"))) {
data/asterisk-16.15.0~dfsg/main/test.c:521:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if (!(f_txt = fopen(txt_path, "w"))) {
data/asterisk-16.15.0~dfsg/main/test.c:924:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char result_buf[32] = { 0 };
data/asterisk-16.15.0~dfsg/main/translate.c:234:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(tmp_table, __indextable, sizeof(unsigned int) * old_index);
data/asterisk-16.15.0~dfsg/main/translate.c:965:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int time = a->argv[4] ? atoi(a->argv[4]) : 1;
data/asterisk-16.15.0~dfsg/main/translate.c:1112:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char src_buffer[64];
data/asterisk-16.15.0~dfsg/main/translate.c:1113:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char dst_buffer[64];
data/asterisk-16.15.0~dfsg/main/translate.c:1217:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[80];
data/asterisk-16.15.0~dfsg/main/translate.c:1329:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[80];
data/asterisk-16.15.0~dfsg/main/udptl.c:160:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char rawdata[8192 + AST_FRIENDLY_OFFSET];
data/asterisk-16.15.0~dfsg/main/udptl.c:370:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&buf[*len], &data[octet_idx], enclen);
data/asterisk-16.15.0~dfsg/main/udptl.c:502:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(s->rx[x].buf, ifp, ifp_len);
data/asterisk-16.15.0~dfsg/main/udptl.c:534:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(s->rx[x].fec[i], data, s->rx[x].fec_len[i]);
data/asterisk-16.15.0~dfsg/main/udptl.c:643:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(s->tx[entry].buf, ifp, ifp_len);
data/asterisk-16.15.0~dfsg/main/ulaw.c:49:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char __ast_lin2mu[16384];
data/asterisk-16.15.0~dfsg/main/ulaw.c:97:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char __ast_lin2mu[AST_ULAW_TAB_SIZE];
data/asterisk-16.15.0~dfsg/main/uri.c:44:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char uri[0];
data/asterisk-16.15.0~dfsg/main/uri.c:313:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(res, ast_uri_host(uri), host_size);
data/asterisk-16.15.0~dfsg/main/uri.c:317:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(res + host_size + 1,
data/asterisk-16.15.0~dfsg/main/utf8.c:282:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dst[dst_len];
data/asterisk-16.15.0~dfsg/main/utils.c:73:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char base64[64];
data/asterisk-16.15.0~dfsg/main/utils.c:74:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char b2a[256];
data/asterisk-16.15.0~dfsg/main/utils.c:154:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(pbuf, *p, ph->h_length); /* copy address bytes */
data/asterisk-16.15.0~dfsg/main/utils.c:244:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char digest[16];
data/asterisk-16.15.0~dfsg/main/utils.c:253:10:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		ptr += sprintf(ptr, "%02hhx", digest[x]);
data/asterisk-16.15.0~dfsg/main/utils.c:271:10:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		ptr += sprintf(ptr, "%02hhx", Message_Digest[x]);
data/asterisk-16.15.0~dfsg/main/utils.c:472:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			out += sprintf(out, "%%%02hhX", (unsigned char) *ptr);
data/asterisk-16.15.0~dfsg/main/utils.c:521:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			out += sprintf(out, "\\%c", (unsigned char) *ptr);
data/asterisk-16.15.0~dfsg/main/utils.c:551:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(out, "\\;");
data/asterisk-16.15.0~dfsg/main/utils.c:1533:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char stack[8];
data/asterisk-16.15.0~dfsg/main/utils.c:2242:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	dev_urandom_fd = open("/dev/urandom", O_RDONLY);
data/asterisk-16.15.0~dfsg/main/utils.c:2468:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(s, "%02hhx:", eid->eid[x]);
data/asterisk-16.15.0~dfsg/main/utils.c:2471:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(s, "%02hhx", eid->eid[5]);
data/asterisk-16.15.0~dfsg/main/utils.c:2487:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid_str[20];
data/asterisk-16.15.0~dfsg/main/utils.c:2488:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char empty_mac[6] = {0, 0, 0, 0, 0, 0};
data/asterisk-16.15.0~dfsg/main/utils.c:2489:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char full_mac[6]  = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
data/asterisk-16.15.0~dfsg/main/utils.c:2516:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(eid, ap, sizeof(*eid));
data/asterisk-16.15.0~dfsg/main/utils.c:2544:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid_str[20];
data/asterisk-16.15.0~dfsg/main/utils.c:2546:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char empty_mac[6] = {0, 0, 0, 0, 0, 0};
data/asterisk-16.15.0~dfsg/main/utils.c:2547:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char full_mac[6]  = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
data/asterisk-16.15.0~dfsg/main/utils.c:2602:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(eid, p, sizeof(*eid));
data/asterisk-16.15.0~dfsg/main/utils.c:2628:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid_str[20];
data/asterisk-16.15.0~dfsg/main/utils.c:2630:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char empty_mac[6] = {0, 0, 0, 0, 0, 0};
data/asterisk-16.15.0~dfsg/main/utils.c:2631:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char full_mac[6]  = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
data/asterisk-16.15.0~dfsg/main/utils.c:2678:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(eid, hwaddr, sizeof(*eid));
data/asterisk-16.15.0~dfsg/main/utils.c:2734:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	int fd = open(filename, O_RDONLY |  O_NONBLOCK);
data/asterisk-16.15.0~dfsg/main/uuid.c:216:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	dev_urandom_fd = open("/dev/urandom", O_RDONLY);
data/asterisk-16.15.0~dfsg/main/xmldoc.c:51:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char documentation_language[6];
data/asterisk-16.15.0~dfsg/main/xmldoc.c:179:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *ret, postbr[160];
data/asterisk-16.15.0~dfsg/main/xmldoc.c:302:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char buf[len + 1];
data/asterisk-16.15.0~dfsg/main/xmldoc.c:2846:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(f = fopen(a->argv[2], "w"))) {
data/asterisk-16.15.0~dfsg/menuselect/menuselect.c:99:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[32];
data/asterisk-16.15.0~dfsg/menuselect/menuselect.c:121:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(debug = fopen("menuselect_debug.txt", "w"))) {
data/asterisk-16.15.0~dfsg/menuselect/menuselect.c:815:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[80];
data/asterisk-16.15.0~dfsg/menuselect/menuselect.c:819:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(f = fopen(MENUSELECT_DEPS, "r"))) {
data/asterisk-16.15.0~dfsg/menuselect/menuselect.c:1340:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(f = fopen(infile, "r"))) {
data/asterisk-16.15.0~dfsg/menuselect/menuselect.c:1411:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(f = fopen(output_makedeps, "w"))) {
data/asterisk-16.15.0~dfsg/menuselect/menuselect.c:1504:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(f = fopen(output_makeopts, "w"))) {
data/asterisk-16.15.0~dfsg/menuselect/menuselect.c:1592:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char rmcommand[256] = "rm -rf ";
data/asterisk-16.15.0~dfsg/menuselect/menuselect.c:1593:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char touchcommand[256] = "touch -c ";
data/asterisk-16.15.0~dfsg/menuselect/menuselect.h:177:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy (__new, __old, __len);                             \
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:126:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		waddstr(win, (char *) help_info[i]);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:178:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[64];
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:198:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[64];
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:221:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[maxlen + 1];
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:248:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(buf, "Depends on: ");
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:259:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(buf, "Can use: ");
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:270:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(buf, "Conflicts with: ");
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:285:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char buf2[64];
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:299:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[64];
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:499:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char titlebar[strlen(menu_name) + 9];
data/asterisk-16.15.0~dfsg/menuselect/menuselect_gtk.c:142:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	cat_num = atoi(cat_num_str);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_gtk.c:143:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	mem_num = atoi(mem_num_str);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_gtk.c:296:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char name_buf[64];
data/asterisk-16.15.0~dfsg/menuselect/menuselect_gtk.c:297:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char dep_buf[64] = "";
data/asterisk-16.15.0~dfsg/menuselect/menuselect_gtk.c:298:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char use_buf[64] = "";
data/asterisk-16.15.0~dfsg/menuselect/menuselect_gtk.c:299:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char cnf_buf[64] = "";
data/asterisk-16.15.0~dfsg/menuselect/menuselect_newt.c:112:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[128] = { 0 };
data/asterisk-16.15.0~dfsg/menuselect/menuselect_newt.c:178:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char buf2[64];
data/asterisk-16.15.0~dfsg/menuselect/menuselect_newt.c:194:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[64];
data/asterisk-16.15.0~dfsg/menuselect/menuselect_newt.c:237:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[64];
data/asterisk-16.15.0~dfsg/menuselect/strcompat.c:151:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	return memcpy(new, s, len);
data/asterisk-16.15.0~dfsg/menuselect/strcompat.c:218:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((LOADAVG = fopen("/proc/loadavg", "r"))) {
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:63:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(s, "%02hhX", (unsigned char)eid->eid[x]);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:126:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(buf, "NONE|");
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:133:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp2[256];
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:134:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp3[256];
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:148:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(tmp3, hint->data, datalen);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:167:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp2[256];
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:184:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(tmp2, cause->desc, datalen);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:279:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(buf, "NONE|");
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:287:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char proto[40];
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:288:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char flags[40];
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:289:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid_str[40];
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:290:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[512]="";
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:304:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(tmp, answer->data, datalen);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:317:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char iv[33];
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:322:52:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			snprintf(iv + (x << 1), 3, "%02hhx", ((unsigned char *)value)[x]);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:334:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(output, "[ ");
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:389:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char interp[1024];
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:390:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[1051];
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:415:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
						strcpy(interp, "Present");
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:455:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char class2[20];
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:457:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char subclass2[20];
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:459:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:486:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:494:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ied->buf + ied->pos, data, datalen);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:501:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:512:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ied->buf + ied->pos, data, datalen-1);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:520:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:530:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ied->buf + ied->pos, &flags, sizeof(flags));
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:533:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ied->buf + ied->pos, data, datalen-2);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:541:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:550:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ied->buf + ied->pos, iv, 16);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:553:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ied->buf + ied->pos, data, datalen-16);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:561:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:576:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ied->buf + ied->pos, &myw, 2);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:579:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ied->buf + ied->pos, &myw, 2);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:581:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ied->buf + ied->pos, data, datalen-11);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:640:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.h:56:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[8192];
data/asterisk-16.15.0~dfsg/pbx/pbx_ael.c:128:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[256], *data = ast_strdupa(vdata);
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:98:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char userscontext[AST_MAX_EXTENSION] = "default";
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:456:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			removing_priority = atoi(a->argv[4]);
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:646:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char buffer[10];
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:811:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename[256], overrideswitch[256] = "";
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:883:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(output = fopen(filename, "wt"))) {
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:908:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char escaped[escaped_len];
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:969:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char label[128] = "";
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:973:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char escaped[escaped_len];
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:1680:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char realvalue[256];
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:1682:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char realvalue[8192];
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:1691:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lastextension[256];
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:1748:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char realext[256] = "";
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:1875:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
						ipri += atoi(plus);
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:1983:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:1984:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char iface[256];
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:1985:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dahdicopy[256];
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:1986:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *ext, altcopy[256];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:201:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char dept[80];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:202:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char org[80];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:203:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char locality[80];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:204:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char stateprov[80];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:205:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char country[80];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:206:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char email[80];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:207:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char phone[80];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:208:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char secretpath[80];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:209:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char cursecret[80];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:210:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ipaddr[80];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:218:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:228:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char data[0];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:233:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:240:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char number[0];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:274:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dcontext[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:275:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char number[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:292:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dcontext[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:293:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lcontext[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:299:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dest[512];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:309:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char inkey[80];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:310:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char outkey[80];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:316:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char txenckey[256];           /*!< Transmitted encrypted key + sig */
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:317:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char rxenckey[256];           /*!< Cache received encrypted key + sig */
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:327:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *lookups[DUNDI_TIMING_HISTORY];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:547:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char called_context[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:548:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char called_number[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:556:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fluffy[0];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:561:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[32];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:636:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char tmp[AST_MAX_EXTENSION + 1] = "";
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:663:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid_str[20];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:726:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid_str[20];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:760:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid_str[20];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:815:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid_str[20];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:867:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key1[256];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:868:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key2[256];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:869:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eidpeer_str[20];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:870:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eidroot_str[20];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:871:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data[80];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:902:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key1[256];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:903:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key2[256];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:904:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data[1024];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:905:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eidpeer_str[20];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:906:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eidroot_str[20];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:1172:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data[1024];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:1179:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fs[256];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:1244:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid_str[20];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:1245:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eidroot_str[20];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:1249:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid_str_full[20];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:1250:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256]="";
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:1252:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[sizeof(eid_str) + sizeof(tmp) + sizeof(req->dcontext) + sizeof(eidroot_str) + sizeof("hint////r")];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:1324:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid_str[20];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:1336:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char key[16];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:1338:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid_str[20];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:1375:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char curblock[16];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:1391:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char lastblock[16];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:1436:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char iv[16];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:1487:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pack->h->ies, ied.buf, ied.pos);
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:1494:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char dst[128];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:1497:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid_str[20];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:1537:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(peer->rxenckey, newkey, 128);
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:1538:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(peer->rxenckey + 128, newsig, 128);
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:1608:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid_str[20];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:1609:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid_str2[20];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:1619:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(bufcpy, hdr->ies, datalen);
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:1722:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char data[256];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:1968:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				unsigned char decoded[MAX_PACKET_SIZE];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:2088:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[MAX_PACKET_SIZE];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:2112:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char tmp[16];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:2127:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[350];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:2142:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:2179:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char oldsecret[80];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:2265:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[256];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:2266:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char number[256];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:2422:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid_str[20];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:2459:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:2460:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fs[80] = "";
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:2515:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:2553:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:2626:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid_str[20];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:2703:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char avgms[20];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:2704:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid_str[20];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:2734:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char status[64];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:2736:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char srch[2000];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:2744:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(status, "UNREACHABLE");
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:2756:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(status, "UNKNOWN");
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:2760:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(status, "Unmonitored");
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:2766:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(avgms, "Unavail");
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:2829:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid_str[20];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:2855:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eidstr[20];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:2888:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fs[256];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:2889:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char weight[8];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:2963:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char src_eid_str[20];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:2966:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fs[256];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:3058:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char src_eid_str[20];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:3209:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid_str[20];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:3313:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid_str[20];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:3335:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(pack->h->ies, ied->buf, ied->pos);
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:3383:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid_str[20];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:3646:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid_str[20];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:3647:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid_str2[20];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:3707:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid_str[20];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:3762:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid_str[20];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:3818:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			acrc32 ^= crc32(0L, (unsigned char *)avoid[x], sizeof(dundi_eid));
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:3835:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid_str[20];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:4459:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *t, *fields[MAX_OPTS];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:4535:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid_str[20];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:4536:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid_str2[20];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:4590:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data[256];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:4593:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid_str[20];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:4633:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid_str[20];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:4666:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			port = atoi(v->value);
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:4837:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char req[1024];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:4917:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hn[MAXHOSTNAMELEN];
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:4948:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char bind_addr[80]={0,};
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:4949:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char bind_addr2[80]={0,};
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:4972:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			port = atoi(v->value);
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:5045:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(bind_addr, "0.0.0.0:%d", port);
data/asterisk-16.15.0~dfsg/pbx/pbx_loopback.c:74:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1024]; \
data/asterisk-16.15.0~dfsg/pbx/pbx_loopback.c:88:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[80];
data/asterisk-16.15.0~dfsg/pbx/pbx_lua.c:191:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[80], tmp2[80], tmp3[LUA_EXT_DATA_SIZE];
data/asterisk-16.15.0~dfsg/pbx/pbx_lua.c:1099:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(f = fopen(path, "r"))) {
data/asterisk-16.15.0~dfsg/pbx/pbx_realtime.c:74:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten[2];
data/asterisk-16.15.0~dfsg/pbx/pbx_realtime.c:170:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pri[20];
data/asterisk-16.15.0~dfsg/pbx/pbx_realtime.c:172:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char rexten[AST_MAX_EXTENSION + 20]="";
data/asterisk-16.15.0~dfsg/pbx/pbx_realtime.c:238:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char exten[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/pbx/pbx_realtime.c:330:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char appdata[512];
data/asterisk-16.15.0~dfsg/pbx/pbx_realtime.c:331:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char tmp1[80];
data/asterisk-16.15.0~dfsg/pbx/pbx_realtime.c:332:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char tmp2[80];
data/asterisk-16.15.0~dfsg/pbx/pbx_realtime.c:333:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char tmp3[EXT_DATA_SIZE];
data/asterisk-16.15.0~dfsg/pbx/pbx_spool.c:74:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char qdir[255];
data/asterisk-16.15.0~dfsg/pbx/pbx_spool.c:75:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char qdonedir[255];
data/asterisk-16.15.0~dfsg/pbx/pbx_spool.c:106:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];
data/asterisk-16.15.0~dfsg/pbx/pbx_spool.c:227:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char cid_name[80] = {0}, cid_num[80] = {0};
data/asterisk-16.15.0~dfsg/pbx/pbx_spool.c:298:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[LINE_BUFFER_SIZE];
data/asterisk-16.15.0~dfsg/pbx/pbx_spool.c:346:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((f = fopen(o->fn, "a"))) {
data/asterisk-16.15.0~dfsg/pbx/pbx_spool.c:366:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char newfn[256];
data/asterisk-16.15.0~dfsg/pbx/pbx_spool.c:423:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((f = fopen(newfn, "a"))) {
data/asterisk-16.15.0~dfsg/pbx/pbx_spool.c:494:6:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	f = fopen(o->fn, "r");
data/asterisk-16.15.0~dfsg/pbx/pbx_spool.c:700:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[8192] __attribute__((aligned (sizeof(int))));
data/asterisk-16.15.0~dfsg/pbx/pbx_spool.c:852:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256];
data/asterisk-16.15.0~dfsg/res/ael/ael.tab.c:1350:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/asterisk-16.15.0~dfsg/res/ael/ael.tab.c:2102:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char yymsgbuf[128];
data/asterisk-16.15.0~dfsg/res/ael/ael_lex.c:858:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char pbcstack[400];	/* XXX missing size checks */
data/asterisk-16.15.0~dfsg/res/ael/ael_lex.c:867:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char pbcstack2[400];	/* XXX missing size checks */
data/asterisk-16.15.0~dfsg/res/ael/ael_lex.c:876:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char pbcstack3[400];	/* XXX missing size checks */
data/asterisk-16.15.0~dfsg/res/ael/ael_lex.c:1965:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char fnamebuf[1024],*p1,*p2;
data/asterisk-16.15.0~dfsg/res/ael/ael_lex.c:1981:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		   char fnamebuf2[1024];
data/asterisk-16.15.0~dfsg/res/ael/ael_lex.c:2018:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char fnamebuf[2048];
data/asterisk-16.15.0~dfsg/res/ael/ael_lex.c:3378:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fin = fopen(filename,"r");
data/asterisk-16.15.0~dfsg/res/ael/ael_lex.c:3420:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fnamebuf[2048];
data/asterisk-16.15.0~dfsg/res/ael/ael_lex.c:3452:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		in1 = fopen( fnamebuf2, "r" );
data/asterisk-16.15.0~dfsg/res/ael/pval.c:60:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char expr_output[2096];
data/asterisk-16.15.0~dfsg/res/ael/pval.c:384:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE *fin = fopen(fname,"w");
data/asterisk-16.15.0~dfsg/res/ael/pval.c:704:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char reg1[2000];
data/asterisk-16.15.0~dfsg/res/ael/pval.c:776:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char errmess[500];
data/asterisk-16.15.0~dfsg/res/ael/pval.c:1347:75:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					pbx_find_extension(NULL, NULL, &pfiq, first->u1.str, second->u1.str, atoi(third->u1.str),
data/asterisk-16.15.0~dfsg/res/ael/pval.c:1348:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
											atoi(third->u1.str) ? NULL : third->u1.str, NULL,
data/asterisk-16.15.0~dfsg/res/ael/pval.c:1349:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
											atoi(third->u1.str) ? E_MATCH : E_FINDLABEL);
data/asterisk-16.15.0~dfsg/res/ael/pval.c:2366:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char errmsg[4096];
data/asterisk-16.15.0~dfsg/res/ael/pval.c:2434:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char namebuf2[256];
data/asterisk-16.15.0~dfsg/res/ael/pval.c:2457:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char namebuf2[256];
data/asterisk-16.15.0~dfsg/res/ael/pval.c:2959:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			strcat(p2, "${~~EXTEN~~}");
data/asterisk-16.15.0~dfsg/res/ael/pval.c:2969:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			strcat(p2, "${~~EXTEN~~:");
data/asterisk-16.15.0~dfsg/res/ael/pval.c:3523:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
				strcat(buf2,"$[");
data/asterisk-16.15.0~dfsg/res/ael/pval.c:3568:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
				strcat(buf2,"$[");
data/asterisk-16.15.0~dfsg/res/ael/pval.c:3768:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
						char buf[2000];
data/asterisk-16.15.0~dfsg/res/ael/pval.c:3841:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
						char buf[2000];
data/asterisk-16.15.0~dfsg/res/ael/pval.c:3943:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
						char buf[2000];
data/asterisk-16.15.0~dfsg/res/ael/pval.c:4169:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char buf[2000];
data/asterisk-16.15.0~dfsg/res/ael/pval.c:4217:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char realext[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/res/ael/pval.c:4235:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char app[2000];
data/asterisk-16.15.0~dfsg/res/ael/pval.c:4236:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char appargs[2000];
data/asterisk-16.15.0~dfsg/res/ael/pval.c:4261:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(app,"Goto");
data/asterisk-16.15.0~dfsg/res/ael/pval.c:4271:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(app,"GotoIf");
data/asterisk-16.15.0~dfsg/res/ael/pval.c:4276:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(app,"GotoIf");
data/asterisk-16.15.0~dfsg/res/ael/pval.c:4284:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(app,"Random");
data/asterisk-16.15.0~dfsg/res/ael/pval.c:4289:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(app,"GotoIfTime");
data/asterisk-16.15.0~dfsg/res/ael/pval.c:4294:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(app,"Return");
data/asterisk-16.15.0~dfsg/res/ael/pval.c:4370:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char buf1[500];
data/asterisk-16.15.0~dfsg/res/ael/pval.c:4417:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[2000];
data/asterisk-16.15.0~dfsg/res/ael/pval.c:4430:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char buf2[2000];
data/asterisk-16.15.0~dfsg/res/ael/pval.c:4624:14:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
				int fd = mkstemp(h_context_template);
data/asterisk-16.15.0~dfsg/res/ari/internal.h:73:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char auth_realm[ARI_AUTH_REALM_LEN];
data/asterisk-16.15.0~dfsg/res/ari/internal.h:100:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char password[ARI_PASSWORD_LEN];
data/asterisk-16.15.0~dfsg/res/ari/resource_asterisk.c:340:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char eid_str[128];
data/asterisk-16.15.0~dfsg/res/ari/resource_asterisk.c:639:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid[20];
data/asterisk-16.15.0~dfsg/res/ari/resource_bridges.c:284:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char bridge_id[0];
data/asterisk-16.15.0~dfsg/res/ari/resource_channels.c:999:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/res/ari/resource_channels.c:1001:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/res/ari/resource_channels.c:1005:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char appdata[0];
data/asterisk-16.15.0~dfsg/res/ari/resource_endpoints.c:282:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msg_to[128];
data/asterisk-16.15.0~dfsg/res/ari/resource_recordings.c:108:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static const char *format_type_names[AST_MEDIA_TYPE_TEXT + 1] = {
data/asterisk-16.15.0~dfsg/res/ari/resource_recordings.c:132:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	response->fd = open(stasis_app_stored_recording_get_filename(recording), O_RDONLY);
data/asterisk-16.15.0~dfsg/res/parking/parking_applications.c:293:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char *opts[OPT_ARG_ARRAY_SIZE] = { NULL, };
data/asterisk-16.15.0~dfsg/res/parking/parking_applications.c:806:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[13];
data/asterisk-16.15.0~dfsg/res/parking/parking_bridge.c:308:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char saynum_buf[16];
data/asterisk-16.15.0~dfsg/res/parking/parking_bridge_features.c:73:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char parker_uuid[0];
data/asterisk-16.15.0~dfsg/res/parking/parking_bridge_features.c:109:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char saynum_buf[16];
data/asterisk-16.15.0~dfsg/res/parking/parking_bridge_features.c:246:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char destination[AST_MAX_EXTENSION + AST_MAX_CONTEXT + 1];
data/asterisk-16.15.0~dfsg/res/parking/parking_bridge_features.c:544:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char features[5];
data/asterisk-16.15.0~dfsg/res/parking/parking_bridge_features.c:582:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char parking_space[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/res/parking/parking_bridge_features.c:584:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char returnexten[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/res/parking/parking_manager.c:376:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char id_text[256];
data/asterisk-16.15.0~dfsg/res/parking/parking_manager.c:424:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char id_text[256];
data/asterisk-16.15.0~dfsg/res/parking/parking_manager.c:526:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZ];
data/asterisk-16.15.0~dfsg/res/parking/parking_tests.c:476:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char search_buffer[4];
data/asterisk-16.15.0~dfsg/res/parking/parking_tests.c:498:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(search_buffer, "%d", extens);
data/asterisk-16.15.0~dfsg/res/parking/res_parking.h:110:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char comeback[AST_MAX_CONTEXT];           /*!< Where to go on parking timeout */
data/asterisk-16.15.0~dfsg/res/res_adsi.c:65:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char intro[ADSI_MAX_INTRO][20];
data/asterisk-16.15.0~dfsg/res/res_adsi.c:69:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char speeddial[ADSI_MAX_SPEED_DIAL][3][SPEEDDIAL_MAX_LEN];
data/asterisk-16.15.0~dfsg/res/res_adsi.c:232:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[24000 * 5];
data/asterisk-16.15.0~dfsg/res/res_adsi.c:234:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ack[3];
data/asterisk-16.15.0~dfsg/res/res_adsi.c:332:45:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			ast_debug(1, "Acked up to message %d\n", atoi(ack + 1)); start += atoi(ack + 1);
data/asterisk-16.15.0~dfsg/res/res_adsi.c:332:70:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			ast_debug(1, "Acked up to message %d\n", atoi(ack + 1)); start += atoi(ack + 1);
data/asterisk-16.15.0~dfsg/res/res_adsi.c:355:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[256];
data/asterisk-16.15.0~dfsg/res/res_adsi.c:356:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ack[2];
data/asterisk-16.15.0~dfsg/res/res_adsi.c:377:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[256];
data/asterisk-16.15.0~dfsg/res/res_adsi.c:390:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char *msgs[5] = { NULL, NULL, NULL, NULL, NULL };
data/asterisk-16.15.0~dfsg/res/res_adsi.c:651:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[256] = "";
data/asterisk-16.15.0~dfsg/res/res_adsi.c:682:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[256] = "";
data/asterisk-16.15.0~dfsg/res/res_adsi.c:703:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		*width = atoi((char *) buf);
data/asterisk-16.15.0~dfsg/res/res_adsi.c:718:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			*height = atoi((char *) buf);
data/asterisk-16.15.0~dfsg/res/res_adsi.c:734:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			*buttons = atoi((char *) buf);
data/asterisk-16.15.0~dfsg/res/res_adsi.c:973:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char dsp[256] = "", keyd[6] = "";
data/asterisk-16.15.0~dfsg/res/res_adsi.c:995:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[4096];
data/asterisk-16.15.0~dfsg/res/res_adsi.c:1015:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char dsp[256] = "";
data/asterisk-16.15.0~dfsg/res/res_adsi.c:1017:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char resp[2];
data/asterisk-16.15.0~dfsg/res/res_adsi.c:1054:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char dsp[256] = "";
data/asterisk-16.15.0~dfsg/res/res_adsi.c:1124:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			if (atoi(v->value) > 0) {
data/asterisk-16.15.0~dfsg/res/res_adsi.c:1125:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				maxretries = atoi(v->value);
data/asterisk-16.15.0~dfsg/res/res_adsi.c:1135:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[3 * SPEEDDIAL_MAX_LEN];
data/asterisk-16.15.0~dfsg/res/res_agi.c:1715:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[256];
data/asterisk-16.15.0~dfsg/res/res_agi.c:1814:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char agi_buffer[AGI_BUF_SIZE + 1];
data/asterisk-16.15.0~dfsg/res/res_agi.c:1815:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ami_buffer[AMI_BUF_SIZE];
data/asterisk-16.15.0~dfsg/res/res_agi.c:2152:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char service[256];
data/asterisk-16.15.0~dfsg/res/res_agi.c:2153:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char resolved_uri[1024];
data/asterisk-16.15.0~dfsg/res/res_agi.c:2202:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/asterisk-16.15.0~dfsg/res/res_agi.c:2421:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	res = ast_recvchar(chan,atoi(argv[2]));
data/asterisk-16.15.0~dfsg/res/res_agi.c:2441:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	buf = ast_recvtext(chan, atoi(argv[2]));
data/asterisk-16.15.0~dfsg/res/res_agi.c:2499:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char stopkeybuf[2];
data/asterisk-16.15.0~dfsg/res/res_agi.c:2501:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char offsetbuf[20];
data/asterisk-16.15.0~dfsg/res/res_agi.c:2631:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		timeout = atoi(argv[4]);
data/asterisk-16.15.0~dfsg/res/res_agi.c:2837:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data[1024];
data/asterisk-16.15.0~dfsg/res/res_agi.c:2842:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		timeout = atoi(argv[3]);
data/asterisk-16.15.0~dfsg/res/res_agi.c:2846:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		max = atoi(argv[4]);
data/asterisk-16.15.0~dfsg/res/res_agi.c:2936:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					silence = atoi(silencestr);
data/asterisk-16.15.0~dfsg/res/res_agi.c:3160:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256]="";
data/asterisk-16.15.0~dfsg/res/res_agi.c:3219:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tempstr[1024] = "";
data/asterisk-16.15.0~dfsg/res/res_agi.c:3578:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	timeout = atoi(argv[3]);
data/asterisk-16.15.0~dfsg/res/res_agi.c:3582:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		offset = atoi(argv[4]);
data/asterisk-16.15.0~dfsg/res/res_agi.c:3759:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fullcmd[MAX_CMD_LEN], matchstr[MAX_CMD_LEN];
data/asterisk-16.15.0~dfsg/res/res_agi.c:3785:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fullcmd[MAX_CMD_LEN];
data/asterisk-16.15.0~dfsg/res/res_agi.c:3831:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fullcmd[MAX_CMD_LEN];
data/asterisk-16.15.0~dfsg/res/res_agi.c:4023:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *argv[MAX_ARGS] = {0};
data/asterisk-16.15.0~dfsg/res/res_agi.c:4120:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[AGI_BUF_LEN];
data/asterisk-16.15.0~dfsg/res/res_agi.c:4287:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fullcmd[MAX_CMD_LEN];
data/asterisk-16.15.0~dfsg/res/res_agi.c:4307:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char info[30 + MAX_CMD_LEN];					/* '-= Info about...' */
data/asterisk-16.15.0~dfsg/res/res_agi.c:4308:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char infotitle[30 + MAX_CMD_LEN + AST_TERM_MAX_ESCAPE_CHARS];	/* '-= Info about...' with colors */
data/asterisk-16.15.0~dfsg/res/res_agi.c:4309:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char syntitle[11 + AST_TERM_MAX_ESCAPE_CHARS];			/* [Syntax]\n with colors */
data/asterisk-16.15.0~dfsg/res/res_agi.c:4310:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char desctitle[15 + AST_TERM_MAX_ESCAPE_CHARS];			/* [Description]\n with colors */
data/asterisk-16.15.0~dfsg/res/res_agi.c:4311:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char deadtitle[13 + AST_TERM_MAX_ESCAPE_CHARS];			/* [Runs Dead]\n with colors */
data/asterisk-16.15.0~dfsg/res/res_agi.c:4312:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char deadcontent[3 + AST_TERM_MAX_ESCAPE_CHARS];		/* 'Yes' or 'No' with colors */
data/asterisk-16.15.0~dfsg/res/res_agi.c:4313:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char seealsotitle[12 + AST_TERM_MAX_ESCAPE_CHARS];		/* [See Also]\n with colors */
data/asterisk-16.15.0~dfsg/res/res_agi.c:4314:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char stxtitle[10 + AST_TERM_MAX_ESCAPE_CHARS];			/* [Syntax]\n with colors */
data/asterisk-16.15.0~dfsg/res/res_agi.c:4421:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fullcmd[MAX_CMD_LEN];
data/asterisk-16.15.0~dfsg/res/res_agi.c:4424:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(htmlfile = fopen(filename, "wt")))
data/asterisk-16.15.0~dfsg/res/res_ari.c:193:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(new_handler, root_handler, old_size);
data/asterisk-16.15.0~dfsg/res/res_ari.c:221:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(new_handler, root_handler, sizeof(*new_handler));
data/asterisk-16.15.0~dfsg/res/res_ari_applications.c:221:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char *vals[MAX_VALS];
data/asterisk-16.15.0~dfsg/res/res_ari_applications.c:371:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char *vals[MAX_VALS];
data/asterisk-16.15.0~dfsg/res/res_ari_asterisk.c:317:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char *vals[MAX_VALS];
data/asterisk-16.15.0~dfsg/res/res_ari_bridges.c:468:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char *vals[MAX_VALS];
data/asterisk-16.15.0~dfsg/res/res_ari_bridges.c:628:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char *vals[MAX_VALS];
data/asterisk-16.15.0~dfsg/res/res_ari_bridges.c:1057:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char *vals[MAX_VALS];
data/asterisk-16.15.0~dfsg/res/res_ari_bridges.c:1102:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			args.offsetms = atoi(i->value);
data/asterisk-16.15.0~dfsg/res/res_ari_bridges.c:1105:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			args.skipms = atoi(i->value);
data/asterisk-16.15.0~dfsg/res/res_ari_bridges.c:1230:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char *vals[MAX_VALS];
data/asterisk-16.15.0~dfsg/res/res_ari_bridges.c:1275:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			args.offsetms = atoi(i->value);
data/asterisk-16.15.0~dfsg/res/res_ari_bridges.c:1278:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			args.skipms = atoi(i->value);
data/asterisk-16.15.0~dfsg/res/res_ari_bridges.c:1395:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			args.max_duration_seconds = atoi(i->value);
data/asterisk-16.15.0~dfsg/res/res_ari_bridges.c:1398:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			args.max_silence_seconds = atoi(i->value);
data/asterisk-16.15.0~dfsg/res/res_ari_channels.c:198:20:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			args.priority = atol(i->value);
data/asterisk-16.15.0~dfsg/res/res_ari_channels.c:213:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			args.timeout = atoi(i->value);
data/asterisk-16.15.0~dfsg/res/res_ari_channels.c:523:20:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			args.priority = atol(i->value);
data/asterisk-16.15.0~dfsg/res/res_ari_channels.c:538:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			args.timeout = atoi(i->value);
data/asterisk-16.15.0~dfsg/res/res_ari_channels.c:726:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			args.priority = atoi(i->value);
data/asterisk-16.15.0~dfsg/res/res_ari_channels.c:1185:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			args.before = atoi(i->value);
data/asterisk-16.15.0~dfsg/res/res_ari_channels.c:1188:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			args.between = atoi(i->value);
data/asterisk-16.15.0~dfsg/res/res_ari_channels.c:1191:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			args.duration = atoi(i->value);
data/asterisk-16.15.0~dfsg/res/res_ari_channels.c:1194:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			args.after = atoi(i->value);
data/asterisk-16.15.0~dfsg/res/res_ari_channels.c:1869:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char *vals[MAX_VALS];
data/asterisk-16.15.0~dfsg/res/res_ari_channels.c:1914:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			args.offsetms = atoi(i->value);
data/asterisk-16.15.0~dfsg/res/res_ari_channels.c:1917:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			args.skipms = atoi(i->value);
data/asterisk-16.15.0~dfsg/res/res_ari_channels.c:2043:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char *vals[MAX_VALS];
data/asterisk-16.15.0~dfsg/res/res_ari_channels.c:2088:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			args.offsetms = atoi(i->value);
data/asterisk-16.15.0~dfsg/res/res_ari_channels.c:2091:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			args.skipms = atoi(i->value);
data/asterisk-16.15.0~dfsg/res/res_ari_channels.c:2209:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			args.max_duration_seconds = atoi(i->value);
data/asterisk-16.15.0~dfsg/res/res_ari_channels.c:2212:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			args.max_silence_seconds = atoi(i->value);
data/asterisk-16.15.0~dfsg/res/res_ari_channels.c:2701:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			args.timeout = atoi(i->value);
data/asterisk-16.15.0~dfsg/res/res_ari_events.c:72:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char *vals[MAX_VALS];
data/asterisk-16.15.0~dfsg/res/res_ari_events.c:175:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char *vals[MAX_VALS];
data/asterisk-16.15.0~dfsg/res/res_ari_events.c:308:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char *vals[MAX_VALS];
data/asterisk-16.15.0~dfsg/res/res_ari_mailboxes.c:200:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			args.old_messages = atoi(i->value);
data/asterisk-16.15.0~dfsg/res/res_ari_mailboxes.c:203:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			args.new_messages = atoi(i->value);
data/asterisk-16.15.0~dfsg/res/res_calendar.c:445:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			cal->autoreminder = atoi(v->value);
data/asterisk-16.15.0~dfsg/res/res_calendar.c:453:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			int i = atoi(v->value);
data/asterisk-16.15.0~dfsg/res/res_calendar.c:462:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			cal->refresh = atoi(v->value);
data/asterisk-16.15.0~dfsg/res/res_calendar.c:466:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			cal->timeframe = atoi(v->value);
data/asterisk-16.15.0~dfsg/res/res_calendar.c:751:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[33];
data/asterisk-16.15.0~dfsg/res/res_calendar.c:1251:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		start = atoi(args.start);
data/asterisk-16.15.0~dfsg/res/res_calendar.c:1255:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		end = atoi(args.end);
data/asterisk-16.15.0~dfsg/res/res_calendar.c:1361:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		row = atoi(args.row);
data/asterisk-16.15.0~dfsg/res/res_calendar.c:1477:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			event->priority = atoi(values.value[j]);
data/asterisk-16.15.0~dfsg/res/res_calendar.c:1481:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			event->start = atoi(values.value[j]);
data/asterisk-16.15.0~dfsg/res/res_calendar.c:1483:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			event->end = atoi(values.value[j]);
data/asterisk-16.15.0~dfsg/res/res_calendar.c:1485:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			event->busy_state = atoi(values.value[j]);
data/asterisk-16.15.0~dfsg/res/res_calendar.c:1667:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[100];
data/asterisk-16.15.0~dfsg/res/res_calendar_caldav.c:106:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(tmp, block, len);
data/asterisk-16.15.0~dfsg/res/res_calendar_caldav.c:143:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1000];
data/asterisk-16.15.0~dfsg/res/res_calendar_caldav.c:407:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char tmp[100];
data/asterisk-16.15.0~dfsg/res/res_calendar_ews.c:330:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data[len + 1];
data/asterisk-16.15.0~dfsg/res/res_calendar_ews.c:566:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char start[21], end[21];
data/asterisk-16.15.0~dfsg/res/res_calendar_ews.c:652:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char start[21], end[21];
data/asterisk-16.15.0~dfsg/res/res_calendar_exchange.c:75:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tag[80];
data/asterisk-16.15.0~dfsg/res/res_calendar_exchange.c:186:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(str, value, len);
data/asterisk-16.15.0~dfsg/res/res_calendar_exchange.c:212:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		event->alarm = event->start - atoi(str);
data/asterisk-16.15.0~dfsg/res/res_calendar_exchange.c:246:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[AST_UUID_STR_LEN];
data/asterisk-16.15.0~dfsg/res/res_calendar_exchange.c:268:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[7];
data/asterisk-16.15.0~dfsg/res/res_calendar_exchange.c:273:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(buf, "&quot;");
data/asterisk-16.15.0~dfsg/res/res_calendar_exchange.c:277:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(buf, "&apos;");
data/asterisk-16.15.0~dfsg/res/res_calendar_exchange.c:281:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(buf, "&amp;");
data/asterisk-16.15.0~dfsg/res/res_calendar_exchange.c:285:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(buf, "&lt;");
data/asterisk-16.15.0~dfsg/res/res_calendar_exchange.c:289:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(buf, "&gt;");
data/asterisk-16.15.0~dfsg/res/res_calendar_exchange.c:293:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(buf, "%c", *tmp);
data/asterisk-16.15.0~dfsg/res/res_calendar_exchange.c:306:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[30];
data/asterisk-16.15.0~dfsg/res/res_calendar_exchange.c:349:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(tmp, block, len);
data/asterisk-16.15.0~dfsg/res/res_calendar_exchange.c:377:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1000];
data/asterisk-16.15.0~dfsg/res/res_calendar_exchange.c:535:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char start[80], end[80];
data/asterisk-16.15.0~dfsg/res/res_calendar_icalendar.c:105:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(tmp, block, len);
data/asterisk-16.15.0~dfsg/res/res_calendar_icalendar.c:248:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char tmp[100];
data/asterisk-16.15.0~dfsg/res/res_config_curl.c:64:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf1[256], buf2[256];
data/asterisk-16.15.0~dfsg/res/res_config_curl.c:135:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf1[256], buf2[256];
data/asterisk-16.15.0~dfsg/res/res_config_curl.c:235:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf1[256], buf2[256];
data/asterisk-16.15.0~dfsg/res/res_config_curl.c:284:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf1[200], buf2[200];
data/asterisk-16.15.0~dfsg/res/res_config_curl.c:357:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf1[256], buf2[256];
data/asterisk-16.15.0~dfsg/res/res_config_curl.c:418:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf1[200], buf2[200];
data/asterisk-16.15.0~dfsg/res/res_config_curl.c:467:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *elm, field[256];
data/asterisk-16.15.0~dfsg/res/res_config_curl.c:512:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	return atoi(ast_str_buffer(buffer));
data/asterisk-16.15.0~dfsg/res/res_config_curl.c:518:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf1[200];
data/asterisk-16.15.0~dfsg/res/res_config_curl.c:568:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				cat_metric = pair ? atoi(pair) : 0;
data/asterisk-16.15.0~dfsg/res/res_config_curl.c:625:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char name[256];
data/asterisk-16.15.0~dfsg/res/res_config_ldap.c:74:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char url[512];
data/asterisk-16.15.0~dfsg/res/res_config_ldap.c:75:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char user[512];
data/asterisk-16.15.0~dfsg/res/res_config_ldap.c:76:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char pass[512];
data/asterisk-16.15.0~dfsg/res/res_config_ldap.c:77:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char base_distinguished_name[512];
data/asterisk-16.15.0~dfsg/res/res_config_ldap.c:723:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(p, by, by_len);
data/asterisk-16.15.0~dfsg/res/res_config_ldap.c:726:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(p, by, by_len);
data/asterisk-16.15.0~dfsg/res/res_config_ldap.c:1186:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			categories[vars_count].metric = atoi(cat_metric->value);
data/asterisk-16.15.0~dfsg/res/res_config_ldap.c:1189:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			categories[vars_count].var_metric = atoi(var_metric->value);
data/asterisk-16.15.0~dfsg/res/res_config_odbc.c:106:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char encodebuf[1024];
data/asterisk-16.15.0~dfsg/res/res_config_odbc.c:174:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char coltitle[256];
data/asterisk-16.15.0~dfsg/res/res_config_odbc.c:346:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char coltitle[256];
data/asterisk-16.15.0~dfsg/res/res_config_odbc.c:882:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char category[128];
data/asterisk-16.15.0~dfsg/res/res_config_odbc.c:883:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char var_name[128];
data/asterisk-16.15.0~dfsg/res/res_config_odbc.c:951:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char last[128] = "";
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:72:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:77:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char dbhost[MAX_DB_OPTION_SIZE] = "";
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:78:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char dbuser[MAX_DB_OPTION_SIZE] = "";
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:79:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char dbpass[MAX_DB_OPTION_SIZE] = "";
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:80:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char dbname[MAX_DB_OPTION_SIZE] = "";
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:81:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char dbappname[MAX_DB_OPTION_SIZE] = "";
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:82:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char dbsock[MAX_DB_OPTION_SIZE] = "";
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:828:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	numrows = atoi(PQcmdTuples(result));
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:953:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	numrows = atoi(PQcmdTuples(result));
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:1036:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	numrows = atoi(PQcmdTuples(result));
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:1116:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	numrows = atoi(PQcmdTuples(result));
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:1143:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char last[80];
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:1191:59:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			if (strcmp(last, field_category) || last_cat_metric != atoi(field_cat_metric)) {
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:1197:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				last_cat_metric = atoi(field_cat_metric);
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:1245:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					int typesize = atoi(column->type + 3);
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:1292:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char fieldtype[10];
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:1466:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(dbuser, "asterisk");
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:1474:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(dbpass, "asterisk");
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:1490:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(dbname, "asterisk");
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:1500:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		dbport = atoi(s);
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:1514:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(dbsock, "/tmp");
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:1559:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char my_database[50];
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:1673:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char connection_info[256];
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:1674:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char credentials[100] = "";
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:1675:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[376]; /* 256+100+"Connected to "+" for "+NULL */
data/asterisk-16.15.0~dfsg/res/res_config_sqlite3.c:204:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(tmp - 1, "\" =");
data/asterisk-16.15.0~dfsg/res/res_corosync.c:308:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid[18];
data/asterisk-16.15.0~dfsg/res/res_corosync.c:424:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char eid[18];
data/asterisk-16.15.0~dfsg/res/res_corosync.c:451:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char eid[18];
data/asterisk-16.15.0~dfsg/res/res_corosync.c:528:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(event, msg, msg_len);
data/asterisk-16.15.0~dfsg/res/res_corosync.c:532:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[128] = "";
data/asterisk-16.15.0~dfsg/res/res_corosync.c:590:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[128] = "";
data/asterisk-16.15.0~dfsg/res/res_corosync.c:746:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[128];
data/asterisk-16.15.0~dfsg/res/res_corosync.c:1034:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char buf[128];
data/asterisk-16.15.0~dfsg/res/res_crypto.c:76:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[80];
data/asterisk-16.15.0~dfsg/res/res_crypto.c:78:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256];
data/asterisk-16.15.0~dfsg/res/res_crypto.c:90:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char digest[16];
data/asterisk-16.15.0~dfsg/res/res_crypto.c:107:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char prompt[256];
data/asterisk-16.15.0~dfsg/res/res_crypto.c:171:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char digest[16];
data/asterisk-16.15.0~dfsg/res/res_crypto.c:190:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(f = fopen(ffname, "r"))) {
data/asterisk-16.15.0~dfsg/res/res_crypto.c:198:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[256] = "";
data/asterisk-16.15.0~dfsg/res/res_crypto.c:247:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(key->digest, digest, 16);
data/asterisk-16.15.0~dfsg/res/res_crypto.c:306:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char digest[20];
data/asterisk-16.15.0~dfsg/res/res_crypto.c:401:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char dsig[128];
data/asterisk-16.15.0~dfsg/res/res_crypto.c:418:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char digest[20];
data/asterisk-16.15.0~dfsg/res/res_crypto.c:447:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char dsig[128];
data/asterisk-16.15.0~dfsg/res/res_crypto.c:540:10:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sum += sprintf(sum, "%02hhx", *(md5++));
data/asterisk-16.15.0~dfsg/res/res_crypto.c:556:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sum[16 * 2 + 1];
data/asterisk-16.15.0~dfsg/res/res_crypto.c:601:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *kn, tmp[256] = "";
data/asterisk-16.15.0~dfsg/res/res_fax.c:814:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *m[5], *tok, *v = (char *) value, *rest;
data/asterisk-16.15.0~dfsg/res/res_fax.c:910:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(tbuf, "V17");
data/asterisk-16.15.0~dfsg/res/res_fax.c:917:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(tbuf, "V27");
data/asterisk-16.15.0~dfsg/res/res_fax.c:924:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(tbuf, "V29");
data/asterisk-16.15.0~dfsg/res/res_fax.c:931:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(tbuf, "V34");
data/asterisk-16.15.0~dfsg/res/res_fax.c:1177:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char caps[128] = "";
data/asterisk-16.15.0~dfsg/res/res_fax.c:1301:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char caps[128] = "";
data/asterisk-16.15.0~dfsg/res/res_fax.c:1449:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[10];
data/asterisk-16.15.0~dfsg/res/res_fax.c:2084:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *parse, modems[128] = "";
data/asterisk-16.15.0~dfsg/res/res_fax.c:2592:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *parse, *filenames, *c, modems[128] = "";
data/asterisk-16.15.0~dfsg/res/res_fax.c:3950:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tbuf[5];
data/asterisk-16.15.0~dfsg/res/res_fax.c:4071:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char modems[128] = "";
data/asterisk-16.15.0~dfsg/res/res_fax.c:4147:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char id_text[256] = "";
data/asterisk-16.15.0~dfsg/res/res_fax.c:4217:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char id_text[256] = "";
data/asterisk-16.15.0~dfsg/res/res_fax.c:4352:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char id_text[256];
data/asterisk-16.15.0~dfsg/res/res_fax.c:4427:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char modems[128] = "";
data/asterisk-16.15.0~dfsg/res/res_fax_spandsp.c:382:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char headerinfo[T30_MAX_PAGE_HEADER_INFO + 1];
data/asterisk-16.15.0~dfsg/res/res_format_attr_h264.c:72:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char SPS[H264_MAX_SPS_PPS_SIZE];
data/asterisk-16.15.0~dfsg/res/res_format_attr_h264.c:73:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char PPS[H264_MAX_SPS_PPS_SIZE];
data/asterisk-16.15.0~dfsg/res/res_hep.c:217:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char id[4];
data/asterisk-16.15.0~dfsg/res/res_hep.c:442:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(info->payload, payload, len);
data/asterisk-16.15.0~dfsg/res/res_hep.c:477:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(hg_pkt.header.id, "\x48\x45\x50\x33", 4);
data/asterisk-16.15.0~dfsg/res/res_hep.c:529:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(sock_buffer, &hg_pkt, sizeof(hg_pkt));
data/asterisk-16.15.0~dfsg/res/res_hep.c:534:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(sock_buffer + sock_buffer_len, &ipv4_src, sizeof(ipv4_src));
data/asterisk-16.15.0~dfsg/res/res_hep.c:536:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(sock_buffer + sock_buffer_len, &ipv4_dst, sizeof(ipv4_dst));
data/asterisk-16.15.0~dfsg/res/res_hep.c:539:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(sock_buffer + sock_buffer_len, &ipv6_src, sizeof(ipv6_src));
data/asterisk-16.15.0~dfsg/res/res_hep.c:541:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(sock_buffer + sock_buffer_len, &ipv6_dst, sizeof(ipv6_dst));
data/asterisk-16.15.0~dfsg/res/res_hep.c:547:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(sock_buffer + sock_buffer_len, &auth_key, sizeof(auth_key));
data/asterisk-16.15.0~dfsg/res/res_hep.c:549:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(sock_buffer + sock_buffer_len, config->general->capture_password, strlen(config->general->capture_password));
data/asterisk-16.15.0~dfsg/res/res_hep.c:554:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(sock_buffer + sock_buffer_len, &uuid, sizeof(uuid));
data/asterisk-16.15.0~dfsg/res/res_hep.c:556:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(sock_buffer + sock_buffer_len, capture_info->uuid, strlen(capture_info->uuid));
data/asterisk-16.15.0~dfsg/res/res_hep.c:560:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(sock_buffer + sock_buffer_len, &payload, sizeof(payload));
data/asterisk-16.15.0~dfsg/res/res_hep.c:562:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(sock_buffer + sock_buffer_len, capture_info->payload, capture_info->len);
data/asterisk-16.15.0~dfsg/res/res_hep_pjsip.c:85:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char local_buf[256];
data/asterisk-16.15.0~dfsg/res/res_hep_pjsip.c:86:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char remote_buf[256];
data/asterisk-16.15.0~dfsg/res/res_hep_pjsip.c:158:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char local_buf[256];
data/asterisk-16.15.0~dfsg/res/res_hep_pjsip.c:159:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char remote_buf[256];
data/asterisk-16.15.0~dfsg/res/res_hep_rtcp.c:58:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[128];
data/asterisk-16.15.0~dfsg/res/res_http_media_cache.c:75:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(header, buffer, realsize);
data/asterisk-16.15.0~dfsg/res/res_http_media_cache.c:119:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char time_buf[32];
data/asterisk-16.15.0~dfsg/res/res_http_media_cache.c:229:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char curl_errbuf[CURL_ERROR_SIZE + 1];
data/asterisk-16.15.0~dfsg/res/res_http_media_cache.c:258:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	cb_data.out_file = fopen(bucket_file->path, "wb");
data/asterisk-16.15.0~dfsg/res/res_http_media_cache.c:299:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char etag_buf[256];
data/asterisk-16.15.0~dfsg/res/res_http_post.c:69:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char prefix[MAX_PREFIX];
data/asterisk-16.15.0~dfsg/res/res_http_post.c:73:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename[PATH_MAX];
data/asterisk-16.15.0~dfsg/res/res_http_post.c:82:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fd = open(filename, O_CREAT | O_WRONLY | O_TRUNC, 0666)) == -1) {
data/asterisk-16.15.0~dfsg/res/res_http_post.c:228:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[4096];
data/asterisk-16.15.0~dfsg/res/res_http_post.c:356:12:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	if (!(f = tmpfile())) {
data/asterisk-16.15.0~dfsg/res/res_http_websocket.c:101:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char session_id[AST_UUID_STR_LEN];  /*!< The identifier for the websocket session */
data/asterisk-16.15.0~dfsg/res/res_http_websocket.c:103:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[MAXIMUM_FRAME_SIZE];	    /*!< Fixed buffer for reading data into */
data/asterisk-16.15.0~dfsg/res/res_http_websocket.c:313:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char frame[8] = { 0, };
data/asterisk-16.15.0~dfsg/res/res_http_websocket.c:416:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&frame[header_size], payload, payload_size);
data/asterisk-16.15.0~dfsg/res/res_http_websocket.c:710:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy((session->payload + session->payload_len), (*payload), (*payload_len));
data/asterisk-16.15.0~dfsg/res/res_http_websocket.c:874:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char base64[64];
data/asterisk-16.15.0~dfsg/res/res_http_websocket.c:1172:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char key[CLIENT_KEY_SIZE + sizeof(long) - 1];
data/asterisk-16.15.0~dfsg/res/res_http_websocket.c:1183:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(key + i, &num, sizeof(long));
data/asterisk-16.15.0~dfsg/res/res_http_websocket.c:1304:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[4096];
data/asterisk-16.15.0~dfsg/res/res_http_websocket.c:1305:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char base64[64];
data/asterisk-16.15.0~dfsg/res/res_http_websocket.c:1370:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char protocols[100] = "";
data/asterisk-16.15.0~dfsg/res/res_limit.c:44:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char limit[3];
data/asterisk-16.15.0~dfsg/res/res_limit.c:45:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char desc[40];
data/asterisk-16.15.0~dfsg/res/res_limit.c:46:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char clicmd[15];
data/asterisk-16.15.0~dfsg/res/res_limit.c:155:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char arg2[15];
data/asterisk-16.15.0~dfsg/res/res_limit.c:156:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		const char * const newargv[2] = { "ulimit", arg2 };
data/asterisk-16.15.0~dfsg/res/res_limit.c:187:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char printlimit[32];
data/asterisk-16.15.0~dfsg/res/res_monitor.c:603:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char tmpstring[sizeof(ast_channel_monitor(chan)->filename_base)] = "";
data/asterisk-16.15.0~dfsg/res/res_monitor.c:629:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ((fd[0] = open(tmpstring, O_CREAT | O_WRONLY, 0644)) < 0 ||
data/asterisk-16.15.0~dfsg/res/res_monitor.c:630:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			(fd[1] = open(ast_channel_monitor(chan)->filename_base, O_CREAT | O_EXCL | O_WRONLY, 0644)) < 0) {
data/asterisk-16.15.0~dfsg/res/res_monitor.c:699:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/asterisk-16.15.0~dfsg/res/res_monitor.c:705:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *opts[OPT_ARG_ARRAY_SIZE] = { NULL, };
data/asterisk-16.15.0~dfsg/res/res_monitor.c:706:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char beep_id[64] = "";
data/asterisk-16.15.0~dfsg/res/res_musiconhold.c:140:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[MAX_MUSICCLASS];
data/asterisk-16.15.0~dfsg/res/res_musiconhold.c:141:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char save_pos_filename[PATH_MAX];
data/asterisk-16.15.0~dfsg/res/res_musiconhold.c:168:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[MAX_MUSICCLASS];
data/asterisk-16.15.0~dfsg/res/res_musiconhold.c:169:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dir[256];
data/asterisk-16.15.0~dfsg/res/res_musiconhold.c:170:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char args[256];
data/asterisk-16.15.0~dfsg/res/res_musiconhold.c:171:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char announcement[256];
data/asterisk-16.15.0~dfsg/res/res_musiconhold.c:172:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mode[80];
data/asterisk-16.15.0~dfsg/res/res_musiconhold.c:588:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fns[MAX_MP3S][80];
data/asterisk-16.15.0~dfsg/res/res_musiconhold.c:589:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *argv[MAX_MP3S + 50];
data/asterisk-16.15.0~dfsg/res/res_musiconhold.c:590:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char xargs[256];
data/asterisk-16.15.0~dfsg/res/res_musiconhold.c:1280:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dir_path[PATH_MAX - sizeof(class->dir)];
data/asterisk-16.15.0~dfsg/res/res_musiconhold.c:1704:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
					strcpy(mohclass->dir, "nodir");
data/asterisk-16.15.0~dfsg/res/res_musiconhold.c:1914:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buff[8192];
data/asterisk-16.15.0~dfsg/res/res_musiconhold.c:2029:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(class->dir, "nodir");
data/asterisk-16.15.0~dfsg/res/res_mutestream.c:176:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char id_text[256];
data/asterisk-16.15.0~dfsg/res/res_mwi_external_ami.c:149:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char id_text[256];
data/asterisk-16.15.0~dfsg/res/res_odbc.c:67:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[80];
data/asterisk-16.15.0~dfsg/res/res_odbc.c:68:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dsn[80];
data/asterisk-16.15.0~dfsg/res/res_odbc.c:129:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];                   /*!< Name of this transaction ID */
data/asterisk-16.15.0~dfsg/res/res_odbc.c:245:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char columnname[80];
data/asterisk-16.15.0~dfsg/res/res_odbc.c:530:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char state[10];
data/asterisk-16.15.0~dfsg/res/res_odbc.c:531:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char diagnostic[256];
data/asterisk-16.15.0~dfsg/res/res_odbc.c:758:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char timestr[80];
data/asterisk-16.15.0~dfsg/res/res_odbc.c:1000:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char msg[200], state[10];
data/asterisk-16.15.0~dfsg/res/res_odbc.c:1027:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char msg[200], state[10];
data/asterisk-16.15.0~dfsg/res/res_odbc_transaction.c:106:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];                   /*!< Name of this transaction ID */
data/asterisk-16.15.0~dfsg/res/res_parking.c:816:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char space[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/res/res_parking.c:846:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char hint_device[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/res/res_phoneprov.c:362:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(address, &__ourip, sizeof(__ourip));
data/asterisk-16.15.0~dfsg/res/res_phoneprov.c:366:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(address, &sin->sin_addr, sizeof(*address));
data/asterisk-16.15.0~dfsg/res/res_phoneprov.c:404:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(f = fopen(filename, "r"))) {
data/asterisk-16.15.0~dfsg/res/res_phoneprov.c:443:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[21];
data/asterisk-16.15.0~dfsg/res/res_phoneprov.c:610:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char value_copy[strlen(v->value) + 1];
data/asterisk-16.15.0~dfsg/res/res_phoneprov.c:633:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char value_copy[strlen(v->value) + 1];
data/asterisk-16.15.0~dfsg/res/res_phoneprov.c:873:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char path[PATH_MAX];
data/asterisk-16.15.0~dfsg/res/res_phoneprov.c:893:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fd = open(path, O_RDONLY);
data/asterisk-16.15.0~dfsg/res/res_phoneprov.c:1065:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char path[PATH_MAX];
data/asterisk-16.15.0~dfsg/res/res_pjproject.c:374:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char check[1 / (6 == MAX_PJ_LOG_MAX_LEVEL)];
data/asterisk-16.15.0~dfsg/res/res_pjproject.c:534:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(w, &r, len > sizeof(r) ? sizeof(r) : len);
data/asterisk-16.15.0~dfsg/res/res_pjproject.c:566:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buffer[512];
data/asterisk-16.15.0~dfsg/res/res_pjproject.c:622:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buffer[512];
data/asterisk-16.15.0~dfsg/res/res_pjsip.c:2877:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char host_ip_ipv4_string[PJ_INET6_ADDRSTRLEN];
data/asterisk-16.15.0~dfsg/res/res_pjsip.c:2883:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char host_ip_ipv6_string[PJ_INET6_ADDRSTRLEN];
data/asterisk-16.15.0~dfsg/res/res_pjsip.c:3395:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char default_user[PJSIP_MAX_URL_SIZE];
data/asterisk-16.15.0~dfsg/res/res_pjsip.c:3521:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char transport_name[128];
data/asterisk-16.15.0~dfsg/res/res_pjsip.c:3567:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char enclosed_uri[PJSIP_MAX_URL_SIZE];
data/asterisk-16.15.0~dfsg/res/res_pjsip.c:3748:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char err[PJ_ERR_MSG_SIZE];
data/asterisk-16.15.0~dfsg/res/res_pjsip.c:4341:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char errmsg[PJ_ERR_MSG_SIZE];
data/asterisk-16.15.0~dfsg/res/res_pjsip.c:4765:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dest, pj_strbuf(src), chars_to_copy);
data/asterisk-16.15.0~dfsg/res/res_pjsip.c:5110:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sanitized[8];
data/asterisk-16.15.0~dfsg/res/res_pjsip.c:5135:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sanitized[8];
data/asterisk-16.15.0~dfsg/res/res_pjsip/config_auth.c:312:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char title[32];
data/asterisk-16.15.0~dfsg/res/res_pjsip/config_global.c:66:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char default_useragent[256];
data/asterisk-16.15.0~dfsg/res/res_pjsip/config_global.c:184:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char max_forwards[10];
data/asterisk-16.15.0~dfsg/res/res_pjsip/config_transport.c:407:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&transport->external_address, &transport->state->external_signaling_address, sizeof(transport->external_signaling_address));
data/asterisk-16.15.0~dfsg/res/res_pjsip/config_transport.c:664:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char msg[PJ_ERR_MSG_SIZE];
data/asterisk-16.15.0~dfsg/res/res_pjsip/config_transport.c:1028:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			cipher = atoi(name);
data/asterisk-16.15.0~dfsg/res/res_pjsip/config_transport.c:1178:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char str[MAX_OBJECT_FIELD];
data/asterisk-16.15.0~dfsg/res/res_pjsip/config_transport.c:1321:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hoststr[PJ_INET6_ADDRSTRLEN];
data/asterisk-16.15.0~dfsg/res/res_pjsip/location.c:87:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char prefix[prefix_len + 1];
data/asterisk-16.15.0~dfsg/res/res_pjsip/location.c:224:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char prefix[prefix_len + 1];
data/asterisk-16.15.0~dfsg/res/res_pjsip/location.c:361:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[MAX_OBJECT_FIELD * 2 + 3];
data/asterisk-16.15.0~dfsg/res/res_pjsip/location.c:362:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hash[33];
data/asterisk-16.15.0~dfsg/res/res_pjsip/location.c:604:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char hash[33];
data/asterisk-16.15.0~dfsg/res/res_pjsip/location.c:605:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char contact_id[strlen(aor_id) + sizeof(hash) + 2];
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_cli.c:118:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char formatter_type[64];
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_configuration.c:162:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dtmf_str[20];
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_configuration.c:595:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_name[80] = { '\0' };
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_configuration.c:596:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_num[80] = { '\0' };
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_configuration.c:1231:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char rtt[32];
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_configuration.c:1340:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char device[MAX_OBJECT_FIELD];
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_distributor.c:220:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		const char buf[sizeof(pjsip_dialog *)];
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_distributor.c:616:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char default_realm[MAX_REALM_LENGTH + 1];
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_distributor.c:662:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char from_buf[PJSIP_MAX_URL_SIZE];
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_distributor.c:663:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char callid_buf[PJSIP_MAX_URL_SIZE];
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_distributor.c:664:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char method_buf[PJSIP_MAX_URL_SIZE];
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_distributor.c:665:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char src_addr_buf[AST_SOCKADDR_BUFLEN];
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_distributor.c:763:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char name[AST_UUID_STR_LEN] = "";
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_distributor.c:830:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char host[256];
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_distributor.c:1167:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char default_realm[MAX_REALM_LENGTH + 1];
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_distributor.c:1245:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tps_name[AST_TASKPROCESSOR_MAX_NAME + 1];
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_message_filter.c:168:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hdrbuf[512];
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_message_filter.c:360:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hdrbuf[512];
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_message_filter.c:364:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char header_name[32];
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_message_filter.c:369:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(header_name, "Request"); /* Safe */
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_message_filter.c:373:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(header_name, "From"); /* Safe */
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_message_filter.c:378:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(header_name, "To"); /* Safe */
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_message_filter.c:383:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(header_name, "Contact"); /* Safe */
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_options.c:138:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_options.c:158:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_options.c:188:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_options.c:273:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_options.c:966:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tps_name[AST_TASKPROCESSOR_MAX_NAME + 1];
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_options.c:1286:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char prefix[prefix_len + 1];
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_resolver.c:196:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char addr[PJ_INET6_ADDRSTRLEN + 10];
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_resolver.c:474:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char host[NI_MAXHOST];
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_resolver.c:553:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char srv[NI_MAXHOST];
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_scheduler.c:67:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_scheduler.c:243:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(queued, &schtd->when_queued, sizeof(struct timeval));
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_scheduler.c:246:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(last_start, &schtd->last_start, sizeof(struct timeval));
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_scheduler.c:249:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(last_end, &schtd->last_end, sizeof(struct timeval));
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_scheduler.c:283:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(next_start, &next, sizeof(struct timeval));
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_scheduler.c:445:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(schtd->name, "task_%08x", task_id);
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_scheduler.c:496:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char times_run[16];
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_scheduler.c:497:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char queued[32];
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_scheduler.c:498:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char last_start[32];
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_scheduler.c:499:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char next_start[32];
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_scheduler.c:525:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char err[256];
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_scheduler.c:587:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(times_run, "%d", schtd->run_count);
data/asterisk-16.15.0~dfsg/res/res_pjsip/security_events.c:56:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char host[NI_MAXHOST];
data/asterisk-16.15.0~dfsg/res/res_pjsip/security_events.c:78:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
data/asterisk-16.15.0~dfsg/res/res_pjsip/security_events.c:105:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
data/asterisk-16.15.0~dfsg/res/res_pjsip/security_events.c:134:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
data/asterisk-16.15.0~dfsg/res/res_pjsip/security_events.c:135:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char nonce[64] = "", response[256] = "";
data/asterisk-16.15.0~dfsg/res/res_pjsip/security_events.c:172:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
data/asterisk-16.15.0~dfsg/res/res_pjsip/security_events.c:201:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char nonce[64] = "", call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
data/asterisk-16.15.0~dfsg/res/res_pjsip/security_events.c:234:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
data/asterisk-16.15.0~dfsg/res/res_pjsip/security_events.c:262:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
data/asterisk-16.15.0~dfsg/res/res_pjsip_acl.c:143:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char host[256];
data/asterisk-16.15.0~dfsg/res/res_pjsip_authenticator_digest.c:36:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char default_realm[MAX_REALM_LENGTH + 1];
data/asterisk-16.15.0~dfsg/res/res_pjsip_authenticator_digest.c:209:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hash[33];
data/asterisk-16.15.0~dfsg/res/res_pjsip_authenticator_digest.c:270:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char nonce[64];
data/asterisk-16.15.0~dfsg/res/res_pjsip_authenticator_digest.c:366:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char time_buf[32];
data/asterisk-16.15.0~dfsg/res/res_pjsip_authenticator_digest.c:451:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(auths_shallow[idx], auths[idx], sizeof(**auths_shallow));
data/asterisk-16.15.0~dfsg/res/res_pjsip_caller_id.c:45:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_name[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/res/res_pjsip_caller_id.c:46:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cid_num[AST_CHANNEL_NAME];
data/asterisk-16.15.0~dfsg/res/res_pjsip_config_wizard.c:539:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char new_id[strlen(id) + MAX_ID_SUFFIX];
data/asterisk-16.15.0~dfsg/res/res_pjsip_config_wizard.c:540:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char prefix[strlen(direction) + strlen("_auth/") + 1];
data/asterisk-16.15.0~dfsg/res/res_pjsip_config_wizard.c:672:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char new_id[strlen(id) + MAX_ID_SUFFIX];
data/asterisk-16.15.0~dfsg/res/res_pjsip_config_wizard.c:737:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char new_id[strlen(id) + MAX_ID_SUFFIX];
data/asterisk-16.15.0~dfsg/res/res_pjsip_config_wizard.c:768:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char host[strlen(rhost) + 1];
data/asterisk-16.15.0~dfsg/res/res_pjsip_config_wizard.c:801:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char new_id[strlen(id) + MAX_ID_SUFFIX];
data/asterisk-16.15.0~dfsg/res/res_pjsip_config_wizard.c:865:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char new_id[strlen(id) + MAX_ID_SUFFIX];
data/asterisk-16.15.0~dfsg/res/res_pjsip_config_wizard.c:1250:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char date[256]="";
data/asterisk-16.15.0~dfsg/res/res_pjsip_config_wizard.c:1256:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		f = fopen(fn, "w");
data/asterisk-16.15.0~dfsg/res/res_pjsip_dialog_info_body_generator.c:72:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char version_str[32], sanitized[PJSIP_MAX_URL_SIZE];
data/asterisk-16.15.0~dfsg/res/res_pjsip_dtmf_info.c:85:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[body ? body->len + 1 : 1];
data/asterisk-16.15.0~dfsg/res/res_pjsip_endpoint_identifier_anonymous.c:64:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char domain_name[DOMAIN_NAME_LEN + 1];
data/asterisk-16.15.0~dfsg/res/res_pjsip_endpoint_identifier_anonymous.c:76:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char id[sizeof("anonymous@") + DOMAIN_NAME_LEN];
data/asterisk-16.15.0~dfsg/res/res_pjsip_endpoint_identifier_ip.c:199:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[PATH_MAX];
data/asterisk-16.15.0~dfsg/res/res_pjsip_endpoint_identifier_ip.c:358:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char service[NI_MAXHOST];
data/asterisk-16.15.0~dfsg/res/res_pjsip_endpoint_identifier_ip.c:579:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char str[MAX_OBJECT_FIELD];
data/asterisk-16.15.0~dfsg/res/res_pjsip_endpoint_identifier_user.c:91:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char id[DOMAIN_NAME_LEN + USERNAME_LEN + sizeof("@")];
data/asterisk-16.15.0~dfsg/res/res_pjsip_endpoint_identifier_user.c:134:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char username[USERNAME_LEN + 1];
data/asterisk-16.15.0~dfsg/res/res_pjsip_endpoint_identifier_user.c:135:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char domain[DOMAIN_NAME_LEN + 1];
data/asterisk-16.15.0~dfsg/res/res_pjsip_endpoint_identifier_user.c:167:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char username[USERNAME_LEN + 1], realm[DOMAIN_NAME_LEN + 1];
data/asterisk-16.15.0~dfsg/res/res_pjsip_exten_state.c:77:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/res/res_pjsip_exten_state.c:79:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/res/res_pjsip_exten_state.c:110:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];
data/asterisk-16.15.0~dfsg/res/res_pjsip_exten_state.c:828:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[len];
data/asterisk-16.15.0~dfsg/res/res_pjsip_history.c:419:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[pj_strlen(op_left) + 1];
data/asterisk-16.15.0~dfsg/res/res_pjsip_history.c:659:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char addr[64];
data/asterisk-16.15.0~dfsg/res/res_pjsip_history.c:668:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char uri[128];
data/asterisk-16.15.0~dfsg/res/res_pjsip_history.c:716:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char line[256];
data/asterisk-16.15.0~dfsg/res/res_pjsip_history.c:759:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char line[256];
data/asterisk-16.15.0~dfsg/res/res_pjsip_history.c:1152:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char addr[64];
data/asterisk-16.15.0~dfsg/res/res_pjsip_history.c:1196:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char line[256];
data/asterisk-16.15.0~dfsg/res/res_pjsip_logger.c:107:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pcap_filename[PATH_MAX];
data/asterisk-16.15.0~dfsg/res/res_pjsip_logger.c:222:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&pcap_ipv4_header.ip_src, pj_sockaddr_get_addr(source), pj_sockaddr_get_addr_len(source));
data/asterisk-16.15.0~dfsg/res/res_pjsip_logger.c:225:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&pcap_ipv4_header.ip_dst, pj_sockaddr_get_addr(destination), pj_sockaddr_get_addr_len(destination));
data/asterisk-16.15.0~dfsg/res/res_pjsip_logger.c:234:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&pcap_ipv6_header.ip6_src, pj_sockaddr_get_addr(source), pj_sockaddr_get_addr_len(source));
data/asterisk-16.15.0~dfsg/res/res_pjsip_logger.c:237:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&pcap_ipv6_header.ip6_dst, pj_sockaddr_get_addr(destination), pj_sockaddr_get_addr_len(destination));
data/asterisk-16.15.0~dfsg/res/res_pjsip_logger.c:270:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[AST_SOCKADDR_BUFLEN];
data/asterisk-16.15.0~dfsg/res/res_pjsip_logger.c:298:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[AST_SOCKADDR_BUFLEN];
data/asterisk-16.15.0~dfsg/res/res_pjsip_logger.c:454:30:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	default_logger->pcap_file = fopen(arg, "wb");
data/asterisk-16.15.0~dfsg/res/res_pjsip_messaging.c:369:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf((char *) value, "%d", max_forwards);
data/asterisk-16.15.0~dfsg/res/res_pjsip_messaging.c:390:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[MAX_HDR_SIZE];
data/asterisk-16.15.0~dfsg/res/res_pjsip_messaging.c:391:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[MAX_HDR_SIZE];
data/asterisk-16.15.0~dfsg/res/res_pjsip_messaging.c:475:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(res, scheme, count);
data/asterisk-16.15.0~dfsg/res/res_pjsip_messaging.c:501:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[MAX_BODY_SIZE];
data/asterisk-16.15.0~dfsg/res/res_pjsip_messaging.c:504:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/res/res_pjsip_messaging.c:877:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(attrs[pos].value, "%.*s/%.*s",
data/asterisk-16.15.0~dfsg/res/res_pjsip_mwi.c:101:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mailbox[1];
data/asterisk-16.15.0~dfsg/res/res_pjsip_mwi.c:134:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char id[1];
data/asterisk-16.15.0~dfsg/res/res_pjsip_nat.c:343:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char host_port[x_orig_host->value.slen + 1];
data/asterisk-16.15.0~dfsg/res/res_pjsip_notify.c:127:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[0];
data/asterisk-16.15.0~dfsg/res/res_pjsip_notify.c:134:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];
data/asterisk-16.15.0~dfsg/res/res_pjsip_one_touch_record_info.c:53:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char feature_code[AST_FEATURE_MAX_LEN];
data/asterisk-16.15.0~dfsg/res/res_pjsip_outbound_publish.c:133:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char body_contents[0];
data/asterisk-16.15.0~dfsg/res/res_pjsip_outbound_publish.c:224:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char user[0];
data/asterisk-16.15.0~dfsg/res/res_pjsip_outbound_publish.c:244:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char id[0];
data/asterisk-16.15.0~dfsg/res/res_pjsip_outbound_publish.c:696:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char uuid_buf[AST_UUID_STR_LEN];
data/asterisk-16.15.0~dfsg/res/res_pjsip_outbound_publish.c:1035:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tps_name[AST_TASKPROCESSOR_MAX_NAME + 1];
data/asterisk-16.15.0~dfsg/res/res_pjsip_outbound_registration.c:348:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line[LINE_PARAMETER_SIZE];
data/asterisk-16.15.0~dfsg/res/res_pjsip_outbound_registration.c:1187:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tps_name[AST_TASKPROCESSOR_MAX_NAME + 1];
data/asterisk-16.15.0~dfsg/res/res_pjsip_outbound_registration.c:2045:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char next_start[32] = "";
data/asterisk-16.15.0~dfsg/res/res_pjsip_outbound_registration.c:2046:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char last_start[32] = "";
data/asterisk-16.15.0~dfsg/res/res_pjsip_phoneprov_provider.c:293:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char port_string[6];
data/asterisk-16.15.0~dfsg/res/res_pjsip_pidf_body_generator.c:56:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sanitized[PJSIP_MAX_URL_SIZE];
data/asterisk-16.15.0~dfsg/res/res_pjsip_pidf_digium_body_supplement.c:43:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sanitized[1024];
data/asterisk-16.15.0~dfsg/res/res_pjsip_pidf_eyebeam_body_supplement.c:63:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(act_str, "rpid:");
data/asterisk-16.15.0~dfsg/res/res_pjsip_publish_asterisk.c:178:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid_str[20];
data/asterisk-16.15.0~dfsg/res/res_pjsip_publish_asterisk.c:237:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid_str[20];
data/asterisk-16.15.0~dfsg/res/res_pjsip_publish_asterisk.c:313:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[len];
data/asterisk-16.15.0~dfsg/res/res_pjsip_publish_asterisk.c:769:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid_str[20];
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:328:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char event[32];
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:363:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data[0];
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:376:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char packet[PJSIP_MAX_PKT_LEN];
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:378:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char src_name[PJ_INET6_ADDRSTRLEN];
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:382:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char transport_key[32];
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:384:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char local_name[PJ_INET6_ADDRSTRLEN];
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:394:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char contact_uri[PJSIP_MAX_URL_SIZE];
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:503:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char resource[0];
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:639:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tag[PJ_GUID_STRING_LENGTH + 1];
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:767:66:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static struct ast_sip_pubsub_body_generator *find_body_generator(char accept[AST_SIP_MAX_ACCEPT][64],
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:774:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char event[32];
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:835:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char accept[AST_SIP_MAX_ACCEPT][64];
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:891:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char resource[0];
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:1426:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char tps_name[AST_TASKPROCESSOR_MAX_NAME + 1];
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:1823:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char str[256];
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:2037:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char id[6];
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:2038:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char uri[PJSIP_MAX_URL_SIZE];
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:2112:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char id[6];
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:2168:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char version_str[32];
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:2169:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char uri[PJSIP_MAX_URL_SIZE];
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:2295:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char boundary[6];
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:2862:66:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static struct ast_sip_pubsub_body_generator *find_body_generator(char accept[AST_SIP_MAX_ACCEPT][64],
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:2996:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char uri_str[PJSIP_MAX_URL_SIZE];
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:3108:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char etag[pj_strlen(&etag_hdr->hvalue) + 1];
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:3190:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[30];
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:3229:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char uri_str[PJSIP_MAX_URL_SIZE];
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:3331:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char event[32];
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:3582:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char message_account[PJSIP_MAX_URL_SIZE];
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:3829:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char task_name[256];
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:3925:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char task_name[256];
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:4386:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char caller_id[256];
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:4387:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char callid[256];
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:4526:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ep_cid_buf[50];
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:4527:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char res_evt_buf[50];
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:4528:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char callid[256];
data/asterisk-16.15.0~dfsg/res/res_pjsip_refer.c:370:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tps_name[AST_TASKPROCESSOR_MAX_NAME + 1];
data/asterisk-16.15.0~dfsg/res/res_pjsip_refer.c:713:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char replaces[512];
data/asterisk-16.15.0~dfsg/res/res_pjsip_refer.c:729:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char refer_to[PJSIP_MAX_URL_SIZE];
data/asterisk-16.15.0~dfsg/res/res_pjsip_refer.c:859:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/res/res_pjsip_registrar.c:153:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char contact_uri[pjsip_max_url_size];
data/asterisk-16.15.0~dfsg/res/res_pjsip_registrar.c:253:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char date[256];
data/asterisk-16.15.0~dfsg/res/res_pjsip_registrar.c:331:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char aor_name[0];
data/asterisk-16.15.0~dfsg/res/res_pjsip_registrar.c:724:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char contact_uri[pjsip_max_url_size];
data/asterisk-16.15.0~dfsg/res/res_pjsip_registrar.c:1283:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(time, "%ld", ast_tvnow().tv_sec);
data/asterisk-16.15.0~dfsg/res/res_pjsip_rfc3326.c:41:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[20];
data/asterisk-16.15.0~dfsg/res/res_pjsip_rfc3326.c:96:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[20];
data/asterisk-16.15.0~dfsg/res/res_pjsip_sdp_rtp.c:255:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char hoststr[PJ_INET6_ADDRSTRLEN];
data/asterisk-16.15.0~dfsg/res/res_pjsip_sdp_rtp.c:322:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[256];
data/asterisk-16.15.0~dfsg/res/res_pjsip_sdp_rtp.c:323:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char media[20];
data/asterisk-16.15.0~dfsg/res/res_pjsip_sdp_rtp.c:324:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fmt_param[256];
data/asterisk-16.15.0~dfsg/res/res_pjsip_sdp_rtp.c:555:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[64];
data/asterisk-16.15.0~dfsg/res/res_pjsip_sdp_rtp.c:713:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char attr_value[256];
data/asterisk-16.15.0~dfsg/res/res_pjsip_sdp_rtp.c:753:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char foundation[33], transport[32], address[PJ_INET6_ADDRSTRLEN + 1], cand_type[6], relay_address[PJ_INET6_ADDRSTRLEN + 1] = "";
data/asterisk-16.15.0~dfsg/res/res_pjsip_sdp_rtp.c:977:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char hash_value[256], hash[32];
data/asterisk-16.15.0~dfsg/res/res_pjsip_sdp_rtp.c:978:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char fingerprint_text[value->slen + 1];
data/asterisk-16.15.0~dfsg/res/res_pjsip_sdp_rtp.c:1100:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[128];
data/asterisk-16.15.0~dfsg/res/res_pjsip_sdp_rtp.c:1123:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char attr_value[pj_strlen(&attr->value) + 1];
data/asterisk-16.15.0~dfsg/res/res_pjsip_sdp_rtp.c:1172:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msid[(AST_UUID_STR_LEN * 2) + 2];
data/asterisk-16.15.0~dfsg/res/res_pjsip_sdp_rtp.c:1252:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char extmap_value[256];
data/asterisk-16.15.0~dfsg/res/res_pjsip_sdp_rtp.c:1311:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char attr_value[pj_strlen(&attr->value) + 1];
data/asterisk-16.15.0~dfsg/res/res_pjsip_sdp_rtp.c:1314:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char direction_str[10] = "";
data/asterisk-16.15.0~dfsg/res/res_pjsip_sdp_rtp.c:1360:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char host[NI_MAXHOST];
data/asterisk-16.15.0~dfsg/res/res_pjsip_sdp_rtp.c:1603:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[512];
data/asterisk-16.15.0~dfsg/res/res_pjsip_sdp_rtp.c:1955:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char host[NI_MAXHOST];
data/asterisk-16.15.0~dfsg/res/res_pjsip_sdp_rtp.c:2110:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char host[NI_MAXHOST];
data/asterisk-16.15.0~dfsg/res/res_pjsip_session.c:101:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char stream_type[1];
data/asterisk-16.15.0~dfsg/res/res_pjsip_session.c:615:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char value[pj_strlen(&attr->value) + 1], *mids = value, *attr_mid;
data/asterisk-16.15.0~dfsg/res/res_pjsip_session.c:695:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char attr_value[pj_strlen(&attr->value) + 1];
data/asterisk-16.15.0~dfsg/res/res_pjsip_session.c:783:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char media[20];
data/asterisk-16.15.0~dfsg/res/res_pjsip_session.c:966:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char media[20];
data/asterisk-16.15.0~dfsg/res/res_pjsip_session.c:1231:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char uuid_buf[AST_UUID_STR_LEN];
data/asterisk-16.15.0~dfsg/res/res_pjsip_session.c:2596:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char media[20];
data/asterisk-16.15.0~dfsg/res/res_pjsip_session.c:3077:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char tps_name[AST_TASKPROCESSOR_MAX_NAME + 1];
data/asterisk-16.15.0~dfsg/res/res_pjsip_session.c:3952:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[AST_SOCKADDR_BUFLEN];
data/asterisk-16.15.0~dfsg/res/res_pjsip_session.c:4966:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *mids[PJMEDIA_MAX_SDP_MEDIA];
data/asterisk-16.15.0~dfsg/res/res_pjsip_session.c:5324:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char exten[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/res/res_pjsip_session.c:5336:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char target_uri[PJSIP_MAX_URL_SIZE];
data/asterisk-16.15.0~dfsg/res/res_pjsip_session.c:5338:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char forward[8 + strlen(ast_sorcery_object_get_id(session->endpoint)) + PJSIP_MAX_URL_SIZE];
data/asterisk-16.15.0~dfsg/res/res_pjsip_session.c:5378:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char host[NI_MAXHOST];
data/asterisk-16.15.0~dfsg/res/res_pjsip_session.c:5398:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char media[20];
data/asterisk-16.15.0~dfsg/res/res_pjsip_t38.c:814:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char host[NI_MAXHOST];
data/asterisk-16.15.0~dfsg/res/res_pjsip_t38.c:871:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[512];
data/asterisk-16.15.0~dfsg/res/res_pjsip_t38.c:995:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char host[NI_MAXHOST];
data/asterisk-16.15.0~dfsg/res/res_pjsip_t38.c:1032:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char host[NI_MAXHOST];
data/asterisk-16.15.0~dfsg/res/res_pjsip_transport_websocket.c:351:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tps_name[AST_TASKPROCESSOR_MAX_NAME + 1];
data/asterisk-16.15.0~dfsg/res/res_pjsip_transport_websocket.c:440:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char src_addr_buffer[AST_SOCKADDR_BUFLEN];
data/asterisk-16.15.0~dfsg/res/res_pjsip_xpidf_body_generator.c:58:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sanitized[PJSIP_MAX_URL_SIZE];
data/asterisk-16.15.0~dfsg/res/res_pktccops.c:134:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[80];
data/asterisk-16.15.0~dfsg/res/res_pktccops.c:135:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char host[80];
data/asterisk-16.15.0~dfsg/res/res_pktccops.c:136:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char port[80];
data/asterisk-16.15.0~dfsg/res/res_pktccops.c:178:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&res, &n, 4);
data/asterisk-16.15.0~dfsg/res/res_pktccops.c:326:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[COPS_HEADER_SIZE];
data/asterisk-16.15.0~dfsg/res/res_pktccops.c:412:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(buf + COPS_HEADER_SIZE, sendmsg->msg, sendmsg->length - COPS_HEADER_SIZE);
data/asterisk-16.15.0~dfsg/res/res_pktccops.c:431:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy((buf + bufpos + 4), pobject->contents, pobject->length - 4);
data/asterisk-16.15.0~dfsg/res/res_pktccops.c:1045:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					t1 = atoi(v->value);
data/asterisk-16.15.0~dfsg/res/res_pktccops.c:1047:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					t7 = atoi(v->value);
data/asterisk-16.15.0~dfsg/res/res_pktccops.c:1049:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					t8 = atoi(v->value);
data/asterisk-16.15.0~dfsg/res/res_pktccops.c:1051:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					keepalive = atoi(v->value);
data/asterisk-16.15.0~dfsg/res/res_pktccops.c:1053:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					gateinfoperiod = atoi(v->value);
data/asterisk-16.15.0~dfsg/res/res_pktccops.c:1055:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					gatetimeout = atoi(v->value);
data/asterisk-16.15.0~dfsg/res/res_pktccops.c:1075:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					t1_temp = atoi(v->value);
data/asterisk-16.15.0~dfsg/res/res_pktccops.c:1077:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					t7_temp = atoi(v->value);
data/asterisk-16.15.0~dfsg/res/res_pktccops.c:1079:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					t8_temp = atoi(v->value);
data/asterisk-16.15.0~dfsg/res/res_pktccops.c:1081:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					keepalive_temp = atoi(v->value);
data/asterisk-16.15.0~dfsg/res/res_pktccops.c:1153:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char statedesc[16];
data/asterisk-16.15.0~dfsg/res/res_pktccops.c:1190:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char state_desc[16];
data/asterisk-16.15.0~dfsg/res/res_pktccops.c:1238:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char start[32];
data/asterisk-16.15.0~dfsg/res/res_pktccops.c:1239:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char stop[32];
data/asterisk-16.15.0~dfsg/res/res_pktccops.c:1379:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	cops_gate_cmd(GATE_SET, cmts, trid, mta, atoi(a->argv[4]), atof(a->argv[5]), atoi(a->argv[6]), ssip, atoi(a->argv[8]), NULL);
data/asterisk-16.15.0~dfsg/res/res_pktccops.c:1379:79:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	cops_gate_cmd(GATE_SET, cmts, trid, mta, atoi(a->argv[4]), atof(a->argv[5]), atoi(a->argv[6]), ssip, atoi(a->argv[8]), NULL);
data/asterisk-16.15.0~dfsg/res/res_pktccops.c:1379:103:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	cops_gate_cmd(GATE_SET, cmts, trid, mta, atoi(a->argv[4]), atof(a->argv[5]), atoi(a->argv[6]), ssip, atoi(a->argv[8]), NULL);
data/asterisk-16.15.0~dfsg/res/res_resolver_unbound.c:759:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char addr1_buf[V4_SIZE];
data/asterisk-16.15.0~dfsg/res/res_resolver_unbound.c:760:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char addr2_buf[V4_SIZE];
data/asterisk-16.15.0~dfsg/res/res_resolver_unbound.c:761:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char addr3_buf[V6_SIZE];
data/asterisk-16.15.0~dfsg/res/res_resolver_unbound.c:762:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char addr4_buf[V4_SIZE];
data/asterisk-16.15.0~dfsg/res/res_resolver_unbound.c:1028:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char addr1_buf[V4_SIZE];
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:359:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char rawdata[8192 + AST_FRIENDLY_OFFSET];
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:361:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cname[AST_UUID_STR_LEN]; /*!< Our local CNAME */
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:448:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char remote_ufrag[256];  /*!< The remote ICE username */
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:449:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char remote_passwd[256]; /*!< The remote ICE password */
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:451:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char local_ufrag[256];  /*!< The local ICE username */
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:452:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char local_passwd[256]; /*!< The local ICE password */
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:467:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char local_fingerprint[160]; /*!< Fingerprint of our certificate */
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:469:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char remote_fingerprint[EVP_MAX_MD_SIZE]; /*!< Fingerprint of the peer certificate */
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:550:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char frame_buf[512 + AST_FRIENDLY_OFFSET];
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:556:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char pt[AST_RED_MAX_GENERATION];  /*!< Payload types for redundancy data */
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:557:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char ts[AST_RED_MAX_GENERATION]; /*!< Time stamps */
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:558:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char len[AST_RED_MAX_GENERATION]; /*!< length of each generation */
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:562:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char t140red_data[64000];
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:563:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf_data[64000]; /*!< buffered primary data */
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:571:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[0];	/*!< The payload data */
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:736:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char address[PJ_INET6_ADDRSTRLEN];
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:1105:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char reason[80];
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:1218:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char address[PJ_INET6_ADDRSTRLEN];
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:1309:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char buf[100];
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:1375:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char buf[100];
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:2035:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fp = fopen(private_key_file, "r");
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:2144:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		unsigned char fingerprint[EVP_MAX_MD_SIZE];
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:2177:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(local_fingerprint, "%02hhX:", fingerprint[i]);
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:2856:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char material[SRTP_MASTER_LEN * 2];
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:2956:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			unsigned char fingerprint[EVP_MAX_MD_SIZE];
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:3174:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char err_buf[100];
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:4120:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data[256];
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:4195:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data[256];
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:4241:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data[256];
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:4658:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(rtcpheader + 10, rtp->cname, AST_UUID_STR_LEN);
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:4806:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char bdata[AST_UUID_STR_LEN + 128] = ""; /* More than enough */
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:5050:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(payload->buf, rtpheader, packet_len);
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:5128:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&data[len], red->t140.data.ptr, red->t140.datalen);
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:5145:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char bdata[1024];
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:5208:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char bdata[1024];
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:5728:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(rtp->f.data.ptr, data + 1, len - 1);
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:6428:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(transport_rtp->f.data.ptr, rtcp_report, sizeof(struct ast_rtp_rtcp_report));
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:6434:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(report_block, rtcp_report->report_block[0], sizeof(struct ast_rtp_rtcp_report_block));
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:6555:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char rtcpdata[8192 + AST_FRIENDLY_OFFSET];
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:6865:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char bdata[1024];
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:8012:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(payload->buf, rtpheader, res);
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:8471:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&red->buf_data[red->t140.datalen], frame->data.ptr, frame->datalen);
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:8646:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data[256];
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:9087:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		rtpstart = atoi(s);
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:9094:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		rtpend = atoi(s);
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:9101:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		rtcpinterval = atoi(s);
data/asterisk-16.15.0~dfsg/res/res_rtp_asterisk.c:9118:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		dtmftimeout = atoi(s);
data/asterisk-16.15.0~dfsg/res/res_rtp_multicast.c:135:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *opt_args[OPT_ARG_ARRAY_SIZE];
data/asterisk-16.15.0~dfsg/res/res_rtp_multicast.c:137:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[0];
data/asterisk-16.15.0~dfsg/res/res_smdi.c:168:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[SMDI_MAX_FILENAME_LEN];
data/asterisk-16.15.0~dfsg/res/res_smdi.c:287:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(file = fopen(iface->name, "w"))) {
data/asterisk-16.15.0~dfsg/res/res_smdi.c:835:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1024];
data/asterisk-16.15.0~dfsg/res/res_smdi.c:1063:24:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			if (!(iface->file = fopen(iface->name, "r"))) {
data/asterisk-16.15.0~dfsg/res/res_sorcery_astdb.c:71:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char family[strlen(prefix) + strlen(ast_sorcery_object_get_type(object)) + 2];
data/asterisk-16.15.0~dfsg/res/res_sorcery_astdb.c:138:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char family[strlen(prefix) + strlen(type) + 2];
data/asterisk-16.15.0~dfsg/res/res_sorcery_astdb.c:194:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char family[strlen(prefix) + strlen(type) + 2];
data/asterisk-16.15.0~dfsg/res/res_sorcery_astdb.c:281:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char family[strlen(prefix) + strlen(type) + 2];
data/asterisk-16.15.0~dfsg/res/res_sorcery_astdb.c:282:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tree[strlen(regex) + 1];
data/asterisk-16.15.0~dfsg/res/res_sorcery_astdb.c:336:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char family[family_len + 1];
data/asterisk-16.15.0~dfsg/res/res_sorcery_astdb.c:337:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tree[prefix_len + 1];
data/asterisk-16.15.0~dfsg/res/res_sorcery_astdb.c:371:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char family[strlen(prefix) + strlen(ast_sorcery_object_get_type(object)) + 2], value[2];
data/asterisk-16.15.0~dfsg/res/res_sorcery_astdb.c:387:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char family[strlen(prefix) + strlen(ast_sorcery_object_get_type(object)) + 2];
data/asterisk-16.15.0~dfsg/res/res_sorcery_astdb.c:388:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char value[2];
data/asterisk-16.15.0~dfsg/res/res_sorcery_config.c:45:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char uuid[AST_UUID_STR_LEN];
data/asterisk-16.15.0~dfsg/res/res_sorcery_memory_cache.c:2764:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *in_cache[2];
data/asterisk-16.15.0~dfsg/res/res_sorcery_memory_cache.c:2765:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *not_in_cache[2];
data/asterisk-16.15.0~dfsg/res/res_sorcery_memory_cache.c:2921:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char uuid[AST_UUID_STR_LEN];
data/asterisk-16.15.0~dfsg/res/res_sorcery_memory_cache.c:3059:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char uuid[AST_UUID_STR_LEN];
data/asterisk-16.15.0~dfsg/res/res_sorcery_realtime.c:201:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char field[strlen(UUID_FIELD) + 6], value[2];
data/asterisk-16.15.0~dfsg/res/res_sorcery_realtime.c:248:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char field[strlen(UUID_FIELD) + 6], value[strlen(regex) + 3];
data/asterisk-16.15.0~dfsg/res/res_sorcery_realtime.c:271:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char field[strlen(UUID_FIELD) + 6], value[prefix_len + 2];
data/asterisk-16.15.0~dfsg/res/res_srtp.c:72:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[8192 + AST_FRIENDLY_OFFSET];
data/asterisk-16.15.0~dfsg/res/res_srtp.c:73:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char rtcpbuf[8192 + AST_FRIENDLY_OFFSET];
data/asterisk-16.15.0~dfsg/res/res_srtp.c:339:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(master_key, key, key_len);
data/asterisk-16.15.0~dfsg/res/res_srtp.c:340:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(master_key + key_len, salt, salt_len);
data/asterisk-16.15.0~dfsg/res/res_srtp.c:502:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(localbuf, *buf, *len);
data/asterisk-16.15.0~dfsg/res/res_srtp.c:633:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char local_key[SRTP_MAX_KEY_LEN];
data/asterisk-16.15.0~dfsg/res/res_srtp.c:635:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char local_key64[((SRTP_MAX_KEY_LEN) * 8 + 5) / 6 + 1];
data/asterisk-16.15.0~dfsg/res/res_srtp.c:636:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char remote_key[SRTP_MAX_KEY_LEN];
data/asterisk-16.15.0~dfsg/res/res_srtp.c:653:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char remote_key[key_len];
data/asterisk-16.15.0~dfsg/res/res_srtp.c:817:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char remote_key[SRTP_MAX_KEY_LEN];
data/asterisk-16.15.0~dfsg/res/res_srtp.c:1062:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(crypto->remote_key, remote_key, key_len_from_sdp);
data/asterisk-16.15.0~dfsg/res/res_stasis_device_state.c:179:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char device[DEVICE_STATE_SIZE];
data/asterisk-16.15.0~dfsg/res/res_stasis_device_state.c:294:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[DEVICE_STATE_SIZE];
data/asterisk-16.15.0~dfsg/res/res_stasis_playback.c:144:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char uuid[AST_UUID_STR_LEN];
data/asterisk-16.15.0~dfsg/res/res_stasis_snoop.c:74:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char uniqueid[AST_MAX_UNIQUEID];
data/asterisk-16.15.0~dfsg/res/res_statsd.c:91:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char prefix[MAX_PREFIX + 1];
data/asterisk-16.15.0~dfsg/res/res_statsd.c:167:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char char_value[30];
data/asterisk-16.15.0~dfsg/res/res_statsd.c:225:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char char_value[30];
data/asterisk-16.15.0~dfsg/res/res_statsd.c:234:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char char_value[30];
data/asterisk-16.15.0~dfsg/res/res_stir_shaken.c:357:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char time_buf[32];
data/asterisk-16.15.0~dfsg/res/res_stir_shaken.c:360:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hash[41];
data/asterisk-16.15.0~dfsg/res/res_stir_shaken.c:412:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char expiration[32];
data/asterisk-16.15.0~dfsg/res/res_stir_shaken.c:413:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hash[41];
data/asterisk-16.15.0~dfsg/res/res_stir_shaken.c:439:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hash[41];
data/asterisk-16.15.0~dfsg/res/res_stir_shaken.c:440:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char file_path[MAX_PATH_LEN];
data/asterisk-16.15.0~dfsg/res/res_stir_shaken.c:461:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hash[41];
data/asterisk-16.15.0~dfsg/res/res_stir_shaken.c:476:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hash[41];
data/asterisk-16.15.0~dfsg/res/res_stir_shaken.c:477:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filepath[MAX_PATH_LEN];
data/asterisk-16.15.0~dfsg/res/res_stir_shaken.c:1259:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char time_buf[32];
data/asterisk-16.15.0~dfsg/res/res_stir_shaken.c:1260:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hash[41];
data/asterisk-16.15.0~dfsg/res/res_stir_shaken.c:1296:7:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
	fd = mkstemp(file_path);
data/asterisk-16.15.0~dfsg/res/res_stir_shaken/curl.c:100:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(header, buffer, realsize);
data/asterisk-16.15.0~dfsg/res/res_stir_shaken/curl.c:156:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char curl_errbuf[CURL_ERROR_SIZE + 1];
data/asterisk-16.15.0~dfsg/res/res_stir_shaken/curl.c:157:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hash[41];
data/asterisk-16.15.0~dfsg/res/res_stir_shaken/curl.c:163:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	public_key_file = fopen(path, "wb");
data/asterisk-16.15.0~dfsg/res/res_stir_shaken/stir_shaken.c:94:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fp = fopen(path, "r");
data/asterisk-16.15.0~dfsg/res/res_timing_dahdi.c:82:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((timer->fd = open("/dev/dahdi/timer", O_RDWR)) < 0) {
data/asterisk-16.15.0~dfsg/res/res_timing_dahdi.c:180:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open("/dev/dahdi/timer", O_RDWR);
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:933:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char from[XMPP_MAX_JIDLEN];
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:998:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char from[XMPP_MAX_JIDLEN], roomid[XMPP_MAX_JIDLEN];
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:1296:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid_str[20];
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:1329:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid_str[20], cachable_str[2];
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:1363:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char oldmsgs[10], newmsgs[10];
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:1808:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *s, nick[XMPP_MAX_RESJIDLEN];
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:1867:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *s, nick[XMPP_MAX_RESJIDLEN];
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:1969:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *s, nick[XMPP_MAX_RESJIDLEN];
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:2395:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char priorityS[10];
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:2610:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msg[91 + strlen(namespace) + 6 + strlen(to) + 16 + 1];
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:2661:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ret, buf, len);
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:2742:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[41], sidpass[100];
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:2781:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char combined[len];
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:2782:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char base64[(len + 2) * 4 / 3];
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:2911:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char secret[160], shasum[320], message[344];
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:3439:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		resource->priority = atoi((iks_find_cdata(pak->x, "priority")) ? iks_find_cdata(pak->x, "priority") : "0");
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:3569:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char attr[XMPP_MAX_ATTRLEN];
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:3736:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[NET_IO_BUF_SIZE - 1] = "";
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:3737:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char newbuf[NET_IO_BUF_SIZE - 1] = "";
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:3912:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cBuf[1024] = "";
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:3973:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char resource[strlen(cfg->user) + strlen("/asterisk-xmpp") + 1];
data/asterisk-16.15.0~dfsg/res/snmp/agent.c:241:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char string_ret[256];
data/asterisk-16.15.0~dfsg/res/snmp/agent.c:681:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char ret_buf[128];
data/asterisk-16.15.0~dfsg/res/snmp/agent.c:723:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char ret_buf[256];
data/asterisk-16.15.0~dfsg/res/stasis/app.c:304:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context_name[size];
data/asterisk-16.15.0~dfsg/res/stasis/app.c:313:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(context_name, "stasis-");
data/asterisk-16.15.0~dfsg/res/stasis/app.c:961:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context_name[context_size];
data/asterisk-16.15.0~dfsg/res/stasis/app.c:1050:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(context_name, "stasis-");
data/asterisk-16.15.0~dfsg/res/stasis/app.c:1081:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid[20];
data/asterisk-16.15.0~dfsg/res/stasis/control.c:363:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[AST_MAX_CONTEXT];
data/asterisk-16.15.0~dfsg/res/stasis/control.c:364:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char extension[AST_MAX_EXTENSION];
data/asterisk-16.15.0~dfsg/res/stasis/control.c:1575:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dialstring[0];
data/asterisk-16.15.0~dfsg/res/stasis/messaging.c:217:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[256];
data/asterisk-16.15.0~dfsg/res/stasis/messaging.c:296:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[256];
data/asterisk-16.15.0~dfsg/tests/test_app.c:62:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *opt_args[OPT_ARG_ARRAY_SIZE];
data/asterisk-16.15.0~dfsg/tests/test_app.c:65:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		const char *parse[3];
data/asterisk-16.15.0~dfsg/tests/test_app.c:72:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[256];
data/asterisk-16.15.0~dfsg/tests/test_astobj2_weaken.c:271:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char value[0];
data/asterisk-16.15.0~dfsg/tests/test_bucket.c:600:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(temporary = fopen(file->path, "w"))) {
data/asterisk-16.15.0~dfsg/tests/test_callerid.c:84:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		RAII_VAR(char *, callerid, ast_strdup(cid_sets[i].cid), ast_free);
data/asterisk-16.15.0~dfsg/tests/test_callerid.c:132:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		RAII_VAR(char *, callerid, ast_strdup(cid_sets[i].cid), ast_free);
data/asterisk-16.15.0~dfsg/tests/test_cdr.c:2125:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char varbuffer[128];
data/asterisk-16.15.0~dfsg/tests/test_cdr.c:2399:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char varbuffer[128];
data/asterisk-16.15.0~dfsg/tests/test_cdr.c:2400:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fork_varbuffer[128];
data/asterisk-16.15.0~dfsg/tests/test_cdr.c:2401:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char answer_time[128];
data/asterisk-16.15.0~dfsg/tests/test_cdr.c:2402:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fork_answer_time[128];
data/asterisk-16.15.0~dfsg/tests/test_cdr.c:2403:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char start_time[128];
data/asterisk-16.15.0~dfsg/tests/test_cdr.c:2404:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fork_start_time[128];
data/asterisk-16.15.0~dfsg/tests/test_cel.c:1702:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(event_dup, event, event_len);
data/asterisk-16.15.0~dfsg/tests/test_config.c:239:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char temp[32];
data/asterisk-16.15.0~dfsg/tests/test_config.c:570:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char temp[32];
data/asterisk-16.15.0~dfsg/tests/test_config.c:712:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char temp[32];
data/asterisk-16.15.0~dfsg/tests/test_config.c:829:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename[PATH_MAX];
data/asterisk-16.15.0~dfsg/tests/test_config.c:833:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	config_file = fopen(filename, "w");
data/asterisk-16.15.0~dfsg/tests/test_config.c:858:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename[PATH_MAX];
data/asterisk-16.15.0~dfsg/tests/test_config.c:890:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char config_filename[PATH_MAX];
data/asterisk-16.15.0~dfsg/tests/test_config.c:891:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char include_filename[PATH_MAX];
data/asterisk-16.15.0~dfsg/tests/test_config.c:1690:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename[PATH_MAX];
data/asterisk-16.15.0~dfsg/tests/test_config.c:1706:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	config_file = fopen(filename, "w");
data/asterisk-16.15.0~dfsg/tests/test_conversions.c:52:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char str[64];
data/asterisk-16.15.0~dfsg/tests/test_conversions.c:99:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char str[64];
data/asterisk-16.15.0~dfsg/tests/test_conversions.c:142:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char str[64];
data/asterisk-16.15.0~dfsg/tests/test_conversions.c:189:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char str[64];
data/asterisk-16.15.0~dfsg/tests/test_conversions.c:232:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char str[64];
data/asterisk-16.15.0~dfsg/tests/test_conversions.c:280:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char str[64];
data/asterisk-16.15.0~dfsg/tests/test_core_format.c:196:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		clone_pvt->field_one = atoi(value);
data/asterisk-16.15.0~dfsg/tests/test_core_format.c:198:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		clone_pvt->field_two = atoi(value);
data/asterisk-16.15.0~dfsg/tests/test_db.c:64:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[sizeof(long_val)] = { 0, };
data/asterisk-16.15.0~dfsg/tests/test_db.c:147:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char buf[256];
data/asterisk-16.15.0~dfsg/tests/test_db.c:175:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char buf[256];
data/asterisk-16.15.0~dfsg/tests/test_db.c:211:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[10];
data/asterisk-16.15.0~dfsg/tests/test_db.c:226:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(buf, "%zu", x);
data/asterisk-16.15.0~dfsg/tests/test_dlinklists.c:50:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[10];
data/asterisk-16.15.0~dfsg/tests/test_dlinklists.c:63:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buff[1000];
data/asterisk-16.15.0~dfsg/tests/test_dlinklists.c:68:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			strcat(buff," <=> ");
data/asterisk-16.15.0~dfsg/tests/test_dlinklists.c:77:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buff[1000];
data/asterisk-16.15.0~dfsg/tests/test_dlinklists.c:82:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			strcat(buff," <=> ");
data/asterisk-16.15.0~dfsg/tests/test_dns.c:429:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char v4_buf[V4_BUFSIZE];
data/asterisk-16.15.0~dfsg/tests/test_dns.c:433:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char v6_buf[V6_BUFSIZE];
data/asterisk-16.15.0~dfsg/tests/test_dns.c:556:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char v4_buf[V4_BUFSIZE];
data/asterisk-16.15.0~dfsg/tests/test_dns.c:677:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char v4_buf[V4_BUFSIZE];
data/asterisk-16.15.0~dfsg/tests/test_dns_naptr.c:65:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ptr, &net_order, sizeof(net_order));
data/asterisk-16.15.0~dfsg/tests/test_dns_naptr.c:68:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ptr, &net_preference, sizeof(net_preference));
data/asterisk-16.15.0~dfsg/tests/test_dns_naptr.c:101:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ans_buffer[1024];
data/asterisk-16.15.0~dfsg/tests/test_dns_naptr.c:122:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char record[128];
data/asterisk-16.15.0~dfsg/tests/test_dns_recurring.c:99:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char addr1_buf[ADDR1_BUFSIZE];
data/asterisk-16.15.0~dfsg/tests/test_dns_recurring.c:103:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char addr2_buf[ADDR2_BUFSIZE];
data/asterisk-16.15.0~dfsg/tests/test_dns_srv.c:56:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ptr, &priority, sizeof(priority));
data/asterisk-16.15.0~dfsg/tests/test_dns_srv.c:61:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ptr, &weight, sizeof(weight));
data/asterisk-16.15.0~dfsg/tests/test_dns_srv.c:66:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ptr, &port, sizeof(port));
data/asterisk-16.15.0~dfsg/tests/test_dns_srv.c:79:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ans_buffer[1024];
data/asterisk-16.15.0~dfsg/tests/test_dns_srv.c:93:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char record[128];
data/asterisk-16.15.0~dfsg/tests/test_expr.c:151:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[32];
data/asterisk-16.15.0~dfsg/tests/test_file.c:92:8:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
		fd = mkstemp(ast_str_buffer(filename));
data/asterisk-16.15.0~dfsg/tests/test_func_file.c:253:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char file[80], expression[256];
data/asterisk-16.15.0~dfsg/tests/test_func_file.c:255:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fbuf[8192];
data/asterisk-16.15.0~dfsg/tests/test_func_file.c:288:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if (!(fh = fopen(file, "w"))) {
data/asterisk-16.15.0~dfsg/tests/test_func_file.c:324:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if (!(fh = fopen(file, "w"))) {
data/asterisk-16.15.0~dfsg/tests/test_func_file.c:348:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if (!(fh = fopen(file, "r"))) {
data/asterisk-16.15.0~dfsg/tests/test_http_media_cache.c:64:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char server_uri[512];
data/asterisk-16.15.0~dfsg/tests/test_http_media_cache.c:93:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char file_name[64] = "/tmp/test-media-cache-XXXXXX";
data/asterisk-16.15.0~dfsg/tests/test_http_media_cache.c:105:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[1024];
data/asterisk-16.15.0~dfsg/tests/test_http_media_cache.c:107:8:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
		fd = mkstemp(file_name);
data/asterisk-16.15.0~dfsg/tests/test_http_media_cache.c:121:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fd = open(file_name, 0);
data/asterisk-16.15.0~dfsg/tests/test_http_media_cache.c:154:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char tmbuf[64];
data/asterisk-16.15.0~dfsg/tests/test_http_media_cache.c:227:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char uri[1024];
data/asterisk-16.15.0~dfsg/tests/test_http_media_cache.c:309:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char uri[1024];
data/asterisk-16.15.0~dfsg/tests/test_http_media_cache.c:410:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char uri[1024];
data/asterisk-16.15.0~dfsg/tests/test_http_media_cache.c:451:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char uri[1024];
data/asterisk-16.15.0~dfsg/tests/test_http_media_cache.c:501:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char uri[1024];
data/asterisk-16.15.0~dfsg/tests/test_http_media_cache.c:544:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char uri[1024];
data/asterisk-16.15.0~dfsg/tests/test_http_media_cache.c:577:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char uri[1024];
data/asterisk-16.15.0~dfsg/tests/test_jitterbuf.c:120:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1024];
data/asterisk-16.15.0~dfsg/tests/test_jitterbuf.c:136:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1024];
data/asterisk-16.15.0~dfsg/tests/test_jitterbuf.c:152:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1024];
data/asterisk-16.15.0~dfsg/tests/test_json.c:1216:11:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
	int fd = mkstemp(template);
data/asterisk-16.15.0~dfsg/tests/test_json.c:1262:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	file = fopen(filename, "r");
data/asterisk-16.15.0~dfsg/tests/test_locale.c:56:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char origlocalformat[200] = "", localformat[200] = "";
data/asterisk-16.15.0~dfsg/tests/test_locale.c:60:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char name[0];
data/asterisk-16.15.0~dfsg/tests/test_logger.c:104:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char level_name[18][8];
data/asterisk-16.15.0~dfsg/tests/test_logger.c:107:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(level_name[x], "level%02u", x);
data/asterisk-16.15.0~dfsg/tests/test_logger.c:212:7:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
	fd = mkstemp(tmppath);
data/asterisk-16.15.0~dfsg/tests/test_media_cache.c:197:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char file_path[PATH_MAX];
data/asterisk-16.15.0~dfsg/tests/test_media_cache.c:198:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp_path_one[PATH_MAX] = "/tmp/test-media-cache-XXXXXX";
data/asterisk-16.15.0~dfsg/tests/test_media_cache.c:199:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp_path_two[PATH_MAX] = "/tmp/test-media-cache-XXXXXX";
data/asterisk-16.15.0~dfsg/tests/test_media_cache.c:218:7:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
	fd = mkstemp(tmp_path_one);
data/asterisk-16.15.0~dfsg/tests/test_media_cache.c:227:7:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
	fd = mkstemp(tmp_path_two);
data/asterisk-16.15.0~dfsg/tests/test_media_cache.c:262:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp_path[PATH_MAX] = "/tmp/test-media-cache-XXXXXX";
data/asterisk-16.15.0~dfsg/tests/test_media_cache.c:279:7:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
	fd = mkstemp(tmp_path);
data/asterisk-16.15.0~dfsg/tests/test_media_cache.c:314:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp_path[PATH_MAX] = "/tmp/test-media-cache-XXXXXX";
data/asterisk-16.15.0~dfsg/tests/test_media_cache.c:315:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char file_path[PATH_MAX];
data/asterisk-16.15.0~dfsg/tests/test_media_cache.c:316:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char actual_metadata[32];
data/asterisk-16.15.0~dfsg/tests/test_media_cache.c:337:7:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
	fd = mkstemp(tmp_path);
data/asterisk-16.15.0~dfsg/tests/test_message.c:139:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char error_buf[128];
data/asterisk-16.15.0~dfsg/tests/test_netsock2.c:105:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char buf[64];
data/asterisk-16.15.0~dfsg/tests/test_netsock2.c:119:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *host, *port, buf[128];
data/asterisk-16.15.0~dfsg/tests/test_poll.c:76:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char garbage[256] =
data/asterisk-16.15.0~dfsg/tests/test_poll.c:96:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fd[0] = open("/dev/null", O_WRONLY)) < 0) {
data/asterisk-16.15.0~dfsg/tests/test_poll.c:102:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fd[1] = open("/dev/zero", O_RDONLY)) < 0) {
data/asterisk-16.15.0~dfsg/tests/test_res_rtp.c:96:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data[320] = "";
data/asterisk-16.15.0~dfsg/tests/test_res_stasis.c:139:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char eid[20];
data/asterisk-16.15.0~dfsg/tests/test_security_events.c:100:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char localaddr[53];
data/asterisk-16.15.0~dfsg/tests/test_security_events.c:101:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char remoteaddr[53];
data/asterisk-16.15.0~dfsg/tests/test_security_events.c:136:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char localaddr[53];
data/asterisk-16.15.0~dfsg/tests/test_security_events.c:137:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char remoteaddr[53];
data/asterisk-16.15.0~dfsg/tests/test_security_events.c:172:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char localaddr[53];
data/asterisk-16.15.0~dfsg/tests/test_security_events.c:173:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char remoteaddr[53];
data/asterisk-16.15.0~dfsg/tests/test_security_events.c:208:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char localaddr[53];
data/asterisk-16.15.0~dfsg/tests/test_security_events.c:209:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char remoteaddr[53];
data/asterisk-16.15.0~dfsg/tests/test_security_events.c:244:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char localaddr[53];
data/asterisk-16.15.0~dfsg/tests/test_security_events.c:245:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char remoteaddr[53];
data/asterisk-16.15.0~dfsg/tests/test_security_events.c:282:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char localaddr[53];
data/asterisk-16.15.0~dfsg/tests/test_security_events.c:283:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char remoteaddr[53];
data/asterisk-16.15.0~dfsg/tests/test_security_events.c:321:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char localaddr[53];
data/asterisk-16.15.0~dfsg/tests/test_security_events.c:322:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char remoteaddr[53];
data/asterisk-16.15.0~dfsg/tests/test_security_events.c:359:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char localaddr[53];
data/asterisk-16.15.0~dfsg/tests/test_security_events.c:360:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char remoteaddr[53];
data/asterisk-16.15.0~dfsg/tests/test_security_events.c:398:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char localaddr[53];
data/asterisk-16.15.0~dfsg/tests/test_security_events.c:399:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char remoteaddr[53];
data/asterisk-16.15.0~dfsg/tests/test_security_events.c:434:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char localaddr[53];
data/asterisk-16.15.0~dfsg/tests/test_security_events.c:435:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char remoteaddr[53];
data/asterisk-16.15.0~dfsg/tests/test_security_events.c:476:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char localaddr[53];
data/asterisk-16.15.0~dfsg/tests/test_security_events.c:477:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char remoteaddr[53];
data/asterisk-16.15.0~dfsg/tests/test_security_events.c:478:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char expectedaddr[53];
data/asterisk-16.15.0~dfsg/tests/test_security_events.c:519:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char localaddr[53];
data/asterisk-16.15.0~dfsg/tests/test_security_events.c:520:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char remoteaddr[53];
data/asterisk-16.15.0~dfsg/tests/test_security_events.c:558:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char localaddr[53];
data/asterisk-16.15.0~dfsg/tests/test_security_events.c:559:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char remoteaddr[53];
data/asterisk-16.15.0~dfsg/tests/test_security_events.c:595:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char localaddr[53];
data/asterisk-16.15.0~dfsg/tests/test_security_events.c:596:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char remoteaddr[53];
data/asterisk-16.15.0~dfsg/tests/test_security_events.c:632:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char localaddr[53];
data/asterisk-16.15.0~dfsg/tests/test_security_events.c:633:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char remoteaddr[53];
data/asterisk-16.15.0~dfsg/tests/test_sorcery.c:2943:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char expression[256];
data/asterisk-16.15.0~dfsg/tests/test_sorcery_astdb.c:83:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char value[2];
data/asterisk-16.15.0~dfsg/tests/test_sorcery_memory_cache_thrash.c:242:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char object_id_str[AST_UUID_STR_LEN];
data/asterisk-16.15.0~dfsg/tests/test_sorcery_memory_cache_thrash.c:272:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char object_id_str[AST_UUID_STR_LEN];
data/asterisk-16.15.0~dfsg/tests/test_stasis.c:919:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char aggregate_str[30];
data/asterisk-16.15.0~dfsg/tests/test_stasis.c:926:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		accumulated += atoi(test_data->value);
data/asterisk-16.15.0~dfsg/tests/test_stasis.c:936:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		accumulated += atoi(test_data->value);
data/asterisk-16.15.0~dfsg/tests/test_stasis.c:948:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		if (accumulated == atoi(test_data->value)) {
data/asterisk-16.15.0~dfsg/tests/test_stream.c:231:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char track_label[AST_UUID_STR_LEN + 1];
data/asterisk-16.15.0~dfsg/tests/test_stream.c:322:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char audio_track_label[AST_UUID_STR_LEN + 1];
data/asterisk-16.15.0~dfsg/tests/test_stream.c:323:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char video_track_label[AST_UUID_STR_LEN + 1];
data/asterisk-16.15.0~dfsg/tests/test_strings.c:48:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char short_string_cat[30];
data/asterisk-16.15.0~dfsg/tests/test_strings.c:51:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char long_string_cat[200];
data/asterisk-16.15.0~dfsg/tests/test_strings.c:52:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char string_limit_cat[11];
data/asterisk-16.15.0~dfsg/tests/test_strings.c:458:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[128];
data/asterisk-16.15.0~dfsg/tests/test_substitution.c:52:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char workspace[4096];
data/asterisk-16.15.0~dfsg/tests/test_substitution.c:76:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char workspace[4096];
data/asterisk-16.15.0~dfsg/tests/test_substitution.c:102:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char workspace[4096];
data/asterisk-16.15.0~dfsg/tests/test_substitution.c:128:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char workspace[4096];
data/asterisk-16.15.0~dfsg/tests/test_substitution.c:157:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char workspace[4096];
data/asterisk-16.15.0~dfsg/tests/test_substitution.c:320:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char expression[80];
data/asterisk-16.15.0~dfsg/tests/test_time.c:55:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tzfile[50], syscmd[256];
data/asterisk-16.15.0~dfsg/tests/test_utils.c:52:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char out[256] = { 0 };
data/asterisk-16.15.0~dfsg/tests/test_utils.c:53:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char small[4] = { 0 };
data/asterisk-16.15.0~dfsg/tests/test_utils.c:133:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char out[256] = { 0 };
data/asterisk-16.15.0~dfsg/tests/test_utils.c:134:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char small[4] = { 0 };
data/asterisk-16.15.0~dfsg/tests/test_utils.c:206:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char md5_hash[33];
data/asterisk-16.15.0~dfsg/tests/test_utils.c:251:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char sha1_hash[64];
data/asterisk-16.15.0~dfsg/tests/test_utils.c:293:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char tmp[64];
data/asterisk-16.15.0~dfsg/tests/test_utils.c:294:35:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		ast_base64encode(tmp, (unsigned char *)tests[i].input, strlen(tests[i].input), sizeof(tmp));
data/asterisk-16.15.0~dfsg/tests/test_utils.c:303:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		ast_base64decode((unsigned char *) tmp, tests[i].decoded, (sizeof(tmp) - 1));
data/asterisk-16.15.0~dfsg/tests/test_utils.c:407:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char path[80] = {};
data/asterisk-16.15.0~dfsg/tests/test_utils.c:534:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char escaped[64];
data/asterisk-16.15.0~dfsg/tests/test_utils.c:607:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		RAII_VAR(char *, escaped, ast_strdup(escape_sets[i].input), ast_free);
data/asterisk-16.15.0~dfsg/tests/test_uuid.c:38:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char uuid_str[AST_UUID_STR_LEN];
data/asterisk-16.15.0~dfsg/tests/test_vector.c:64:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char CCC2[4];
data/asterisk-16.15.0~dfsg/tests/test_vector.c:66:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(CCC2, "CCC");
data/asterisk-16.15.0~dfsg/tests/test_voicemail_api.c:379:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msg_id_hash[AST_MAX_CONTEXT + AST_MAX_EXTENSION + sizeof(callerid) + 1];
data/asterisk-16.15.0~dfsg/tests/test_voicemail_api.c:380:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msg_id_buf[256];
data/asterisk-16.15.0~dfsg/tests/test_voicemail_api.c:448:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char folder_path[PATH_MAX];
data/asterisk-16.15.0~dfsg/tests/test_voicemail_api.c:449:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msg_path[PATH_MAX];
data/asterisk-16.15.0~dfsg/tests/test_voicemail_api.c:450:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char snd_path[PATH_MAX];
data/asterisk-16.15.0~dfsg/tests/test_voicemail_api.c:451:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char beep_path[PATH_MAX];
data/asterisk-16.15.0~dfsg/tests/test_voicemail_api.c:481:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(msg_file = fopen(msg_path, "w"))) {
data/asterisk-16.15.0~dfsg/tests/test_voicemail_api.c:539:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msg_path[PATH_MAX];
data/asterisk-16.15.0~dfsg/tests/test_voicemail_api.c:540:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char snd_path[PATH_MAX];
data/asterisk-16.15.0~dfsg/tests/test_voicemail_api.c:541:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char folder_path[PATH_MAX];
data/asterisk-16.15.0~dfsg/tests/test_voicemail_api.c:971:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *multi_msg_ids[2];
data/asterisk-16.15.0~dfsg/tests/test_voicemail_api.c:1040:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *multi_msg_ids[4];
data/asterisk-16.15.0~dfsg/tests/test_voicemail_api.c:1118:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *multi_msg_ids[2];
data/asterisk-16.15.0~dfsg/tests/test_voicemail_api.c:1158:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *multi_msg_ids[2];
data/asterisk-16.15.0~dfsg/tests/test_voicemail_api.c:1224:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *multi_msg_ids[2];
data/asterisk-16.15.0~dfsg/tests/test_voicemail_api.c:1331:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *multi_msg_ids[4];
data/asterisk-16.15.0~dfsg/tests/test_voicemail_api.c:1418:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *message_id_2345[2];
data/asterisk-16.15.0~dfsg/tests/test_xml_escape.c:43:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char actual[256] = "";
data/asterisk-16.15.0~dfsg/utils/ael_main.c:41:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[100];
data/asterisk-16.15.0~dfsg/utils/ael_main.c:42:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name2[100];
data/asterisk-16.15.0~dfsg/utils/ael_main.c:49:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[100];
data/asterisk-16.15.0~dfsg/utils/ael_main.c:50:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char registrar[100];
data/asterisk-16.15.0~dfsg/utils/ael_main.c:94:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char last_exten[18000];
data/asterisk-16.15.0~dfsg/utils/ael_main.c:96:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char config_dir[PATH_MAX];
data/asterisk-16.15.0~dfsg/utils/ael_main.c:97:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char var_dir[PATH_MAX];
data/asterisk-16.15.0~dfsg/utils/ael_main.c:525:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(config_dir, "/etc/asterisk");
data/asterisk-16.15.0~dfsg/utils/ael_main.c:528:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(var_dir, "/var/lib/asterisk");
data/asterisk-16.15.0~dfsg/utils/ael_main.c:531:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		dumpfile = fopen("extensions.conf.aeldump","w");
data/asterisk-16.15.0~dfsg/utils/astcanary.c:113:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	for (parent = atoi(argv[2]); parent == getppid() ;) {
data/asterisk-16.15.0~dfsg/utils/astcanary.c:117:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			if ((fd = open(argv[1], O_RDWR | O_TRUNC | O_CREAT, 0777)) > -1) {
data/asterisk-16.15.0~dfsg/utils/astdb2sqlite3.c:109:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char last_key_s[MAX_DB_FIELD];
data/asterisk-16.15.0~dfsg/utils/astdb2sqlite3.c:214:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(dbname, ".sqlite3");
data/asterisk-16.15.0~dfsg/utils/astman.c:68:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char headers[MAX_HEADERS][MAX_LEN];
data/asterisk-16.15.0~dfsg/utils/astman.c:74:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char inbuf[MAX_LEN];
data/asterisk-16.15.0~dfsg/utils/astman.c:79:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[80];
data/asterisk-16.15.0~dfsg/utils/astman.c:80:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten[20];
data/asterisk-16.15.0~dfsg/utils/astman.c:81:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char context[20];
data/asterisk-16.15.0~dfsg/utils/astman.c:82:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char priority[20];
data/asterisk-16.15.0~dfsg/utils/astman.c:83:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char callerid[40];
data/asterisk-16.15.0~dfsg/utils/astman.c:84:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char state[10];
data/asterisk-16.15.0~dfsg/utils/astman.c:143:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char stuff[4096];
data/asterisk-16.15.0~dfsg/utils/astman.c:156:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cmp[80];
data/asterisk-16.15.0~dfsg/utils/astman.c:252:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char event[80] = "";
data/asterisk-16.15.0~dfsg/utils/astman.c:279:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmpn[sizeof(chan->name) + sizeof(chan->callerid) + 3 - 1];
data/asterisk-16.15.0~dfsg/utils/astman.c:280:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/asterisk-16.15.0~dfsg/utils/astman.c:320:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(output, s->inbuf, x + 1);
data/asterisk-16.15.0~dfsg/utils/astman.c:413:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[4096];
data/asterisk-16.15.0~dfsg/utils/astman.c:531:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dest[256];
data/asterisk-16.15.0~dfsg/utils/astman.c:534:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char channame[256];
data/asterisk-16.15.0~dfsg/utils/astman.c:535:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[sizeof(tmp_prefix) + sizeof(channame)];
data/asterisk-16.15.0~dfsg/utils/astman.c:569:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[80];
data/asterisk-16.15.0~dfsg/utils/astman.c:643:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[55];
data/asterisk-16.15.0~dfsg/utils/astman.c:706:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char md5key[256] = "";
data/asterisk-16.15.0~dfsg/utils/astman.c:708:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				unsigned char digest[16];
data/asterisk-16.15.0~dfsg/utils/astman.c:714:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					len += sprintf(md5key + len, "%02hhx", digest[x]);
data/asterisk-16.15.0~dfsg/utils/check_expr.c:110:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char varname[100]; /* a really ultra-simple, space-wasting linked list of var=val data */
data/asterisk-16.15.0~dfsg/utils/check_expr.c:111:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char varval[1000]; /* if any varname is bigger than 100 chars, or val greater than 1000, then **CRASH** */
data/asterisk-16.15.0~dfsg/utils/check_expr.c:194:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char msg[200];
data/asterisk-16.15.0~dfsg/utils/check_expr.c:217:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char msg[200];
data/asterisk-16.15.0~dfsg/utils/check_expr.c:245:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char s[4096];
data/asterisk-16.15.0~dfsg/utils/check_expr.c:246:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char evalbuf[80000];
data/asterisk-16.15.0~dfsg/utils/check_expr.c:268:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char varname[200];
data/asterisk-16.15.0~dfsg/utils/check_expr.c:317:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE *f = fopen(fname,"r");
data/asterisk-16.15.0~dfsg/utils/check_expr.c:318:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE *l = fopen("expr2_log","w");
data/asterisk-16.15.0~dfsg/utils/check_expr.c:321:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[30000]; /* I sure hope no expr gets this big! */
data/asterisk-16.15.0~dfsg/utils/check_expr.c:343:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char error_report[30000];
data/asterisk-16.15.0~dfsg/utils/conf2ael.c:140:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char stuff[0];
data/asterisk-16.15.0~dfsg/utils/conf2ael.c:152:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char stuff[0];
data/asterisk-16.15.0~dfsg/utils/conf2ael.c:163:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char stuff[0];
data/asterisk-16.15.0~dfsg/utils/conf2ael.c:170:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char pattern[0];
data/asterisk-16.15.0~dfsg/utils/conf2ael.c:183:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];				/*!< Name of the context */
data/asterisk-16.15.0~dfsg/utils/conf2ael.c:194:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];				/*!< Name of the application */
data/asterisk-16.15.0~dfsg/utils/conf2ael.c:224:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data[1];
data/asterisk-16.15.0~dfsg/utils/conf2ael.c:374:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
						char timerange[15];
data/asterisk-16.15.0~dfsg/utils/conf2ael.c:375:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
						char dowrange[10];
data/asterisk-16.15.0~dfsg/utils/conf2ael.c:376:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
						char domrange[10];
data/asterisk-16.15.0~dfsg/utils/conf2ael.c:377:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
						char monrange[10];
data/asterisk-16.15.0~dfsg/utils/conf2ael.c:384:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
							char tbuf[20];
data/asterisk-16.15.0~dfsg/utils/conf2ael.c:388:8:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
							sprintf(tbuf,"%02d:%02d", hr, min);
data/asterisk-16.15.0~dfsg/utils/conf2ael.c:392:8:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
							sprintf(tbuf,"%02d:%02d", hr, min);
data/asterisk-16.15.0~dfsg/utils/conf2ael.c:418:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
							char tbuf[20];
data/asterisk-16.15.0~dfsg/utils/conf2ael.c:420:8:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
							sprintf(tbuf,"%d", startbit);
data/asterisk-16.15.0~dfsg/utils/conf2ael.c:423:8:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
							sprintf(tbuf,"%d", endbit);
data/asterisk-16.15.0~dfsg/utils/conf_bridge_binaural_hrir_importer.c:61:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	binaural_index_start = atoi(argv[2]);
data/asterisk-16.15.0~dfsg/utils/conf_bridge_binaural_hrir_importer.c:62:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	binaural_index_end = atoi(argv[3]);
data/asterisk-16.15.0~dfsg/utils/db1-ast/btree/bt_open.c:204:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ((t->bt_fd = open(fname, flags, mode)) < 0)
data/asterisk-16.15.0~dfsg/utils/db1-ast/btree/bt_open.c:411:12:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
	if ((fd = mkstemp(path)) != -1)
data/asterisk-16.15.0~dfsg/utils/db1-ast/btree/bt_put.c:81:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *dest, db[NOVFLSIZE], kb[NOVFLSIZE];
data/asterisk-16.15.0~dfsg/utils/db1-ast/btree/btree.h:134:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	bytes[1];		/* data */
data/asterisk-16.15.0~dfsg/utils/db1-ast/btree/btree.h:184:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	bytes[1];		/* data */
data/asterisk-16.15.0~dfsg/utils/db1-ast/btree/btree.h:216:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	bytes[1];
data/asterisk-16.15.0~dfsg/utils/db1-ast/hash/hash.c:131:20:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ((hashp->fp = open(file, flags, mode)) == -1)
data/asterisk-16.15.0~dfsg/utils/db1-ast/hash/hash_page.c:870:19:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
	if ((hashp->fp = mkstemp(namestr)) != -1) {
data/asterisk-16.15.0~dfsg/utils/db1-ast/hash/ndbm.c:69:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char path[len];
data/asterisk-16.15.0~dfsg/utils/db1-ast/include/db.h:203:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	((char *)a)[0] = ((char *)&_tmp)[3];				\
data/asterisk-16.15.0~dfsg/utils/db1-ast/include/db.h:204:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	((char *)a)[1] = ((char *)&_tmp)[2];				\
data/asterisk-16.15.0~dfsg/utils/db1-ast/include/db.h:205:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	((char *)a)[2] = ((char *)&_tmp)[1];				\
data/asterisk-16.15.0~dfsg/utils/db1-ast/include/db.h:206:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	((char *)a)[3] = ((char *)&_tmp)[0];				\
data/asterisk-16.15.0~dfsg/utils/db1-ast/include/db.h:228:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	((char *)a)[0] = ((char *)&_tmp)[1];				\
data/asterisk-16.15.0~dfsg/utils/db1-ast/include/db.h:229:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	((char *)a)[1] = ((char *)&_tmp)[0];				\
data/asterisk-16.15.0~dfsg/utils/db1-ast/recno/rec_open.c:69:30:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (fname != NULL && (rfd = open(fname, flags, mode)) < 0)
data/asterisk-16.15.0~dfsg/utils/db1-ast/recno/rec_put.c:203:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *dest, db[NOVFLSIZE];
data/asterisk-16.15.0~dfsg/utils/extconf.c:215:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *file[AST_MAX_REENTRANCY];
data/asterisk-16.15.0~dfsg/utils/extconf.c:218:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *func[AST_MAX_REENTRANCY];
data/asterisk-16.15.0~dfsg/utils/extconf.c:715:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cmt[0];
data/asterisk-16.15.0~dfsg/utils/extconf.c:844:8:  [2] (race) vfork:
  On some old systems, vfork() permits race conditions, and it's very
  difficult to use correctly (CWE-362). Use fork() instead.
	pid = vfork();
data/asterisk-16.15.0~dfsg/utils/extconf.c:890:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char stuff[0];
data/asterisk-16.15.0~dfsg/utils/extconf.c:899:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[80];
data/asterisk-16.15.0~dfsg/utils/extconf.c:1039:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char stuff[0];
data/asterisk-16.15.0~dfsg/utils/extconf.c:1397:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char record_cache_dir[AST_CACHE_DIR_LEN];
data/asterisk-16.15.0~dfsg/utils/extconf.c:1398:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char debug_filename[AST_FILENAME_MAX];
data/asterisk-16.15.0~dfsg/utils/extconf.c:2063:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];
data/asterisk-16.15.0~dfsg/utils/extconf.c:2123:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char userscontext[AST_MAX_EXTENSION] = "default";
data/asterisk-16.15.0~dfsg/utils/extconf.c:2351:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char stuff[0];
data/asterisk-16.15.0~dfsg/utils/extconf.c:2372:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char stuff[0];
data/asterisk-16.15.0~dfsg/utils/extconf.c:2383:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char stuff[0];
data/asterisk-16.15.0~dfsg/utils/extconf.c:2390:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pattern[0];
data/asterisk-16.15.0~dfsg/utils/extconf.c:2403:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];				/*!< Name of the context */
data/asterisk-16.15.0~dfsg/utils/extconf.c:2414:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];				/*!< Name of the application */
data/asterisk-16.15.0~dfsg/utils/extconf.c:2445:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data[1];
data/asterisk-16.15.0~dfsg/utils/extconf.c:2574:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *argv[24];		/* this will only support a maximum of 24 variables being set in a single operation */
data/asterisk-16.15.0~dfsg/utils/extconf.c:2866:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char db[256];
data/asterisk-16.15.0~dfsg/utils/extconf.c:2867:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char table[256];
data/asterisk-16.15.0~dfsg/utils/extconf.c:2913:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exec_file[512];
data/asterisk-16.15.0~dfsg/utils/extconf.c:3010:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char real_inclusion_name[525];
data/asterisk-16.15.0~dfsg/utils/extconf.c:3027:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char cmd[1024];
data/asterisk-16.15.0~dfsg/utils/extconf.c:3123:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256];
data/asterisk-16.15.0~dfsg/utils/extconf.c:3124:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[8192];
data/asterisk-16.15.0~dfsg/utils/extconf.c:3160:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if (!(f = fopen(fn, "r"))) {
data/asterisk-16.15.0~dfsg/utils/extconf.c:3392:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char date[256]="";
data/asterisk-16.15.0~dfsg/utils/extconf.c:3426:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fn[256];
data/asterisk-16.15.0~dfsg/utils/extconf.c:3447:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			f1 = fopen(fn,"w");
data/asterisk-16.15.0~dfsg/utils/extconf.c:3459:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((f = fopen(fn, "w+"))) {
data/asterisk-16.15.0~dfsg/utils/extconf.c:3461:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((f = fopen(fn, "w"))) {
data/asterisk-16.15.0~dfsg/utils/extconf.c:3476:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			f = fopen(fn, "a");
data/asterisk-16.15.0~dfsg/utils/extconf.c:3514:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
				f = fopen(fn, "a");
data/asterisk-16.15.0~dfsg/utils/extconf.c:3572:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			f = fopen(fn, "a");
data/asterisk-16.15.0~dfsg/utils/extconf.c:5189:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(cp2, whereweare, pos);
data/asterisk-16.15.0~dfsg/utils/extconf.c:5263:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(cp2, cp4, length);
data/asterisk-16.15.0~dfsg/utils/extconf.c:5344:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char realvalue[256];
data/asterisk-16.15.0~dfsg/utils/extconf.c:5385:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char realext[256]="";
data/asterisk-16.15.0~dfsg/utils/extconf.c:5460:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
							ipri += atoi(plus);
data/asterisk-16.15.0~dfsg/utils/frame.c:80:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   unsigned char blood[8];
data/asterisk-16.15.0~dfsg/utils/frame.c:130:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char str[9];
data/asterisk-16.15.0~dfsg/utils/frame.c:798:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	     in = fopen(infilename, "rt");
data/asterisk-16.15.0~dfsg/utils/frame.c:800:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	     if ((in = fopen(infilename, "rb")) != NULL)
data/asterisk-16.15.0~dfsg/utils/frame.c:822:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	     out = fopen(outfilename, "wt");
data/asterisk-16.15.0~dfsg/utils/frame.c:824:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	     out = fopen(outfilename, "wb");
data/asterisk-16.15.0~dfsg/utils/frame.c:840:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
       in = out = fopen(outfilename, "r+");
data/asterisk-16.15.0~dfsg/utils/muted.c:77:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char host[256] = "";
data/asterisk-16.15.0~dfsg/utils/muted.c:78:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char user[256] = "";
data/asterisk-16.15.0~dfsg/utils/muted.c:79:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char pass[256] = "";
data/asterisk-16.15.0~dfsg/utils/muted.c:126:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[256];
data/asterisk-16.15.0~dfsg/utils/muted.c:131:6:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	f = fopen(config, "r");
data/asterisk-16.15.0~dfsg/utils/muted.c:215:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	mixfd = open("/dev/mixer", O_RDWR);
data/asterisk-16.15.0~dfsg/utils/muted.c:271:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[1024];
data/asterisk-16.15.0~dfsg/utils/muted.c:328:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256] = "";
data/asterisk-16.15.0~dfsg/utils/muted.c:631:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char event[120]="";
data/asterisk-16.15.0~dfsg/utils/muted.c:632:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char channel[120]="";
data/asterisk-16.15.0~dfsg/utils/muted.c:633:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char oldname[120]="";
data/asterisk-16.15.0~dfsg/utils/muted.c:634:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char newname[120]="";
data/asterisk-16.15.0~dfsg/utils/muted.c:738:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char userpath[256];
data/asterisk-16.15.0~dfsg/utils/smsq.c:101:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char ogname[300],
data/asterisk-16.15.0~dfsg/utils/smsq.c:133:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   f = fopen (temp, "w");
data/asterisk-16.15.0~dfsg/utils/smsq.c:201:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char dirname[100],
data/asterisk-16.15.0~dfsg/utils/smsq.c:215:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
         char filename[1010];
data/asterisk-16.15.0~dfsg/utils/smsq.c:216:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
         char line[1000];
data/asterisk-16.15.0~dfsg/utils/smsq.c:223:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
         f = fopen (temp, "r");
data/asterisk-16.15.0~dfsg/utils/smsq.c:270:76:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
               else if ((!strcmp (line, "srr") || !strcmp (line, "rp")) && atoi (p))
data/asterisk-16.15.0~dfsg/utils/smsq.c:325:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char tmp[481];
data/asterisk-16.15.0~dfsg/utils/smsq.c:390:19:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                  sprintf (tmp + n, "%02hX", ud[x]);
data/asterisk-16.15.0~dfsg/utils/smsq.c:397:16:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
               sprintf (tmp + n, "%04hX", ud[x]);
data/asterisk-16.15.0~dfsg/utils/smsq.c:623:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      unsigned char dat[1204],
data/asterisk-16.15.0~dfsg/utils/smsq.c:629:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
         f = open (udfile, O_RDONLY);
data/asterisk-16.15.0~dfsg/utils/smsq.c:680:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char temp[100],
data/asterisk-16.15.0~dfsg/utils/smsq.c:688:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      f = fopen (temp, "w");
data/asterisk-16.15.0~dfsg/utils/stereorize.c:41:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char *filename[2], *tempname;
data/asterisk-16.15.0~dfsg/utils/stereorize.c:67:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	   channel[i] = fopen(filename[i], "rb");
data/asterisk-16.15.0~dfsg/utils/stereorize.c:91:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
       out = fopen(outfilename, "wb");
data/asterisk-16.15.0~dfsg/utils/streamplayer.c:68:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[2048];
data/asterisk-16.15.0~dfsg/utils/streamplayer.c:89:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	sin.sin_port = htons(atoi(argv[2]));
data/asterisk-16.15.0~dfsg/addons/app_mysql.c:307:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		var = ast_alloca(6 + strlen(args.variable) + 1);
data/asterisk-16.15.0~dfsg/addons/app_mysql.c:354:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if(args.dbcharset && strlen(args.dbcharset) > 2){
data/asterisk-16.15.0~dfsg/addons/app_mysql.c:591:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strncasecmp("connect", data, strlen("connect")) == 0) {
data/asterisk-16.15.0~dfsg/addons/app_mysql.c:593:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	} else if (strncasecmp("query", data, strlen("query")) == 0) {
data/asterisk-16.15.0~dfsg/addons/app_mysql.c:595:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	} else if (strncasecmp("nextresult", data, strlen("nextresult")) == 0) {
data/asterisk-16.15.0~dfsg/addons/app_mysql.c:597:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	} else if (strncasecmp("fetch", data, strlen("fetch")) == 0) {
data/asterisk-16.15.0~dfsg/addons/app_mysql.c:599:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	} else if (strncasecmp("clear", data, strlen("clear")) == 0) {
data/asterisk-16.15.0~dfsg/addons/app_mysql.c:601:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	} else if (strncasecmp("disconnect", data, strlen("disconnect")) == 0) {
data/asterisk-16.15.0~dfsg/addons/cdr_mysql.c:343:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				ast_str_make_space(&escape, (valsz = strlen(value)) * 2 + 1);
data/asterisk-16.15.0~dfsg/addons/cdr_mysql.c:548:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (item[0] == '"' && item[strlen(item) - 1] == '"') {
data/asterisk-16.15.0~dfsg/addons/cdr_mysql.c:550:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					item[strlen(item) - 1] = '\0';
data/asterisk-16.15.0~dfsg/addons/cdr_mysql.c:557:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		entry = ast_calloc(sizeof(char), sizeof(*entry) + strlen(row[0]) + 1 + strlen(cdrvar) + 1 + strlen(staticvalue) + 1 + strlen(row[1]) + 1);
data/asterisk-16.15.0~dfsg/addons/cdr_mysql.c:557:74:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		entry = ast_calloc(sizeof(char), sizeof(*entry) + strlen(row[0]) + 1 + strlen(cdrvar) + 1 + strlen(staticvalue) + 1 + strlen(row[1]) + 1);
data/asterisk-16.15.0~dfsg/addons/cdr_mysql.c:557:95:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		entry = ast_calloc(sizeof(char), sizeof(*entry) + strlen(row[0]) + 1 + strlen(cdrvar) + 1 + strlen(staticvalue) + 1 + strlen(row[1]) + 1);
data/asterisk-16.15.0~dfsg/addons/cdr_mysql.c:557:121:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		entry = ast_calloc(sizeof(char), sizeof(*entry) + strlen(row[0]) + 1 + strlen(cdrvar) + 1 + strlen(staticvalue) + 1 + strlen(row[1]) + 1);
data/asterisk-16.15.0~dfsg/addons/cdr_mysql.c:568:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			entry->cdrname = entry->name + strlen(row[0]) + 1;
data/asterisk-16.15.0~dfsg/addons/cdr_mysql.c:575:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			entry->staticvalue = entry->cdrname + strlen(entry->cdrname) + 1;
data/asterisk-16.15.0~dfsg/addons/cdr_mysql.c:577:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			ast_debug(1, "staticvalue length: %d\n", (int) strlen(staticvalue) );
data/asterisk-16.15.0~dfsg/addons/cdr_mysql.c:578:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			entry->type = entry->staticvalue + strlen(entry->staticvalue) + 1;
data/asterisk-16.15.0~dfsg/addons/cdr_mysql.c:580:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			entry->type = entry->cdrname + strlen(entry->cdrname) + 1;
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:1136:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		if ((r = read(pvt->sco_socket, pvt->fr.data.ptr, DEVICE_FRAME_SIZE)) == -1) {
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:1437:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return rfcomm_write_full(rsock, buf, strlen(buf));
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:1527:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	if ((res = read(rsock, result, 1)) < 1) {
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:1568:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	while ((res = read(rsock, &c, 1)) == 1) {
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:1767:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	while ((res = read(rsock, &c, 1)) == 1) {
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:2004:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return !strncmp(buf, prefix, strlen(prefix));
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:2361:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	s = strlen(buf);
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:2426:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	s = strlen(buf);
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:2779:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	s = strlen(buf);
data/asterisk-16.15.0~dfsg/addons/chan_mobile.c:2830:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	s = strlen(buf);
data/asterisk-16.15.0~dfsg/addons/chan_ooh323.c:1072:50:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
	for (i=0;i<480 && !isRunning(p->callToken);i++) usleep(12000);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/decode.c:205:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         ASN1UINT nchars = strlen (charSet);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/encode.c:406:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   ASN1UINT i, len = strlen(string);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/encode.c:433:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      ASN1UINT nchars = strlen(charSet), pos;
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/encode.c:942:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   ASN1UINT    len = strlen (value);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/errmgmt.c:93:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      char* tmpstr = ast_malloc(strlen(errprm_p) + 1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/errmgmt.c:165:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  j += strlen (pErrInfo->parms[pcnt++]);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCalls.c:77:6:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
     strncpy(call->ourCallerId, gH323ep.callerid, sizeof(call->ourCallerId)-1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCalls.c:126:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                         strlen(gH323ep.callingPartyNumber)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCalls.c:392:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
   strncpy(call->ourCallerId, callerid, sizeof(call->ourCallerId)-1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCalls.c:402:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   call->callingPartyNumber = (char*) memAlloc(call->pctxt, strlen(number)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCalls.c:425:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if(len>(int)strlen(call->callingPartyNumber))
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCalls.c:441:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   call->calledPartyNumber = (char*) memAlloc(call->pctxt, strlen(number)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCalls.c:459:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if(len>(int)strlen(call->calledPartyNumber))
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCalls.c:490:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   psNewAlias->value = (char*) memAlloc(call->pctxt, strlen(value)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCapability.c:808:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      events = (char*)memAllocZ(pctxt, strlen("0-16")+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCmdChannel.c:160:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
   recvLen = read(gH323ep.cmdSock, buffer, MAXMSGLEN);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCmdChannel.c:287:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    recvLen = read(call->cmdSock, buffer, MAXMSGLEN);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCmdChannel.c:290:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    recvLen = read(call->cmdSock, buffer, MAXMSGLEN);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooCmdChannel.c:400:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
     			strncpy(call->ourCallerId, cmd.param2, sizeof(call->ourCallerId)-1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c:235:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         if(strlen(szGkAddr)>MAX_IP_LEN)
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c:356:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      pVendor->productId.numocts = ASN1MIN(strlen(gH323ep.productID),
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c:364:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      pVendor->versionId.numocts = ASN1MIN(strlen(gH323ep.versionID),
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c:398:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if((strncmp(pGkClient->gkRasIP, remoteHost,strlen(pGkClient->gkRasIP)))||
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooGkClient.c:2558:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                                         strlen("Call Ended");
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooSocket.c:349:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   if(host && strlen(host) < (unsigned)len)
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooSocket.c:392:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
       memcpy(destAddr, host, strlen(host) + 1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooSocket.c:493:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if(strlen(host) < (hostBufLen-1))
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooSocket.c:695:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         pName = (char*)memAlloc(pctxt, strlen(ifName->ifr_name)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooSocket.c:737:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         pIf->addr = (char*)memAlloc(pctxt, strlen(addr)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooSocket.c:761:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         pIf->mask = (char*)memAlloc(pctxt, strlen(mask)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:42:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   if ((strlen(aCallToken)+1) < size)
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:82:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   cmd.param1 = ast_malloc(strlen(dest)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:90:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   cmd.param2 = ast_malloc(strlen(callToken)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:152:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   cmd.param1 = ast_malloc(strlen(dest)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:158:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   cmd.plen1 = strlen(dest);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:161:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   cmd.param2 = ast_malloc(strlen(callToken)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:169:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   cmd.plen2 = strlen(callToken);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:226:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   cmd.param1 = ast_malloc(strlen(callToken)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:232:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   cmd.plen1 = strlen(callToken);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:270:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   cmd.param1 = ast_malloc(strlen(callToken)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:276:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   cmd.plen1 = strlen(callToken);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:312:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   cmd.param1 = ast_malloc(strlen(callToken)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:318:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   cmd.plen1 = strlen(callToken);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:353:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   cmd.param1 = ast_malloc(strlen(callToken)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:354:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   cmd.param2 = ast_malloc(strlen(dest)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:362:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   cmd.plen1 = strlen(callToken);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:364:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   cmd.plen2 = strlen(dest);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:402:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   cmd.param1 = ast_malloc(strlen(callToken)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:413:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   cmd.plen1 = strlen(callToken);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:476:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   cmd.param1 = ast_malloc(strlen(callToken)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:477:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   cmd.param2 = ast_malloc(strlen(dtmf)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:485:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   cmd.plen1 = strlen(callToken);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:487:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   cmd.plen2 = strlen(dtmf);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:524:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   cmd.param1 = ast_malloc(strlen(callToken)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:525:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   cmd.param2 = ast_malloc(strlen(ani)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:533:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   cmd.plen1 = strlen(callToken);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:535:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   cmd.plen2 = strlen(ani);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:575:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   cmd.param1 = ast_malloc(strlen(callToken) + 1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:576:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   cmd.param2 = ast_malloc(strlen(localIP) + 1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:591:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   cmd.plen1 = strlen(callToken);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:593:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   cmd.plen2 = strlen(localIP);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:634:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   cmd.param1 = ast_malloc(strlen(callToken)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooStackCmds.c:643:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   cmd.plen1 = strlen(callToken);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/oochannels.c:457:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	memcpy(call->remoteIP, remoteIP, strlen(remoteIP) + 1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh245.c:3543:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                              memAlloc(pctxt, strlen(data)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh245.c:3605:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                              memAlloc(pctxt, strlen(data)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:55:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(call->remoteDisplayName, (char *)pDisplayIE->data, pDisplayIE->length*sizeof(ASN1OCTET));
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:416:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(call->remoteDisplayName, (char *)pDisplayIE->data, pDisplayIE->length*sizeof(ASN1OCTET));
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:433:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                                    strlen(pAlias->value)*+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:463:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                                    strlen(pAlias->value)*+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:539:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   if (strncmp(remoteIP, call->remoteIP, strlen(remoteIP))) {
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:2234:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                         strlen(pAliasAddress->u.dialedDigits)*sizeof(char)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:2245:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                           strlen(pAliasAddress->u.dialedDigits)*sizeof(char));
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:2246:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         newAlias->value[strlen(pAliasAddress->u.dialedDigits)*sizeof(char)]='\0';
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:2273:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                              strlen(pAliasAddress->u.url_ID)*sizeof(char)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:2284:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                               strlen(pAliasAddress->u.url_ID)*sizeof(char));
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:2285:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         newAlias->value[strlen(pAliasAddress->u.url_ID)*sizeof(char)]='\0';
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:2296:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	 sprintf(newAlias->value+strlen(newAlias->value), ":%d", pTransportAddrss->u.ip6Address->port);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:2317:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                             strlen(pAliasAddress->u.email_ID)*sizeof(char)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:2328:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                              strlen(pAliasAddress->u.email_ID)*sizeof(char));
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:2329:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         newAlias->value[strlen(pAliasAddress->u.email_ID)*sizeof(char)]='\0';
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:2375:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                                     strlen(pAlias->value)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:2432:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                                     strlen(pAlias->value)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:2445:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pAliasEntry->u.h323_ID.nchars = strlen(pAlias->value);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:2447:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                     (pctxt, strlen(pAlias->value)*sizeof(ASN116BITCHAR));
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:2462:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                                     strlen(pAlias->value)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:2475:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                                     strlen(pAlias->value)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:2560:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      newAlias->value = (char*) memAlloc(pctxt, strlen(pAliasAddress->u.dialedDigits)*sizeof(char)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:2580:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            strlen(pAliasAddress->u.url_ID)*sizeof(char)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:2593:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
       sprintf(newAlias->value+strlen(newAlias->value), ":%d", pTransportAddrss->u.ip6Address->port);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323.c:2614:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 strlen(pAliasAddress->u.email_ID)*sizeof(char)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323ep.c:47:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if(strlen(tracefile)>= MAXFILENAME)
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323ep.c:187:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   psNewAlias->value = (char*) memAlloc(&gH323ep.ctxt, strlen(h323id)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323ep.c:214:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   psNewAlias->value = (char*) memAlloc(&gH323ep.ctxt, strlen(dialedDigits)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323ep.c:240:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   psNewAlias->value = (char*) memAlloc(&gH323ep.ctxt, strlen(url)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323ep.c:266:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   psNewAlias->value = (char*) memAlloc(&gH323ep.ctxt, strlen(email)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323ep.c:293:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   psNewAlias->value = (char*) memAlloc(&gH323ep.ctxt, strlen(ipaddress)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323ep.c:489:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      char* pstr = (char*) memAlloc (&gH323ep.ctxt, strlen(productID)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323ep.c:502:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      char* pstr = (char*) memAlloc (&gH323ep.ctxt, strlen(versionID)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323ep.c:515:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      char* pstr = (char*) memAlloc (&gH323ep.ctxt, strlen(callerID)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooh323ep.c:530:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(gH323ep.callingPartyNumber, number,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:436:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   if ((strlen(aCallToken)+1) < size)
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:774:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      ieLen = strlen(call->ourCallerId)+1;
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:1429:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      vendor->productId.numocts = ASN1MIN(strlen(gH323ep.productID),
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:1431:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy((char *)vendor->productId.data, gH323ep.productID,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:1437:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      vendor->versionId.numocts = ASN1MIN(strlen(gH323ep.versionID),
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:1439:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy((char *)vendor->versionId.data, gH323ep.versionID,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:1551:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      vendor->productId.numocts = ASN1MIN(strlen(gH323ep.productID),
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:1553:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy((char *)vendor->productId.data, gH323ep.productID,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:1559:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      vendor->versionId.numocts = ASN1MIN(strlen(gH323ep.versionID),
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:1561:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy((char *)vendor->versionId.data, gH323ep.versionID,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:1664:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      vendor->productId.numocts = ASN1MIN(strlen(gH323ep.productID),
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:1666:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy((char *)vendor->productId.data, gH323ep.productID,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:1672:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      vendor->versionId.numocts = ASN1MIN(strlen(gH323ep.versionID),
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:1674:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy((char *)vendor->versionId.data, gH323ep.versionID,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:2304:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      vendor->productId.numocts = ASN1MIN(strlen(gH323ep.productID),
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:2306:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy((char *)vendor->productId.data, gH323ep.productID,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:2312:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      vendor->versionId.numocts = ASN1MIN(strlen(gH323ep.versionID),
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:2314:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy((char *)vendor->versionId.data, gH323ep.versionID,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:2444:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pNewAlias->value = (char*) memAllocZ(pctxt, strlen(alias->value)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:2758:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                                   strlen(pAlias->value)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:2852:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                              strlen(gH323ep.productID),
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:2854:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy((char*)setup->sourceInfo.vendor.productId.data,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:2864:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                              strlen(gH323ep.versionID),
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:2866:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy((char*)setup->sourceInfo.vendor.versionId.data,
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:3511:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   len = strlen(data);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:3542:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   len = strlen(number);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:3572:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   len = strlen(number);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:3976:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if(strlen(buf)+1>len)
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:3989:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if(strlen(dest)+7>len)
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:3996:7:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
      strcat(parsedIP, ":");
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:4002:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
   strncpy(tmp, dest, sizeof(tmp)-1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:4019:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         if(strlen(buf)+1>len)
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:4026:10:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
         strncpy(parsedIP, buf, len-1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:4046:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      psNewAlias->value = (char*) memAlloc(pctxt, strlen(alias)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:4073:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         psNewAlias->value = (char*) memAlloc(pctxt, strlen(alias)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:4109:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      psNewAlias->value = (char*) memAlloc(pctxt, strlen(alias)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323c/src/ooq931.c:4141:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   psNewAlias->value = (char*) memAlloc(pctxt, strlen(alias)+1);
data/asterisk-16.15.0~dfsg/addons/ooh323cDriver.c:104:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		res = read(mycthread->thePipe[0], &c, 1);
data/asterisk-16.15.0~dfsg/addons/res_config_mysql.c:55:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		struct ast_str *semi = ast_str_thread_get(&scratch2_buf, strlen(var) * 3 + 1); \
data/asterisk-16.15.0~dfsg/addons/res_config_mysql.c:143:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy(whichdb, database, ptr - database);
data/asterisk-16.15.0~dfsg/addons/res_config_mysql.c:215:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!(table = ast_calloc(1, sizeof(*table) + strlen(tablename) + 1))) {
data/asterisk-16.15.0~dfsg/addons/res_config_mysql.c:238:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (!(column = ast_calloc(1, sizeof(*column) + strlen(fname) + strlen(ftype) + strlen(fdflt) + 3))) {
data/asterisk-16.15.0~dfsg/addons/res_config_mysql.c:238:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (!(column = ast_calloc(1, sizeof(*column) + strlen(fname) + strlen(ftype) + strlen(fdflt) + 3))) {
data/asterisk-16.15.0~dfsg/addons/res_config_mysql.c:238:83:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (!(column = ast_calloc(1, sizeof(*column) + strlen(fname) + strlen(ftype) + strlen(fdflt) + 3))) {
data/asterisk-16.15.0~dfsg/addons/res_config_mysql.c:254:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			column->type = (char *)column + sizeof(*column) + strlen(fname) + 1;
data/asterisk-16.15.0~dfsg/addons/res_config_mysql.c:255:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			column->dflt = (char *)column + sizeof(*column) + strlen(fname) + 1 + strlen(ftype) + 1;
data/asterisk-16.15.0~dfsg/addons/res_config_mysql.c:255:74:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			column->dflt = (char *)column + sizeof(*column) + strlen(fname) + 1 + strlen(ftype) + 1;
data/asterisk-16.15.0~dfsg/addons/res_config_mysql.c:298:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			memmove(chunk + 1, chunk + 3, strlen(chunk + 3) + 1);
data/asterisk-16.15.0~dfsg/addons/res_config_mysql.c:1222:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (!(cur = ast_calloc(1, sizeof(*cur) + strlen(catg) + 1))) {
data/asterisk-16.15.0~dfsg/addons/res_config_mysql.c:1341:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if(strlen(conn->charset) > 2){
data/asterisk-16.15.0~dfsg/addons/res_config_mysql.c:1370:42:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
		if (mysql_ping(&conn->handle) != 0 && (usleep(1) + 2 > 0) && mysql_ping(&conn->handle) != 0) {
data/asterisk-16.15.0~dfsg/addons/res_config_mysql.c:1410:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		l = strlen(a->word);
data/asterisk-16.15.0~dfsg/agi/eagi-sphinx-test.c:87:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		buf[strlen(buf) - 1] = '\0';
data/asterisk-16.15.0~dfsg/agi/eagi-sphinx-test.c:89:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!strlen(buf))
data/asterisk-16.15.0~dfsg/agi/eagi-sphinx-test.c:142:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			astresp[strlen(astresp) - 1] = '\0';
data/asterisk-16.15.0~dfsg/agi/eagi-sphinx-test.c:147:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			res = read(AUDIO_FILENO, audiobuf, sizeof(audiobuf));
data/asterisk-16.15.0~dfsg/agi/eagi-sphinx-test.c:155:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			res = read(sphinx_sock, sphinxresp, sizeof(sphinxresp));
data/asterisk-16.15.0~dfsg/agi/eagi-test.c:36:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		buf[strlen(buf) - 1] = '\0';
data/asterisk-16.15.0~dfsg/agi/eagi-test.c:38:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!strlen(buf))
data/asterisk-16.15.0~dfsg/agi/eagi-test.c:84:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			astresp[strlen(astresp) - 1] = '\0';
data/asterisk-16.15.0~dfsg/agi/eagi-test.c:89:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			res = read(AUDIO_FILENO, audiobuf, sizeof(audiobuf));
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:198:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((strlen(src) > 1) && src[0] == '\"') {
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:204:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (maxlen > strlen(src) - 1)
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:205:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			maxlen = strlen(src) - 1;
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:218:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	} else if ((strlen(src) > 2) && (src[0] == '0') && (tolower(src[1]) == 'x')) {
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:1103:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(tmp2) > 18) {
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:1107:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(tmp) > 7) {
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:1116:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			memcpy(state->key->retstr + 3, tmp2, strlen(tmp2));
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:1118:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			state->key->retstrlen = strlen(tmp2) + 3;
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:1122:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			memcpy(state->key->retstr + state->key->retstrlen, tmp, strlen(tmp));
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:1124:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			state->key->retstrlen += strlen(tmp);
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:1222:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(tmp) > 20) {
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:1226:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			memcpy(disp->data + 5, tmp, strlen(tmp));
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:1227:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			disp->datalen = strlen(tmp) + 5;
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:1233:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (strlen(tmp) > 20) {
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:1237:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				memcpy(disp->data + disp->datalen, tmp, strlen(tmp));
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:1238:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				disp->datalen += strlen(tmp);
data/asterisk-16.15.0~dfsg/apps/app_adsiprog.c:1400:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			buf[strlen(buf) - 1] = '\0';
data/asterisk-16.15.0~dfsg/apps/app_agent_pool.c:421:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncmp(cfg_left->username, right_key, strlen(right_key));
data/asterisk-16.15.0~dfsg/apps/app_agent_pool.c:836:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncmp(agent_left->username, right_key, strlen(right_key));
data/asterisk-16.15.0~dfsg/apps/app_agent_pool.c:1815:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		AST_BRIDGE_CHANNEL_CB_OPTION_MEDIA, agent_alert, agent_id, strlen(agent_id) + 1);
data/asterisk-16.15.0~dfsg/apps/app_agent_pool.c:2500:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				|| !strncasecmp("soft", a->word, strlen(a->word)))) {
data/asterisk-16.15.0~dfsg/apps/app_alarmreceiver.c:413:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(workstring, event_file, sizeof(workstring) - strlen(workstring) - 1);
data/asterisk-16.15.0~dfsg/apps/app_alarmreceiver.c:413:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(workstring, event_file, sizeof(workstring) - strlen(workstring) - 1);
data/asterisk-16.15.0~dfsg/apps/app_authenticate.c:203:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				len = strlen(buf) - 1;
data/asterisk-16.15.0~dfsg/apps/app_bridgeaddchan.c:75:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!(c_ref = ast_channel_get_by_name_prefix(data, strlen(data)))) {
data/asterisk-16.15.0~dfsg/apps/app_bridgewait.c:174:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncmp(left->name, right_key, strlen(right_key));
data/asterisk-16.15.0~dfsg/apps/app_bridgewait.c:323:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	bridge_wrapper = ao2_alloc_options(sizeof(*bridge_wrapper) + strlen(bridge_name) + 1,
data/asterisk-16.15.0~dfsg/apps/app_chanspy.c:863:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	const size_t pseudo_len = strlen("DAHDI/pseudo");
data/asterisk-16.15.0~dfsg/apps/app_chanspy.c:887:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	mailbox_id = ast_alloca(strlen(mailbox) + strlen(context) + 2);
data/asterisk-16.15.0~dfsg/apps/app_chanspy.c:887:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	mailbox_id = ast_alloca(strlen(mailbox) + strlen(context) + 2);
data/asterisk-16.15.0~dfsg/apps/app_chanspy.c:961:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				iter = ast_channel_iterator_by_name_new(spec, strlen(spec));
data/asterisk-16.15.0~dfsg/apps/app_chanspy.c:1104:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
				strncat(peer_name, ast_channel_name(autochan->chan), AST_NAME_STRLEN - 4 - 1);
data/asterisk-16.15.0~dfsg/apps/app_chanspy.c:1165:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if ((next = ast_channel_get_by_name_prefix(nameprefix, strlen(nameprefix)))) {
data/asterisk-16.15.0~dfsg/apps/app_confbridge.c:488:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncasecmp(left->name, right_name, strlen(right_name));
data/asterisk-16.15.0~dfsg/apps/app_confbridge.c:2115:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	aptd = ast_malloc(sizeof(*aptd) + strlen(filename) + 1);
data/asterisk-16.15.0~dfsg/apps/app_confbridge.c:2422:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	atd = ast_malloc(sizeof(*atd) + strlen(filename) + 1);
data/asterisk-16.15.0~dfsg/apps/app_confbridge.c:2560:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(args.conf_name) >= MAX_CONF_NAME) {
data/asterisk-16.15.0~dfsg/apps/app_confbridge.c:3252:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/apps/app_confbridge.c:3275:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/apps/app_confbridge.c:3513:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strlen(chan_name));
data/asterisk-16.15.0~dfsg/apps/app_confbridge.c:3526:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strlen(chan_name));
data/asterisk-16.15.0~dfsg/apps/app_confbridge.c:4145:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!strncmp(channel, ast_channel_name(user->chan), strlen(channel))) {
data/asterisk-16.15.0~dfsg/apps/app_dahdiras.c:111:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	while(c && strlen(c) && (argc < (PPP_MAX_ARGS - 4))) {
data/asterisk-16.15.0~dfsg/apps/app_dial.c:1866:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(disconnect_code) > ast_str_strlen(*featurecode)) {
data/asterisk-16.15.0~dfsg/apps/app_dial.c:2522:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		tech_len = strlen(tech) + 1;
data/asterisk-16.15.0~dfsg/apps/app_dial.c:2523:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		number_len = strlen(number) + 1;
data/asterisk-16.15.0~dfsg/apps/app_dictate.c:150:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(base) + strlen(filein) + 2;
data/asterisk-16.15.0~dfsg/apps/app_dictate.c:150:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(base) + strlen(filein) + 2;
data/asterisk-16.15.0~dfsg/apps/app_directed_pickup.c:195:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		pickup_args.len = strlen(channame);
data/asterisk-16.15.0~dfsg/apps/app_directed_pickup.c:202:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		pickup_args.len = strlen(channame) + 1;
data/asterisk-16.15.0~dfsg/apps/app_directed_pickup.c:205:3:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		strcat(chkchan, "-");
data/asterisk-16.15.0~dfsg/apps/app_directed_pickup.c:382:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	pickup_args.len = strlen(part);
data/asterisk-16.15.0~dfsg/apps/app_directory.c:292:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	mailbox_id = ast_alloca(strlen(ext) + strlen(context) + 2);
data/asterisk-16.15.0~dfsg/apps/app_directory.c:292:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	mailbox_id = ast_alloca(strlen(ext) + strlen(context) + 2);
data/asterisk-16.15.0~dfsg/apps/app_directory.c:595:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (namelen > sizeof(item->key) - strlen(item->key) - 1)
data/asterisk-16.15.0~dfsg/apps/app_directory.c:596:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			namelen = sizeof(item->key) - strlen(item->key) - 1;
data/asterisk-16.15.0~dfsg/apps/app_directory.c:597:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(item->key, item_fullname, namelen);
data/asterisk-16.15.0~dfsg/apps/app_disa.c:271:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
							if (pwline[strlen(pwline) - 1] == '\n')
data/asterisk-16.15.0~dfsg/apps/app_disa.c:272:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
								pwline[strlen(pwline) - 1] = 0;
data/asterisk-16.15.0~dfsg/apps/app_externalivr.c:168:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ast_iostream_write(stream, ast_str_buffer(tmp), strlen(ast_str_buffer(tmp)));
data/asterisk-16.15.0~dfsg/apps/app_externalivr.c:319:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			int outstrlen = strlen(outbuf);
data/asterisk-16.15.0~dfsg/apps/app_externalivr.c:384:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!(entry = ast_calloc(1, sizeof(*entry) + strlen(filename) + 10))) /* XXX why 10 ? */
data/asterisk-16.15.0~dfsg/apps/app_externalivr.c:733:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(input) < 3) {
data/asterisk-16.15.0~dfsg/apps/app_festival.c:108:7:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		n = read(fd, &c, 1);
data/asterisk-16.15.0~dfsg/apps/app_festival.c:246:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
				res = read(fds[0], myf.frdata, needed);
data/asterisk-16.15.0~dfsg/apps/app_festival.c:357:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strln = strlen(startcmd) + strlen(args.text) + strlen(endcmd) + 1;
data/asterisk-16.15.0~dfsg/apps/app_festival.c:357:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strln = strlen(startcmd) + strlen(args.text) + strlen(endcmd) + 1;
data/asterisk-16.15.0~dfsg/apps/app_festival.c:357:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strln = strlen(startcmd) + strlen(args.text) + strlen(endcmd) + 1;
data/asterisk-16.15.0~dfsg/apps/app_festival.c:363:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		newfestivalcommand = ast_alloca(strlen(festivalcommand) + strlen(args.text) + 1);
data/asterisk-16.15.0~dfsg/apps/app_festival.c:363:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		newfestivalcommand = ast_alloca(strlen(festivalcommand) + strlen(args.text) + 1);
data/asterisk-16.15.0~dfsg/apps/app_festival.c:365:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		for (x = 0, j = 0; x < strlen(festivalcommand); x++) {
data/asterisk-16.15.0~dfsg/apps/app_festival.c:374:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				j += strlen(args.text);
data/asterisk-16.15.0~dfsg/apps/app_festival.c:424:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	MD5Update(&md5ctx, (unsigned char *)args.text, strlen(args.text));
data/asterisk-16.15.0~dfsg/apps/app_festival.c:432:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(MD5Hex, koko, sizeof(MD5Hex) - strlen(MD5Hex) - 1);
data/asterisk-16.15.0~dfsg/apps/app_festival.c:432:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(MD5Hex, koko, sizeof(MD5Hex) - strlen(MD5Hex) - 1);
data/asterisk-16.15.0~dfsg/apps/app_festival.c:436:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(cachedir) + strlen(MD5Hex) + 1 <= MAXFESTLEN && (usecache == -1)) {
data/asterisk-16.15.0~dfsg/apps/app_festival.c:436:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(cachedir) + strlen(MD5Hex) + 1 <= MAXFESTLEN && (usecache == -1)) {
data/asterisk-16.15.0~dfsg/apps/app_festival.c:443:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strln = strlen(args.text);
data/asterisk-16.15.0~dfsg/apps/app_festival.c:455:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    			if (read(fdesc,&strln,sizeof(int)) != sizeof(int)) {
data/asterisk-16.15.0~dfsg/apps/app_festival.c:458:73:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			ast_debug(1, "Cache file exists, strln=%d, strlen=%d\n", strln, (int)strlen(args.text));
data/asterisk-16.15.0~dfsg/apps/app_festival.c:459:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(args.text) == strln) {
data/asterisk-16.15.0~dfsg/apps/app_festival.c:461:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    				if (read(fdesc,&bigstring,strln) != strln) {
data/asterisk-16.15.0~dfsg/apps/app_festival.c:492:19:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		while ((strln = read(fd, buffer, 16384)) != 0) {
data/asterisk-16.15.0~dfsg/apps/app_festival.c:510:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			read_data = read(fd, ack + n, 3 - n);
data/asterisk-16.15.0~dfsg/apps/app_followme.c:538:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				char copy[strlen(var->value) + 1];
data/asterisk-16.15.0~dfsg/apps/app_followme.c:988:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					cmp_len = strlen(tpargs->takecall);
data/asterisk-16.15.0~dfsg/apps/app_followme.c:995:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					cmp_len = strlen(tpargs->nextindp);
data/asterisk-16.15.0~dfsg/apps/app_followme.c:1568:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					targs->suggested_moh, strlen(targs->suggested_moh) + 1);
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:1730:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int len = strlen(word);
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:1751:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int len = strlen(word);
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:1772:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int len = strlen(word);
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:1819:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(word);
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:1845:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(word);
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:2344:4:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
			usleep(1);
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:2567:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(currenttime, "0"); /* Seconds needs to be 00 */
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:3499:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			"confno", strlen(conf->confno) > 7 ? RQ_UINTEGER4 : strlen(conf->confno) > 4 ? RQ_UINTEGER3 : RQ_UINTEGER2, strlen(conf->confno),
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:3499:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			"confno", strlen(conf->confno) > 7 ? RQ_UINTEGER4 : strlen(conf->confno) > 4 ? RQ_UINTEGER3 : RQ_UINTEGER2, strlen(conf->confno),
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:3499:112:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			"confno", strlen(conf->confno) > 7 ? RQ_UINTEGER4 : strlen(conf->confno) > 4 ? RQ_UINTEGER3 : RQ_UINTEGER2, strlen(conf->confno),
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:3500:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			"members", RQ_UINTEGER1, strlen(members),
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:4299:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
				res = read(outfd, buf, CONF_SIZE);
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:4459:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					"confno", strlen(conf->confno) > 7 ? RQ_UINTEGER4 : strlen(conf->confno) > 4 ? RQ_UINTEGER3 : RQ_UINTEGER2, strlen(conf->confno),
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:4459:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					"confno", strlen(conf->confno) > 7 ? RQ_UINTEGER4 : strlen(conf->confno) > 4 ? RQ_UINTEGER3 : RQ_UINTEGER2, strlen(conf->confno),
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:4459:114:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					"confno", strlen(conf->confno) > 7 ? RQ_UINTEGER4 : strlen(conf->confno) > 4 ? RQ_UINTEGER3 : RQ_UINTEGER2, strlen(conf->confno),
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:4460:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					"members", RQ_UINTEGER1, strlen(members),
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:4886:4:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
			strcpy(the_pin, "q");
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:5080:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
							res = ast_app_getdata(chan, "conf-getpin", pin + strlen(pin), sizeof(pin) - 1 - strlen(pin), 0);
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:5080:88:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
							res = ast_app_getdata(chan, "conf-getpin", pin + strlen(pin), sizeof(pin) - 1 - strlen(pin), 0);
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:7147:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
		strncat(conf_name, ",K", sizeof(conf_name) - strlen(conf_name) - 1);
data/asterisk-16.15.0~dfsg/apps/app_meetme.c:7147:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(conf_name, ",K", sizeof(conf_name) - strlen(conf_name) - 1);
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:1382:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			ast_str_encode_mime(&str2, 0, template->charset, ast_str_buffer(str1), strlen("From: "), strlen(who) + 3);
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:1382:93:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			ast_str_encode_mime(&str2, 0, template->charset, ast_str_buffer(str1), strlen("From: "), strlen(who) + 3);
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:1407:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ast_str_encode_mime(&str2, 0, template->charset, vmu->fullname, strlen("To: "), strlen(email) + 3);
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:1407:83:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ast_str_encode_mime(&str2, 0, template->charset, vmu->fullname, strlen("To: "), strlen(email) + 3);
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:1425:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			ast_str_encode_mime(&str2, 0, template->charset, ast_str_buffer(str1), strlen("Subject: "), 0);
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2353:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant character.
				strncat(ecodes, "0", sizeof(ecodes) - strlen(ecodes) - 1);
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2353:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strncat(ecodes, "0", sizeof(ecodes) - strlen(ecodes) - 1);
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2358:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant character.
			strncat(ecodes, "0", sizeof(ecodes) - strlen(ecodes) - 1);
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2358:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(ecodes, "0", sizeof(ecodes) - strlen(ecodes) - 1);
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2364:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant character.
			strncat(ecodes, "0", sizeof(ecodes) - strlen(ecodes) - 1);
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2364:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(ecodes, "0", sizeof(ecodes) - strlen(ecodes) - 1);
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2372:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant character.
			strncat(ecodes, "*", sizeof(ecodes) -  strlen(ecodes) - 1);
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2372:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(ecodes, "*", sizeof(ecodes) -  strlen(ecodes) - 1);
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2376:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant character.
		strncat(ecodes, "*", sizeof(ecodes) -  strlen(ecodes) - 1);
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2376:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(ecodes, "*", sizeof(ecodes) -  strlen(ecodes) - 1);
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2380:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant character.
		strncat(ecodes, "*", sizeof(ecodes) -  strlen(ecodes) - 1);
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2380:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(ecodes, "*", sizeof(ecodes) -  strlen(ecodes) - 1);
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2525:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!error && strlen(argv[1]) > 1) {
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2655:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			char varname[strlen(var->value) + 1];
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2767:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		writepos += strlen(readbuf) - 1;
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2770:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	messagebody = ast_calloc(1, strlen(buf + 1));
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2771:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ast_copy_string(messagebody, buf, strlen(buf) + 1);
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2772:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ast_debug(4, "---> Size of allocation %d\n", (int) strlen(buf + 1) );
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2787:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	       int len = strlen("\n");
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2790:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		      memmove(tmpwrite + len, tmpwrite + 2, strlen(tmpwrite + 2) + 1);
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:2794:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		      memmove(tmpwrite + len, tmpwrite + 2, strlen(tmpwrite + 2) + 1);
data/asterisk-16.15.0~dfsg/apps/app_minivm.c:3055:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/apps/app_mixmonitor.c:1019:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		char *build = ast_alloca(strlen(ast_config_AST_MONITOR_DIR) + strlen(filename) + 3);
data/asterisk-16.15.0~dfsg/apps/app_mixmonitor.c:1019:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		char *build = ast_alloca(strlen(ast_config_AST_MONITOR_DIR) + strlen(filename) + 3);
data/asterisk-16.15.0~dfsg/apps/app_mixmonitor.c:1270:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!(chan = ast_channel_get_by_name_prefix(a->argv[2], strlen(a->argv[2])))) {
data/asterisk-16.15.0~dfsg/apps/app_mp3.c:168:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	return read(fd, data, datalen);
data/asterisk-16.15.0~dfsg/apps/app_nbscat.c:107:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	return read(fd, data, datalen);
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:846:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if ((error = OSPPBase64Decode(B64PKey, strlen(B64PKey), privatekey.PrivateKeyData, &privatekey.PrivateKeyLength)) != OSPC_ERR_NO_ERROR) {
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:848:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		} else if ((error = OSPPBase64Decode(B64LCert, strlen(B64LCert), localcert.CertData, &localcert.CertDataLength)) != OSPC_ERR_NO_ERROR) {
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:850:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		} else if ((error = OSPPBase64Decode(B64CACert, strlen(B64CACert), cacerts[0].CertData, &cacerts[0].CertDataLength)) != OSPC_ERR_NO_ERROR) {
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:1104:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	tokenlen = ast_base64decode(tokenstr, token, strlen(token));
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2016:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (!strncasecmp(item, "rxcount", strlen("rxcount"))) {
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2018:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			} else if (!strncasecmp(item, "txcount", strlen("txcount"))) {
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2020:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			} else if (!strncasecmp(item, "lp", strlen("lp"))) {
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2022:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			} else if (!strncasecmp(item, "minrxlost", strlen("minrxlost"))) {
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2024:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			} else if (!strncasecmp(item, "maxrxlost", strlen("maxrxlost"))) {
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2026:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			} else if (!strncasecmp(item, "avgrxlost", strlen("avgrxlost"))) {
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2028:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			} else if (!strncasecmp(item, "stdevrxlost", strlen("stdevrxlost"))) {
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2030:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			} else if (!strncasecmp(item, "rlp", strlen("rlp"))) {
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2032:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			} else if (!strncasecmp(item, "reported_minlost", strlen("reported_minlost"))) {
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2034:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			} else if (!strncasecmp(item, "reported_maxlost", strlen("reported_maxlost"))) {
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2036:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			} else if (!strncasecmp(item, "reported_avglost", strlen("reported_avglost"))) {
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2038:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			} else if (!strncasecmp(item, "reported_stdevlost", strlen("reported_stdevlost"))) {
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2040:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			} else if (!strncasecmp(item, "rxjitter", strlen("rxjitter"))) {
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2042:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			} else if (!strncasecmp(item, "minrxjitter", strlen("minrxjitter"))) {
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2044:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			} else if (!strncasecmp(item, "maxrxjitter", strlen("maxrxjitter"))) {
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2046:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			} else if (!strncasecmp(item, "avgrxjitter", strlen("avgjitter"))) {
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2048:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			} else if (!strncasecmp(item, "stdevrxjitter", strlen("stdevjitter"))) {
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2050:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			} else if (!strncasecmp(item, "txjitter", strlen("txjitter"))) {
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2052:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			} else if (!strncasecmp(item, "reported_minjitter", strlen("reported_minjitter"))) {
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2054:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			} else if (!strncasecmp(item, "reported_maxjitter", strlen("reported_maxjitter"))) {
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2056:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			} else if (!strncasecmp(item, "reported_avgjitter", strlen("reported_avgjitter"))) {
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2058:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			} else if (!strncasecmp(item, "reported_stdevjitter", strlen("reported_stdevjitter"))) {
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2060:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			} else if (!strncasecmp(item, "rtt", strlen("rtt"))) {
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2062:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			} else if (!strncasecmp(item, "minrtt", strlen("minrtt"))) {
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2064:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			} else if (!strncasecmp(item, "maxrtt", strlen("maxrtt"))) {
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2066:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			} else if (!strncasecmp(item, "avgrtt", strlen("avgrtt"))) {
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2068:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			} else if (!strncasecmp(item, "stdevrtt", strlen("stdevrtt"))) {
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2297:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ast_debug(1, "OSPAuth: token size '%zd'\n", strlen(token));
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2354:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char buffer[OSP_SIZE_TOKSTR + strlen(": ") + strlen(OSP_SIP_HEADER)];
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2354:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char buffer[OSP_SIZE_TOKSTR + strlen(": ") + strlen(OSP_SIP_HEADER)];
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2572:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ast_debug(1, "OSPLookup: OSPOUTTOKEN size '%zd'\n", strlen(results.token));
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2591:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			ast_debug(1, "OSPLookup: SIPADDHEADER size '%zd'\n", strlen(buffer));
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2640:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char buffer[OSP_SIZE_TOKSTR + strlen(": ") + strlen(OSP_SIP_HEADER)];
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2640:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char buffer[OSP_SIZE_TOKSTR + strlen(": ") + strlen(OSP_SIP_HEADER)];
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2761:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ast_debug(1, "OSPNext: OSPOUTTOKEN size '%zd'\n", strlen(results.token));
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:2777:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			ast_debug(1, "OSPLookup: SIPADDHEADER size '%zd'\n", strlen(buffer));
data/asterisk-16.15.0~dfsg/apps/app_osplookup.c:3090:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			ast_cli(a->fd, "Source:            %s\n", strlen(provider->source) ? provider->source : "<unspecified>");
data/asterisk-16.15.0~dfsg/apps/app_privacy.c:160:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(phone) >= minlength ) {
data/asterisk-16.15.0~dfsg/apps/app_queue.c:3947:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int digitlen = strlen(qe->digits);
data/asterisk-16.15.0~dfsg/apps/app_queue.c:7795:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		queue_name = entry->key + strlen(pm_family) + 2;
data/asterisk-16.15.0~dfsg/apps/app_queue.c:8985:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant character.
				strncat(buf + buflen, ",", len - buflen - 1);
data/asterisk-16.15.0~dfsg/apps/app_queue.c:8988:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
			strncat(buf + buflen, m->interface, len - buflen - 1);
data/asterisk-16.15.0~dfsg/apps/app_queue.c:8989:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			buflen += strlen(m->interface);
data/asterisk-16.15.0~dfsg/apps/app_queue.c:9832:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int list_len, word_len = strlen(word);
data/asterisk-16.15.0~dfsg/apps/app_queue.c:9856:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		list_len = strlen(list);
data/asterisk-16.15.0~dfsg/apps/app_queue.c:9895:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/apps/app_queue.c:9901:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (word_list_offset && strlen(line) >= word_list_offset) {
data/asterisk-16.15.0~dfsg/apps/app_queue.c:10607:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/apps/app_queue.c:10959:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/apps/app_queue.c:11079:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				const char *command_end = a->line + strlen("queue reload ");
data/asterisk-16.15.0~dfsg/apps/app_queue.c:11082:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					command_end = a->line + strlen(a->line);
data/asterisk-16.15.0~dfsg/apps/app_record.c:311:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size_t src_len = strlen(args.filename);
data/asterisk-16.15.0~dfsg/apps/app_sendtext.c:167:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!(str = ast_str_alloca(strlen(body) + 1))) {
data/asterisk-16.15.0~dfsg/apps/app_sms.c:794:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		p = line + strlen(line);
data/asterisk-16.15.0~dfsg/apps/app_sms.c:797:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			p += snprintf(p, 1000 - strlen(line), "udl=%d", h->udl);
data/asterisk-16.15.0~dfsg/apps/app_sms.c:818:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (write(o, line, strlen(line)) < 0) {
data/asterisk-16.15.0~dfsg/apps/app_sms.c:875:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					if (!strcmp(line, "oa") && strlen(p) < sizeof(h->oa)) {
data/asterisk-16.15.0~dfsg/apps/app_sms.c:877:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					} else if (!strcmp(line, "da") && strlen(p) < sizeof(h->oa)) {
data/asterisk-16.15.0~dfsg/apps/app_sms.c:1010:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	snprintf(fn2 + strlen(fn2), sizeof(fn2) - strlen(fn2), "/%s.%s-%u", h->queue, isodate(h->scts.tv_sec, buf, sizeof(buf)), seq++);
data/asterisk-16.15.0~dfsg/apps/app_sms.c:1010:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	snprintf(fn2 + strlen(fn2), sizeof(fn2) - strlen(fn2), "/%s.%s-%u", h->queue, isodate(h->scts.tv_sec, buf, sizeof(buf)), seq++);
data/asterisk-16.15.0~dfsg/apps/app_sms.c:1011:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	snprintf(fn + strlen(fn), sizeof(fn) - strlen(fn), "/.%s", fn2 + strlen(fn) + 1);
data/asterisk-16.15.0~dfsg/apps/app_sms.c:1011:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	snprintf(fn + strlen(fn), sizeof(fn) - strlen(fn), "/.%s", fn2 + strlen(fn) + 1);
data/asterisk-16.15.0~dfsg/apps/app_sms.c:1011:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	snprintf(fn + strlen(fn), sizeof(fn) - strlen(fn), "/.%s", fn2 + strlen(fn) + 1);
data/asterisk-16.15.0~dfsg/apps/app_sms.c:1107:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	} while (f && (*f->d_name == '.' || strncmp(f->d_name, queue, strlen(queue)) || f->d_name[strlen(queue)] != '.'));
data/asterisk-16.15.0~dfsg/apps/app_sms.c:1107:92:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	} while (f && (*f->d_name == '.' || strncmp(f->d_name, queue, strlen(queue)) || f->d_name[strlen(queue)] != '.'));
data/asterisk-16.15.0~dfsg/apps/app_sms.c:1231:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		adddata_proto2(h, 0x15, h->oa, strlen(h->oa)); /* Originator */
data/asterisk-16.15.0~dfsg/apps/app_sms.c:1240:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		adddata_proto2(h, 0x18, h->da, strlen(h->da)); /* Originator */
data/asterisk-16.15.0~dfsg/apps/app_sms.c:1333:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	for (f = 0; f < strlen(c); f++) {
data/asterisk-16.15.0~dfsg/apps/app_sms.c:1456:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			snprintf(fn + strlen(fn), sizeof(fn) - strlen(fn), "/%s", f->d_name);
data/asterisk-16.15.0~dfsg/apps/app_sms.c:1456:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			snprintf(fn + strlen(fn), sizeof(fn) - strlen(fn), "/%s", f->d_name);
data/asterisk-16.15.0~dfsg/apps/app_sms.c:1924:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(sms_args.queue) >= sizeof(h.queue)) {
data/asterisk-16.15.0~dfsg/apps/app_sms.c:1973:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (ast_strlen_zero(sms_args.addr) || strlen(sms_args.addr) >= sizeof(h.oa)) {
data/asterisk-16.15.0~dfsg/apps/app_softhangup.c:97:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	lenmatch = strlen(args.channel);
data/asterisk-16.15.0~dfsg/apps/app_speech_utils.c:805:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if ((!quieted || strlen(dtmf)) && started == 1) {
data/asterisk-16.15.0~dfsg/apps/app_speech_utils.c:840:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (!strlen(dtmf) && f != NULL && f->frametype == AST_FRAME_VOICE) {
data/asterisk-16.15.0~dfsg/apps/app_speech_utils.c:846:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (!strlen(dtmf)) {
data/asterisk-16.15.0~dfsg/apps/app_speech_utils.c:849:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						if (strlen(speech->processing_sound) > 0 && strcasecmp(speech->processing_sound, "none")) {
data/asterisk-16.15.0~dfsg/apps/app_speech_utils.c:856:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						if (strlen(speech->processing_sound) > 0 && strcasecmp(speech->processing_sound, "none")) {
data/asterisk-16.15.0~dfsg/apps/app_speech_utils.c:866:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (!strlen(dtmf)) {
data/asterisk-16.15.0~dfsg/apps/app_speech_utils.c:901:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
					strncat(dtmf, tmp, sizeof(dtmf) - strlen(dtmf) - 1);
data/asterisk-16.15.0~dfsg/apps/app_speech_utils.c:901:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					strncat(dtmf, tmp, sizeof(dtmf) - strlen(dtmf) - 1);
data/asterisk-16.15.0~dfsg/apps/app_speech_utils.c:903:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					if (max_dtmf_len && strlen(dtmf) == max_dtmf_len)
data/asterisk-16.15.0~dfsg/apps/app_stack.c:284:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = 8 + strlen(var); /* LOCAL() + var */
data/asterisk-16.15.0~dfsg/apps/app_stack.c:316:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int len_extension = strlen(extension) + 1;
data/asterisk-16.15.0~dfsg/apps/app_stack.c:317:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int len_context = strlen(context) + 1;
data/asterisk-16.15.0~dfsg/apps/app_stack.c:497:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(context) + strlen(exten) + strlen(pri) + 3;
data/asterisk-16.15.0~dfsg/apps/app_stack.c:497:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(context) + strlen(exten) + strlen(pri) + 3;
data/asterisk-16.15.0~dfsg/apps/app_stack.c:497:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(context) + strlen(exten) + strlen(pri) + 3;
data/asterisk-16.15.0~dfsg/apps/app_stack.c:499:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len += 2 + strlen(parse);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1226:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int context_len = strlen(context) + 1;
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1227:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int mailbox_len = strlen(mailbox) + 1;
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1502:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			if (read(fds[0], buf, len) < 0) {
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1538:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(password) < minpassword)
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1584:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(password) > 10) {
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1585:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ast_realtime_require_field("voicemail", "password", RQ_CHAR, strlen(password), SENTINEL);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1688:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	for (i = 0; i < strlen(key); ++i) {
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1894:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						new = ast_malloc(strlen(newpassword) + 1);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1897:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						new = ast_malloc((strlen(value) + strlen(newpassword) + 1));
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1897:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						new = ast_malloc((strlen(value) + strlen(newpassword) + 1));
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:1931:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					char new[strlen(newpassword) + 1];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:2314:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			char copy[strlen(attachment) + 1];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:3486:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	taglen = strlen(tag) + 1;
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:3866:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		SQLBindParameter(stmt, i + 1, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_CHAR, strlen(gps->argv[i]), 0, gps->argv[i], 0, NULL);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4367:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	SQLBindParameter(stmt, 1, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_CHAR, strlen(data->dir), 0, (void *) data->dir, 0, NULL);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4368:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	SQLBindParameter(stmt, 2, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_CHAR, strlen(data->msgnums), 0, (void *) data->msgnums, 0, NULL);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4370:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	SQLBindParameter(stmt, 4, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_CHAR, strlen(data->context), 0, (void *) data->context, 0, NULL);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4371:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	SQLBindParameter(stmt, 5, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_CHAR, strlen(data->macrocontext), 0, (void *) data->macrocontext, 0, NULL);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4372:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	SQLBindParameter(stmt, 6, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_CHAR, strlen(data->callerid), 0, (void *) data->callerid, 0, NULL);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4373:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	SQLBindParameter(stmt, 7, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_CHAR, strlen(data->origtime), 0, (void *) data->origtime, 0, NULL);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4374:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	SQLBindParameter(stmt, 8, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_CHAR, strlen(data->duration), 0, (void *) data->duration, 0, NULL);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4375:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	SQLBindParameter(stmt, 9, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_CHAR, strlen(data->mailboxuser), 0, (void *) data->mailboxuser, 0, NULL);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4376:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	SQLBindParameter(stmt, 10, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_CHAR, strlen(data->mailboxcontext), 0, (void *) data->mailboxcontext, 0, NULL);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4377:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	SQLBindParameter(stmt, 11, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_CHAR, strlen(data->flag), 0, (void *) data->flag, 0, NULL);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4378:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	SQLBindParameter(stmt, 12, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_CHAR, strlen(data->msg_id), 0, (void *) data->msg_id, 0, NULL);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4380:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		SQLBindParameter(stmt, 13, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_CHAR, strlen(data->category), 0, (void *) data->category, 0, NULL);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4619:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(vment->d_name) > 7 && !strncmp(vment->d_name + 7, ".txt", 4)) {
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4680:7:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
		if (sscanf(msgdirent->d_name, "msg%30d.%3s", &msgdirint, extension) == 2 && !strcmp(extension, "txt") && msgdirint < MAXMSGLIMIT) {
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4741:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		len = read(ifd, buf, sizeof(buf));
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:4837:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	txtsize = (strlen(file) + 5)*sizeof(char);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5007:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(fromfile) < sizeof(fromfile) - 5) {
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5244:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				ast_str_encode_mime(&str2, 0, ast_str_buffer(str1), strlen("From: "), strlen(who) + 3);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5244:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				ast_str_encode_mime(&str2, 0, ast_str_buffer(str1), strlen("From: "), strlen(who) + 3);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5271:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			ast_str_encode_mime(&str2, 0, vmu->fullname, first_line ? strlen("To: ") : 0, strlen(email) + 3 + (next ? strlen(",") : 0));
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5271:82:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			ast_str_encode_mime(&str2, 0, vmu->fullname, first_line ? strlen("To: ") : 0, strlen(email) + 3 + (next ? strlen(",") : 0));
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5271:110:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			ast_str_encode_mime(&str2, 0, vmu->fullname, first_line ? strlen("To: ") : 0, strlen(email) + 3 + (next ? strlen(",") : 0));
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5296:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				ast_str_encode_mime(&str2, 0, ast_str_buffer(str1), strlen("Subject: "), 0);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5413:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(fromfile) < sizeof(fromfile) - 5) {
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5708:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				ast_str_encode_mime(&str2, 0, ast_str_buffer(str1), strlen("From: "), strlen(who) + 3);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5708:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				ast_str_encode_mime(&str2, 0, ast_str_buffer(str1), strlen("From: "), strlen(who) + 3);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5731:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ast_str_encode_mime(&str2, 0, vmu->fullname, strlen("To: "), strlen(pager) + 3);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5731:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ast_str_encode_mime(&str2, 0, vmu->fullname, strlen("To: "), strlen(pager) + 3);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:5752:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				ast_str_encode_mime(&str2, 0, ast_str_buffer(str1), strlen("Subject: "), 0);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6816:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant character.
				strncat(ecodes, "0", sizeof(ecodes) - strlen(ecodes) - 1);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6816:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strncat(ecodes, "0", sizeof(ecodes) - strlen(ecodes) - 1);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6821:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant character.
			strncat(ecodes, "0", sizeof(ecodes) - strlen(ecodes) - 1);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6821:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(ecodes, "0", sizeof(ecodes) - strlen(ecodes) - 1);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6826:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant character.
			strncat(ecodes, "0", sizeof(ecodes) - strlen(ecodes) - 1);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6826:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(ecodes, "0", sizeof(ecodes) - strlen(ecodes) - 1);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6834:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant character.
			strncat(ecodes, "*", sizeof(ecodes) - strlen(ecodes) - 1);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6834:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(ecodes, "*", sizeof(ecodes) - strlen(ecodes) - 1);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6838:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant character.
		strncat(ecodes, "*", sizeof(ecodes) - strlen(ecodes) - 1);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6838:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(ecodes, "*", sizeof(ecodes) - strlen(ecodes) - 1);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6842:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant character.
		strncat(ecodes, "*", sizeof(ecodes) - strlen(ecodes) - 1);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6842:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(ecodes, "*", sizeof(ecodes) - strlen(ecodes) - 1);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6854:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
				strncat(ecodes, e, sizeof(ecodes) - strlen(ecodes) - 1);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:6854:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strncat(ecodes, e, sizeof(ecodes) - strlen(ecodes) - 1);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7787:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
			strncat(buf1, " and", sizeof(buf1) - strlen(buf1) - 1);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:7787:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(buf1, " and", sizeof(buf1) - strlen(buf1) - 1);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8045:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
	strncat(textfile, ".txt", sizeof(textfile) - strlen(textfile) - 1);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8045:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	strncat(textfile, ".txt", sizeof(textfile) - strlen(textfile) - 1);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8046:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
	strncat(backup, "-bak", sizeof(backup) - strlen(backup) - 1);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8046:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	strncat(backup, "-bak", sizeof(backup) - strlen(backup) - 1);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8047:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
	strncat(backup_textfile, "-bak.txt", sizeof(backup_textfile) - strlen(backup_textfile) - 1);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8047:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	strncat(backup_textfile, "-bak.txt", sizeof(backup_textfile) - strlen(backup_textfile) - 1);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8067:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
			strncat(vms->introfn, "intro", sizeof(vms->introfn));
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8204:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			char alias[strlen(mapping->alias) + 1];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8429:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				char old_context[strlen(ast_channel_context(chan)) + 1];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8430:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				char old_exten[strlen(ast_channel_exten(chan)) + 1];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8581:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
		strncat(filename, ".txt", sizeof(filename) - strlen(filename) - 1);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8581:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(filename, ".txt", sizeof(filename) - strlen(filename) - 1);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8654:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
			strncat(textfile, ".txt", sizeof(textfile) - strlen(textfile) - 1);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8654:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(textfile, ".txt", sizeof(textfile) - strlen(textfile) - 1);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8655:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
			strncat(backup, "-bak", sizeof(backup) - strlen(backup) - 1);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8655:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(backup, "-bak", sizeof(backup) - strlen(backup) - 1);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8656:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
			strncat(backup_textfile, "-bak.txt", sizeof(backup_textfile) - strlen(backup_textfile) - 1);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8656:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(backup_textfile, "-bak.txt", sizeof(backup_textfile) - strlen(backup_textfile) - 1);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8669:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
			strncat(textfile, ".txt", sizeof(textfile) - strlen(textfile) - 1);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8669:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(textfile, ".txt", sizeof(textfile) - strlen(textfile) - 1);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8670:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
			strncat(backup_textfile, "-bak.txt", sizeof(backup_textfile) - strlen(backup_textfile) - 1);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:8670:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(backup_textfile, "-bak.txt", sizeof(backup_textfile) - strlen(backup_textfile) - 1);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:9144:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			char copy[strlen(attachment) + 1];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:9348:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	buf = ast_alloca(strlen(box) + 2);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:9350:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(buf, "s");
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:10780:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmd = ast_readstring(chan, newpassword + strlen(newpassword), sizeof(newpassword) - 1, 2000, 10000, "#");
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:10794:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			cmd = ast_readstring(chan, newpassword2 + strlen(newpassword2), sizeof(newpassword2) - 1, 2000, 10000, "#");
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:10813:94:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ast_debug(1, "User %s set password to %s of length %d\n", vms->username, newpassword, (int) strlen(newpassword));
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:10870:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if ((cmd = ast_readstring(chan, newpassword + strlen(newpassword), sizeof(newpassword) - 1, 2000, 10000, "#")) < 0) {
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:10891:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if ((cmd = ast_readstring(chan, newpassword2 + strlen(newpassword2), sizeof(newpassword2) - 1, 2000, 10000, "#")) < 0) {
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:10912:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				vms->username, newpassword, (int) strlen(newpassword));
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:11351:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
			strncat(fullusername, mailbox, sizeof(fullusername) - 1 - strlen(fullusername));
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:11351:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(fullusername, mailbox, sizeof(fullusername) - 1 - strlen(fullusername));
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:12875:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			mailbox_id = ast_alloca(strlen(mailbox) + strlen(context) + 2);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:12875:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			mailbox_id = ast_alloca(strlen(mailbox) + strlen(context) + 2);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:12997:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:13724:71:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	struct ast_str *str = ast_str_thread_get(&ast_str_thread_global_buf, strlen(value) + 16);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:13819:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t from_len = strlen(alias) + 1;
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:13820:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t to_len = strlen(mailbox) + 1;
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:13862:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			char storage[strlen(var->value) + 1];
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:15069:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			(strlen(buf) > 1 &&
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:15071:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			buf[strlen(buf) - 2] != '\r'
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:15073:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			buf[strlen(buf) - 2] == '\r'
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:15076:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			|| buf[strlen(buf) - 1] != '\n') {
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:15356:13:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	my_umask = umask(0);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:15357:2:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	umask(my_umask);
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:15495:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if ((cmd = ast_readstring(chan, destination + strlen(destination), sizeof(destination) - 1, 6000, 10000, "#")) < 0)
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:15513:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (destination[strlen(destination) -1 ] == '*')
data/asterisk-16.15.0~dfsg/apps/app_voicemail.c:15868:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
					strcpy(flag, "");
data/asterisk-16.15.0~dfsg/apps/app_while.c:238:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size = strlen(ast_channel_context(chan)) + strlen(ast_channel_exten(chan)) + 32;
data/asterisk-16.15.0~dfsg/apps/app_while.c:238:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size = strlen(ast_channel_context(chan)) + strlen(ast_channel_exten(chan)) + 32;
data/asterisk-16.15.0~dfsg/apps/app_while.c:283:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size = strlen(ast_channel_context(chan)) + strlen(ast_channel_exten(chan)) + 32;
data/asterisk-16.15.0~dfsg/apps/app_while.c:283:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size = strlen(ast_channel_context(chan)) + strlen(ast_channel_exten(chan)) + 32;
data/asterisk-16.15.0~dfsg/apps/app_while.c:295:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			size = strlen(ast_channel_context(chan)) + strlen(ast_channel_exten(chan)) + 32;
data/asterisk-16.15.0~dfsg/apps/app_while.c:295:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			size = strlen(ast_channel_context(chan)) + strlen(ast_channel_exten(chan)) + 32;
data/asterisk-16.15.0~dfsg/apps/confbridge/conf_config_parser.c:860:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncasecmp(left->name, right_name, strlen(right_name));
data/asterisk-16.15.0~dfsg/apps/confbridge/conf_config_parser.c:906:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncasecmp(left->name, right_name, strlen(right_name));
data/asterisk-16.15.0~dfsg/apps/confbridge/conf_config_parser.c:963:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncasecmp(left->name, right_name, strlen(right_name));
data/asterisk-16.15.0~dfsg/apps/confbridge/conf_config_parser.c:1369:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		action_len = strlen(action);
data/asterisk-16.15.0~dfsg/apps/confbridge/conf_config_parser.c:1464:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/apps/confbridge/conf_config_parser.c:1624:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/apps/confbridge/conf_config_parser.c:1856:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/bridges/bridge_builtin_features.c:167:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(touch_monitor) + 50;
data/asterisk-16.15.0~dfsg/bridges/bridge_builtin_features.c:181:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(caller_chan_id) + strlen(peer_chan_id) + 50;
data/asterisk-16.15.0~dfsg/bridges/bridge_builtin_features.c:181:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(caller_chan_id) + strlen(peer_chan_id) + 50;
data/asterisk-16.15.0~dfsg/bridges/bridge_builtin_features.c:190:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	for (x = 0; x < strlen(touch_filename); x++) {
data/asterisk-16.15.0~dfsg/bridges/bridge_builtin_features.c:351:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(touch_monitor) + 50;
data/asterisk-16.15.0~dfsg/bridges/bridge_builtin_features.c:366:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(caller_chan_id) + strlen(peer_chan_id) + 50;
data/asterisk-16.15.0~dfsg/bridges/bridge_builtin_features.c:366:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(caller_chan_id) + strlen(peer_chan_id) + 50;
data/asterisk-16.15.0~dfsg/bridges/bridge_builtin_features.c:376:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	for (x = 0; x < strlen(touch_filename); x++) {
data/asterisk-16.15.0~dfsg/bridges/bridge_holding.c:222:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		moh_length = moh_class ? strlen(moh_class + 1) : 0;
data/asterisk-16.15.0~dfsg/bridges/bridge_softmix.c:72:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define SOFTBRIDGE_VIDEO_DEST_LEN strlen(SOFTBRIDGE_VIDEO_DEST_PREFIX)
data/asterisk-16.15.0~dfsg/bridges/bridge_softmix.c:481:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		dest_video_name_len += strlen(source_channel_name) + 1;
data/asterisk-16.15.0~dfsg/cdr/cdr_adaptive_odbc.c:127:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		lenconnection = strlen(connection);
data/asterisk-16.15.0~dfsg/cdr/cdr_adaptive_odbc.c:145:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		lentable = strlen(table);
data/asterisk-16.15.0~dfsg/cdr/cdr_adaptive_odbc.c:151:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		lenschema = strlen(schema);
data/asterisk-16.15.0~dfsg/cdr/cdr_adaptive_odbc.c:157:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(tmp) > 1) {
data/asterisk-16.15.0~dfsg/cdr/cdr_adaptive_odbc.c:205:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (cdrvar[strlen(cdrvar) - 1] == '!') {
data/asterisk-16.15.0~dfsg/cdr/cdr_adaptive_odbc.c:207:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					cdrvar[strlen(cdrvar) - 1] = '\0';
data/asterisk-16.15.0~dfsg/cdr/cdr_adaptive_odbc.c:213:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				entry = ast_calloc(sizeof(char), sizeof(*entry) + strlen(cdrvar) + 1 + strlen(var->value) + 1);
data/asterisk-16.15.0~dfsg/cdr/cdr_adaptive_odbc.c:213:76:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				entry = ast_calloc(sizeof(char), sizeof(*entry) + strlen(cdrvar) + 1 + strlen(var->value) + 1);
data/asterisk-16.15.0~dfsg/cdr/cdr_adaptive_odbc.c:223:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				entry->filtervalue = (char *)entry + sizeof(*entry) + strlen(cdrvar) + 1;
data/asterisk-16.15.0~dfsg/cdr/cdr_adaptive_odbc.c:252:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					if (item[0] == '"' && item[strlen(item) - 1] == '"') {
data/asterisk-16.15.0~dfsg/cdr/cdr_adaptive_odbc.c:254:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						item[strlen(item) - 1] = '\0';
data/asterisk-16.15.0~dfsg/cdr/cdr_adaptive_odbc.c:261:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			entry = ast_calloc(sizeof(char), sizeof(*entry) + strlen(columnname) + 1 + strlen(cdrvar) + 1 + strlen(staticvalue) + 1);
data/asterisk-16.15.0~dfsg/cdr/cdr_adaptive_odbc.c:261:79:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			entry = ast_calloc(sizeof(char), sizeof(*entry) + strlen(columnname) + 1 + strlen(cdrvar) + 1 + strlen(staticvalue) + 1);
data/asterisk-16.15.0~dfsg/cdr/cdr_adaptive_odbc.c:261:100:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			entry = ast_calloc(sizeof(char), sizeof(*entry) + strlen(columnname) + 1 + strlen(cdrvar) + 1 + strlen(staticvalue) + 1);
data/asterisk-16.15.0~dfsg/cdr/cdr_adaptive_odbc.c:272:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				entry->cdrname = entry->name + strlen(columnname) + 1;
data/asterisk-16.15.0~dfsg/cdr/cdr_adaptive_odbc.c:279:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				entry->staticvalue = entry->cdrname + strlen(entry->cdrname) + 1;
data/asterisk-16.15.0~dfsg/cdr/cdr_adaptive_odbc.c:479:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				LENGTHEN_BUF1(strlen(entry->name));
data/asterisk-16.15.0~dfsg/cdr/cdr_adaptive_odbc.c:505:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						if (strlen(colptr) > entry->octetlen) {
data/asterisk-16.15.0~dfsg/cdr/cdr_adaptive_odbc.c:510:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					LENGTHEN_BUF2(strlen(colptr));
data/asterisk-16.15.0~dfsg/cdr/cdr_beanstalkd.c:222:90:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	bs_id = bs_put(bs_socket, priority, BEANSTALK_JOB_DELAY, BEANSTALK_JOB_TTR, cdr_buffer, strlen(cdr_buffer));
data/asterisk-16.15.0~dfsg/cdr/cdr_csv.c:149:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int pos = strlen(buf), spos = 0, error = -1;
data/asterisk-16.15.0~dfsg/cdr/cdr_csv.c:177:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int pos = strlen(buf);
data/asterisk-16.15.0~dfsg/cdr/cdr_csv.c:181:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (pos + strlen(tmp) > bufsize - 3)
data/asterisk-16.15.0~dfsg/cdr/cdr_csv.c:184:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(buf, tmp, bufsize - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/cdr/cdr_csv.c:184:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	strncat(buf, tmp, bufsize - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/cdr/cdr_csv.c:185:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	pos = strlen(buf);
data/asterisk-16.15.0~dfsg/cdr/cdr_csv.c:197:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(buf) > bufsize - 3)
data/asterisk-16.15.0~dfsg/cdr/cdr_csv.c:201:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant character.
		strncat(buf, ",", bufsize - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/cdr/cdr_csv.c:201:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(buf, ",", bufsize - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/cdr/cdr_csv.c:259:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(buf) < bufsize - 5) {
data/asterisk-16.15.0~dfsg/cdr/cdr_csv.c:261:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		buf[strlen(buf) - 1] = '\0';
data/asterisk-16.15.0~dfsg/cdr/cdr_csv.c:262:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant character.
		strncat(buf, "\n", bufsize - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/cdr/cdr_csv.c:262:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(buf, "\n", bufsize - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/cdr/cdr_manager.c:243:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					if ((ast_str_strlen(customfields) + strlen(v->value) + strlen(v->name) + 14) < ast_str_size(customfields)) {
data/asterisk-16.15.0~dfsg/cdr/cdr_manager.c:243:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					if ((ast_str_strlen(customfields) + strlen(v->value) + strlen(v->name) + 14) < ast_str_size(customfields)) {
data/asterisk-16.15.0~dfsg/cdr/cdr_odbc.c:136:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		SQLBindParameter(stmt, 11, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_CHAR, strlen(disposition) + 1, 0, disposition, 0, NULL);
data/asterisk-16.15.0~dfsg/cdr/cdr_pgsql.c:272:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					LENGTHEN_BUF1(strlen(cur->name) + 2);
data/asterisk-16.15.0~dfsg/cdr/cdr_pgsql.c:281:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			LENGTHEN_BUF1(strlen(cur->name) + 2);
data/asterisk-16.15.0~dfsg/cdr/cdr_pgsql.c:378:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						size_t required_size = strlen(value) * 2 + 1;
data/asterisk-16.15.0~dfsg/cdr/cdr_pgsql.c:395:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						PQescapeStringConn(conn, escapebuf, value, strlen(value), NULL);
data/asterisk-16.15.0~dfsg/cdr/cdr_pgsql.c:399:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					LENGTHEN_BUF2(strlen(escapebuf) + 3);
data/asterisk-16.15.0~dfsg/cdr/cdr_pgsql.c:704:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			tablename = ast_alloca(strlen(tmp_tablename) * 2 + 1);
data/asterisk-16.15.0~dfsg/cdr/cdr_pgsql.c:705:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			PQescapeStringConn(conn, tablename, tmp_tablename, strlen(tmp_tablename), NULL);
data/asterisk-16.15.0~dfsg/cdr/cdr_pgsql.c:707:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			schemaname = ast_alloca(strlen(tmp_schemaname) * 2 + 1);
data/asterisk-16.15.0~dfsg/cdr/cdr_pgsql.c:708:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			PQescapeStringConn(conn, schemaname, tmp_schemaname, strlen(tmp_schemaname), NULL);
data/asterisk-16.15.0~dfsg/cdr/cdr_pgsql.c:750:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			cur = ast_calloc(1, sizeof(*cur) + strlen(fname) + strlen(ftype) + 2);
data/asterisk-16.15.0~dfsg/cdr/cdr_pgsql.c:750:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			cur = ast_calloc(1, sizeof(*cur) + strlen(fname) + strlen(ftype) + 2);
data/asterisk-16.15.0~dfsg/cdr/cdr_pgsql.c:754:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				cur->type = (char *)cur + sizeof(*cur) + strlen(fname) + 1;
data/asterisk-16.15.0~dfsg/cdr/cdr_radius.c:109:70:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!rc_avpair_add(rh, tosend, PW_AST_ACCT_CODE, &cdr->accountcode, strlen(cdr->accountcode), VENDOR_CODE))
data/asterisk-16.15.0~dfsg/cdr/cdr_radius.c:113:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!rc_avpair_add(rh, tosend, PW_AST_SRC, &cdr->src, strlen(cdr->src), VENDOR_CODE))
data/asterisk-16.15.0~dfsg/cdr/cdr_radius.c:117:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!rc_avpair_add(rh, tosend, PW_AST_DST, &cdr->dst, strlen(cdr->dst), VENDOR_CODE))
data/asterisk-16.15.0~dfsg/cdr/cdr_radius.c:121:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!rc_avpair_add(rh, tosend, PW_AST_DST_CTX, &cdr->dcontext, strlen(cdr->dcontext), VENDOR_CODE))
data/asterisk-16.15.0~dfsg/cdr/cdr_radius.c:125:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!rc_avpair_add(rh, tosend, PW_AST_CLID, &cdr->clid, strlen(cdr->clid), VENDOR_CODE))
data/asterisk-16.15.0~dfsg/cdr/cdr_radius.c:129:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!rc_avpair_add(rh, tosend, PW_AST_CHAN, &cdr->channel, strlen(cdr->channel), VENDOR_CODE))
data/asterisk-16.15.0~dfsg/cdr/cdr_radius.c:133:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!rc_avpair_add(rh, tosend, PW_AST_DST_CHAN, &cdr->dstchannel, strlen(cdr->dstchannel), VENDOR_CODE))
data/asterisk-16.15.0~dfsg/cdr/cdr_radius.c:137:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!rc_avpair_add(rh, tosend, PW_AST_LAST_APP, &cdr->lastapp, strlen(cdr->lastapp), VENDOR_CODE))
data/asterisk-16.15.0~dfsg/cdr/cdr_radius.c:141:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!rc_avpair_add(rh, tosend, PW_AST_LAST_DATA, &cdr->lastdata, strlen(cdr->lastdata), VENDOR_CODE))
data/asterisk-16.15.0~dfsg/cdr/cdr_radius.c:149:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!rc_avpair_add(rh, tosend, PW_AST_START_TIME, timestr, strlen(timestr), VENDOR_CODE))
data/asterisk-16.15.0~dfsg/cdr/cdr_radius.c:156:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!rc_avpair_add(rh, tosend, PW_AST_ANSWER_TIME, timestr, strlen(timestr), VENDOR_CODE))
data/asterisk-16.15.0~dfsg/cdr/cdr_radius.c:163:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!rc_avpair_add(rh, tosend, PW_AST_END_TIME, timestr, strlen(timestr), VENDOR_CODE))
data/asterisk-16.15.0~dfsg/cdr/cdr_radius.c:176:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!rc_avpair_add(rh, tosend, PW_AST_DISPOSITION, tmp, strlen(tmp), VENDOR_CODE))
data/asterisk-16.15.0~dfsg/cdr/cdr_radius.c:181:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!rc_avpair_add(rh, tosend, PW_AST_AMA_FLAGS, tmp, strlen(tmp), VENDOR_CODE))
data/asterisk-16.15.0~dfsg/cdr/cdr_radius.c:186:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!rc_avpair_add(rh, tosend, PW_AST_UNIQUE_ID, &cdr->uniqueid, strlen(cdr->uniqueid), VENDOR_CODE))
data/asterisk-16.15.0~dfsg/cdr/cdr_radius.c:192:70:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!rc_avpair_add(rh, tosend, PW_AST_USER_FIELD, &cdr->userfield, strlen(cdr->userfield), VENDOR_CODE))
data/asterisk-16.15.0~dfsg/cdr/cdr_radius.c:200:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!rc_avpair_add(rh, tosend, PW_USER_NAME, &cdr->channel, strlen(cdr->channel), 0))
data/asterisk-16.15.0~dfsg/cdr/cdr_radius.c:204:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!rc_avpair_add(rh, tosend, PW_ACCT_SESSION_ID, &cdr->uniqueid, strlen(cdr->uniqueid), 0))
data/asterisk-16.15.0~dfsg/cdr/cdr_sqlite3_custom.c:140:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		value = ast_calloc(sizeof(char), sizeof(*value) + strlen(v));
data/asterisk-16.15.0~dfsg/cdr/cdr_tds.c:318:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	for (; *str && strlen(buf) < len; str++) {
data/asterisk-16.15.0~dfsg/cdr/cdr_tds.c:329:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			memmove(srh_ptr, srh_ptr + strlen(known_bad[idx]), strlen(srh_ptr + strlen(known_bad[idx])) + 1);
data/asterisk-16.15.0~dfsg/cdr/cdr_tds.c:329:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			memmove(srh_ptr, srh_ptr + strlen(known_bad[idx]), strlen(srh_ptr + strlen(known_bad[idx])) + 1);
data/asterisk-16.15.0~dfsg/cdr/cdr_tds.c:329:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			memmove(srh_ptr, srh_ptr + strlen(known_bad[idx]), strlen(srh_ptr + strlen(known_bad[idx])) + 1);
data/asterisk-16.15.0~dfsg/cel/cel_beanstalkd.c:152:90:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	bs_id = bs_put(bs_socket, priority, BEANSTALK_JOB_DELAY, BEANSTALK_JOB_TTR, cel_buffer, strlen(cel_buffer));
data/asterisk-16.15.0~dfsg/cel/cel_odbc.c:137:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		lenconnection = strlen(connection);
data/asterisk-16.15.0~dfsg/cel/cel_odbc.c:151:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		lentable = strlen(table);
data/asterisk-16.15.0~dfsg/cel/cel_odbc.c:199:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				entry = ast_calloc(sizeof(char), sizeof(*entry) + strlen(celvar) + 1 + strlen(var->value) + 1);
data/asterisk-16.15.0~dfsg/cel/cel_odbc.c:199:76:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				entry = ast_calloc(sizeof(char), sizeof(*entry) + strlen(celvar) + 1 + strlen(var->value) + 1);
data/asterisk-16.15.0~dfsg/cel/cel_odbc.c:209:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				entry->filtervalue = (char *)entry + sizeof(*entry) + strlen(celvar) + 1;
data/asterisk-16.15.0~dfsg/cel/cel_odbc.c:237:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					if (item[0] == '"' && item[strlen(item) - 1] == '"') {
data/asterisk-16.15.0~dfsg/cel/cel_odbc.c:239:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						item[strlen(item) - 1] = '\0';
data/asterisk-16.15.0~dfsg/cel/cel_odbc.c:246:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			entry = ast_calloc(sizeof(char), sizeof(*entry) + strlen(columnname) + 1 + strlen(celvar) + 1 + strlen(staticvalue) + 1);
data/asterisk-16.15.0~dfsg/cel/cel_odbc.c:246:79:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			entry = ast_calloc(sizeof(char), sizeof(*entry) + strlen(columnname) + 1 + strlen(celvar) + 1 + strlen(staticvalue) + 1);
data/asterisk-16.15.0~dfsg/cel/cel_odbc.c:246:100:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			entry = ast_calloc(sizeof(char), sizeof(*entry) + strlen(columnname) + 1 + strlen(celvar) + 1 + strlen(staticvalue) + 1);
data/asterisk-16.15.0~dfsg/cel/cel_odbc.c:256:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				entry->celname = entry->name + strlen(columnname) + 1;
data/asterisk-16.15.0~dfsg/cel/cel_odbc.c:263:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				entry->staticvalue = entry->celname + strlen(entry->celname) + 1;
data/asterisk-16.15.0~dfsg/cel/cel_odbc.c:499:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				LENGTHEN_BUF1(strlen(entry->name));
data/asterisk-16.15.0~dfsg/cel/cel_odbc.c:528:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						if (strlen(colptr) > entry->octetlen) {
data/asterisk-16.15.0~dfsg/cel/cel_odbc.c:534:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					LENGTHEN_BUF2(strlen(colptr));
data/asterisk-16.15.0~dfsg/cel/cel_pgsql.c:200:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			LENGTHEN_BUF1(strlen(cur->name) + 2);
data/asterisk-16.15.0~dfsg/cel/cel_pgsql.c:235:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					LENGTHEN_BUF2(strlen(event_name) + 1);
data/asterisk-16.15.0~dfsg/cel/cel_pgsql.c:313:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						size_t required_size = strlen(value) * 2 + 1;
data/asterisk-16.15.0~dfsg/cel/cel_pgsql.c:330:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						PQescapeStringConn(conn, escapebuf, value, strlen(value), NULL);
data/asterisk-16.15.0~dfsg/cel/cel_pgsql.c:334:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					LENGTHEN_BUF2(strlen(escapebuf) + 3);
data/asterisk-16.15.0~dfsg/cel/cel_pgsql.c:590:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		tablename = ast_alloca(strlen(tmp_tablename) * 2 + 1);
data/asterisk-16.15.0~dfsg/cel/cel_pgsql.c:591:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		PQescapeStringConn(conn, tablename, tmp_tablename, strlen(tmp_tablename), NULL);
data/asterisk-16.15.0~dfsg/cel/cel_pgsql.c:595:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			lenschema = strlen(schema);
data/asterisk-16.15.0~dfsg/cel/cel_pgsql.c:637:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			cur = ast_calloc(1, sizeof(*cur) + strlen(fname) + strlen(ftype) + 2);
data/asterisk-16.15.0~dfsg/cel/cel_pgsql.c:637:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			cur = ast_calloc(1, sizeof(*cur) + strlen(fname) + strlen(ftype) + 2);
data/asterisk-16.15.0~dfsg/cel/cel_pgsql.c:641:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				cur->type = (char *)cur + sizeof(*cur) + strlen(fname) + 1;
data/asterisk-16.15.0~dfsg/cel/cel_radius.c:92:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define ADD_VENDOR_CODE(x,y) (rc_avpair_add(rh, send, x, (void *)y, strlen(y), VENDOR_CODE))
data/asterisk-16.15.0~dfsg/cel/cel_radius.c:152:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!rc_avpair_add(rh, send, PW_AST_EVENT_TIME, timestr, strlen(timestr), VENDOR_CODE)) {
data/asterisk-16.15.0~dfsg/cel/cel_radius.c:157:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!rc_avpair_add(rh, send, PW_AST_AMA_FLAGS, amaflags, strlen(amaflags), VENDOR_CODE)) {
data/asterisk-16.15.0~dfsg/cel/cel_radius.c:174:4:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strlen(record->channel_name), 0)) {
data/asterisk-16.15.0~dfsg/cel/cel_sqlite3_custom.c:143:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		value = ast_calloc(sizeof(char), sizeof(*value) + strlen(val) + 1);
data/asterisk-16.15.0~dfsg/cel/cel_sqlite3_custom.c:150:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ast_copy_string(value->expression, val, strlen(val) + 1);
data/asterisk-16.15.0~dfsg/cel/cel_tds.c:276:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	for (; *str && strlen(buf) < len; str++) {
data/asterisk-16.15.0~dfsg/cel/cel_tds.c:287:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			memmove(srh_ptr, srh_ptr + strlen(known_bad[idx]), strlen(srh_ptr + strlen(known_bad[idx])) + 1);
data/asterisk-16.15.0~dfsg/cel/cel_tds.c:287:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			memmove(srh_ptr, srh_ptr + strlen(known_bad[idx]), strlen(srh_ptr + strlen(known_bad[idx])) + 1);
data/asterisk-16.15.0~dfsg/cel/cel_tds.c:287:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			memmove(srh_ptr, srh_ptr + strlen(known_bad[idx]), strlen(srh_ptr + strlen(known_bad[idx])) + 1);
data/asterisk-16.15.0~dfsg/channels/chan_alsa.c:413:4:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
			usleep(1);
data/asterisk-16.15.0~dfsg/channels/chan_alsa.c:421:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
				usleep(1);
data/asterisk-16.15.0~dfsg/channels/chan_alsa.c:755:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
			strncat(text2send, a->argv[tmparg++], sizeof(text2send) - strlen(text2send) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_alsa.c:755:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(text2send, a->argv[tmparg++], sizeof(text2send) - strlen(text2send) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_alsa.c:756:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant character.
			strncat(text2send, " ", sizeof(text2send) - strlen(text2send) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_alsa.c:756:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(text2send, " ", sizeof(text2send) - strlen(text2send) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_alsa.c:759:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		text2send[strlen(text2send) - 1] = '\n';
data/asterisk-16.15.0~dfsg/channels/chan_alsa.c:761:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		f.datalen = strlen(text2send) + 1;
data/asterisk-16.15.0~dfsg/channels/chan_console.c:840:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		for (i = 0; i < strlen(s); i++) {
data/asterisk-16.15.0~dfsg/channels/chan_console.c:1163:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(buf);
data/asterisk-16.15.0~dfsg/channels/chan_console.c:1209:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (++x > a->n && !strncasecmp(pvt->name, a->word, strlen(a->word)))
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:1330:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		res = read(p->subs[index].dfd, buf, sizeof(buf));
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:1435:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
				res = read(p->subs[idx].dfd, buf, sizeof(buf));
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:3873:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	datalen += strlen(cause_str);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:4094:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	for (x = 0; x < strlen(fn); x++) {
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:5245:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(c) < p->stripmsd) {
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:5677:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
		usleep(1);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:6883:13:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	if ((res = sscanf(parse, "%30d,%20s", num_buffers, policy_str)) != 2) {
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:7117:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
				usleep(10000);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:7772:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(p->dop.dialstr) > 4) {
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:7774:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strcpy(p->echorest + (p->echotraining / 401) + 1, p->dop.dialstr + strlen(p->dop.dialstr) - 2);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:7777:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				p->dop.dialstr[strlen(p->dop.dialstr)-2] = '\0';
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:8633:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	res = read(p->subs[idx].dfd, readbuf, p->subs[idx].linear ? READ_SIZE * 2 : READ_SIZE);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:9487:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int extlen = strlen(exten);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:9493:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (extlen < strlen(pickupexten) && !strncmp(pickupexten, exten, extlen)) {
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:9616:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					res = my_getsigstr(chan, dtmfbuf + strlen(dtmfbuf), "*", 3000);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:9635:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if ((p->sig == SIG_FEATDMF) && (dtmfbuf[1] != '0') && (strlen(dtmfbuf) != 14))
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:9649:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					res = my_getsigstr(chan, dtmfbuf + strlen(dtmfbuf), "#", 3000);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:9666:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						res = my_getsigstr(chan, dtmfbuf + strlen(dtmfbuf), "*", 3000);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:9715:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if ((res > 0) && (strlen(anibuf) > 2)) {
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:9716:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (anibuf[strlen(anibuf) - 1] == '#')
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:9717:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					anibuf[strlen(anibuf) - 1] = 0;
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:9888:7:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
						usleep(500000);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:10238:10:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
									usleep(1);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:10245:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
							res = read(p->subs[idx].dfd, buf, sizeof(buf));
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:10284:7:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
						usleep(1);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:10355:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
								res = read(p->subs[idx].dfd, buf, sizeof(buf));
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:10526:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
							res = read(p->subs[idx].dfd, buf, sizeof(buf));
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:10596:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
								res = read(p->subs[idx].dfd, buf, sizeof(buf));
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:10819:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			if ((res = read(mtd->pvt->subs[SUB_REAL].dfd, mtd->buf, sizeof(mtd->buf))) < 0) {
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:11407:4:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
			usleep(1);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:11659:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
					res = read(i->subs[SUB_REAL].dfd, buf, sizeof(buf));
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:12170:6:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
					usleep(1);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:13997:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (write(pridebugfd, s, strlen(s)) < 0) {
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:14048:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (write(pridebugfd, s, strlen(s)) < 0) {
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:15888:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant character.
				strncat(output, ",", sizeof(output) - strlen(output) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:15888:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strncat(output, ",", sizeof(output) - strlen(output) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:15889:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
			strncat(output, tmp2, sizeof(output) - strlen(output) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:15889:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(output, tmp2, sizeof(output) - strlen(output) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:15945:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (!strlen(alarmstr))
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:15947:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(alarmstr)) {
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:15949:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				alarmstr[strlen(alarmstr) - 1] = '\0';
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:16403:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	for (i = 0; i < strlen(number); i++) {
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:17366:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
					strcat(blocking, "M");
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:17368:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
					strcat(blocking, " ");
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:17372:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
					strcat(blocking, "H");
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:17374:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
					strcat(blocking, " ");
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:17383:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
					strcat(blocking, "M");
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:17385:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
					strcat(blocking, " ");
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:17389:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
					strcat(blocking, "H");
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:17391:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
					strcat(blocking, " ");
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:17769:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (ast_strlen_zero(param.name) || (strlen(param.name) > sizeof(confp->chan.echocancel.params[0].name)-1)) {
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:18145:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				char varname[strlen(v->value) + 1];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:19099:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				char copy[strlen(v->value) + 1];
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:19830:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		buf = ast_malloc(((strlen(text) + 1) * ASCII_BYTES_PER_CHAR) + END_SILENCE_LEN + HEADER_LEN);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:19832:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		buf = ast_malloc(((strlen(text) + 1) * TDD_BYTES_PER_CHAR) + END_SILENCE_LEN);
data/asterisk-16.15.0~dfsg/channels/chan_dahdi.c:19855:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			ast_log(LOG_ERROR, "TDD generate (len %d) failed!!\n", (int)strlen(text));
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:3896:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:3982:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strncasecmp(a->argv[3], "default", strlen(a->argv[3])) == 0)
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:4027:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
			strncat(tmp, "EXISTS|", sizeof(tmp) - strlen(tmp) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:4027:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(tmp, "EXISTS|", sizeof(tmp) - strlen(tmp) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:4029:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
			strncat(tmp, "NONEXISTENT|", sizeof(tmp) - strlen(tmp) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:4029:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(tmp, "NONEXISTENT|", sizeof(tmp) - strlen(tmp) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:4031:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
			strncat(tmp, "CANEXIST|", sizeof(tmp) - strlen(tmp) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:4031:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(tmp, "CANEXIST|", sizeof(tmp) - strlen(tmp) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:4033:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
			strncat(tmp, "PENDING|", sizeof(tmp) - strlen(tmp) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:4033:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(tmp, "PENDING|", sizeof(tmp) - strlen(tmp) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:4035:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
			strncat(tmp, "TIMEOUT|", sizeof(tmp) - strlen(tmp) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:4035:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(tmp, "TIMEOUT|", sizeof(tmp) - strlen(tmp) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:4037:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
			strncat(tmp, "TRANSMITTED|", sizeof(tmp) - strlen(tmp) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:4037:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(tmp, "TRANSMITTED|", sizeof(tmp) - strlen(tmp) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:4039:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
			strncat(tmp, "MATCHMORE|", sizeof(tmp) - strlen(tmp) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:4039:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(tmp, "MATCHMORE|", sizeof(tmp) - strlen(tmp) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:4041:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
			strncat(tmp, "UNKNOWN|", sizeof(tmp) - strlen(tmp) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:4041:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(tmp, "UNKNOWN|", sizeof(tmp) - strlen(tmp) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:4044:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			tmp[strlen(tmp) - 1] = '\0';
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:4330:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		0, 0, (unsigned char *)text, strlen(text) + 1, -1);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:5244:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if ((osp_token_length = strlen(osp_token_ptr)) <= IAX_MAX_OSPTOKEN_SIZE) {
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:5273:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			for (i = 0; i < strlen(ast_var_value(var)); i += 255 - (strlen(ast_var_name(var)) + 1)) {
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:5273:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			for (i = 0; i < strlen(ast_var_value(var)); i += 255 - (strlen(ast_var_name(var)) + 1)) {
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:5469:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	MD5Update(&md5, (unsigned char *) key, strlen(key));
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:6519:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			MD5Update(&md5, (unsigned char *)iaxs[callno]->challenge, strlen(iaxs[callno]->challenge));
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:6520:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			MD5Update(&md5, (unsigned char *)tmppw, strlen(tmppw));
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:7144:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:8161:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			MD5Update(&md5, (unsigned char *)p->challenge, strlen(p->challenge));
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:8162:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			MD5Update(&md5, (unsigned char *)tmppw, strlen(tmppw));
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:8294:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			MD5Update(&md5, (unsigned char *)iaxs[callno]->challenge, strlen(iaxs[callno]->challenge));
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:8295:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			MD5Update(&md5, (unsigned char *)tmppw, strlen(tmppw));
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:8377:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			MD5Update(&md5, (unsigned char *)challenge, strlen(challenge));
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:8378:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			MD5Update(&md5, (unsigned char *)secret, strlen(secret));
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:8772:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!(reg = ast_calloc(1, sizeof(*reg) + strlen(hostname) + 1))) {
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:9246:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			tmpkey[strlen(tmpkey) - 1] = '\0';
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:9646:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(full_osptoken) != offset) {
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:9771:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
		usleep(1);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:10320:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		data_size += strlen(subclass);
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:13449:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(accountcode, "");
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:13450:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(language, "");
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:13451:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(mohinterpret, "");
data/asterisk-16.15.0~dfsg/channels/chan_iax2.c:13452:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(mohsuggest, "");
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:1608:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int len = strlen(name);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:1625:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int len = strlen(name);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:1637:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int len = strlen(name);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:1884:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			ast_debug(3, "Header: %s (%d)\n", req->header[f], (int) strlen(req->header[f]));
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:1913:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			ast_debug(3, "Line: %s (%d)\n", req->line[f], (int) strlen(req->line[f]));
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:1997:6:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	if (sscanf(c, "IN IP4 %256s", host) != 1) {
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2076:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	req->len += strlen(req->header[req->headers]);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2095:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		req->len += strlen(req->data + req->len);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2099:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	req->len += strlen(req->line[req->lines]);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2118:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	req->len += strlen(req->header[req->headers]);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2141:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	req->len += strlen(req->header[req->headers]);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2261:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
			strncat(m, costr, sizeof(m) - strlen(m) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2261:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(m, costr, sizeof(m) - strlen(m) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2263:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
			strncat(a, costr, sizeof(a) - strlen(a) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2263:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(a, costr, sizeof(a) - strlen(a) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2275:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
				strncat(m, costr, sizeof(m) - strlen(m) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2275:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strncat(m, costr, sizeof(m) - strlen(m) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2277:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
				strncat(a, costr, sizeof(a) - strlen(a) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2277:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strncat(a, costr, sizeof(a) - strlen(a) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2282:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
					strncat(a, costr, sizeof(a) - strlen(a) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2282:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					strncat(a, costr, sizeof(a) - strlen(a) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2287:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
	strncat(m, "\r\n", sizeof(m) - strlen(m) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2287:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	strncat(m, "\r\n", sizeof(m) - strlen(m) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2288:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(v) + strlen(s) + strlen(o) + strlen(c) + strlen(t) + strlen(m) + strlen(a);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2288:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(v) + strlen(s) + strlen(o) + strlen(c) + strlen(t) + strlen(m) + strlen(a);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2288:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(v) + strlen(s) + strlen(o) + strlen(c) + strlen(t) + strlen(m) + strlen(a);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2288:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(v) + strlen(s) + strlen(o) + strlen(c) + strlen(t) + strlen(m) + strlen(a);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2288:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(v) + strlen(s) + strlen(o) + strlen(c) + strlen(t) + strlen(m) + strlen(a);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2288:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(v) + strlen(s) + strlen(o) + strlen(c) + strlen(t) + strlen(m) + strlen(a);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2288:80:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(v) + strlen(s) + strlen(o) + strlen(c) + strlen(t) + strlen(m) + strlen(a);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2328:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(local, tmp, sizeof(local) - strlen(local) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2328:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(local, tmp, sizeof(local) - strlen(local) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2336:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
			strncat(local, tmp, sizeof(local) - strlen(local) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2336:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(local, tmp, sizeof(local) - strlen(local) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2385:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(local, tmp, sizeof(local) - strlen(local) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2385:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(local, tmp, sizeof(local) - strlen(local) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2393:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
			strncat(local, tmp, sizeof(local) - strlen(local) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2393:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(local, tmp, sizeof(local) - strlen(local) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2477:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(local, tmp, sizeof(local) - strlen(local) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2477:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(local, tmp, sizeof(local) - strlen(local) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2602:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(local, tmp, sizeof(local) - strlen(local) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2602:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(local, tmp, sizeof(local) - strlen(local) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2611:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
				strncat(local, tmp, sizeof(local) - strlen(local) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:2611:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strncat(local, tmp, sizeof(local) - strlen(local) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:3013:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(p->dtmf_buf);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:3028:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		while (strlen(p->dtmf_buf) == len) {
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:3039:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(p->dtmf_buf);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:3060:6:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
					usleep(500000);
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:3214:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			&& ((p->dtmf_buf[0] != '*') || (strlen(p->dtmf_buf) > 2))) {
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:3603:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		} else if ((strlen(ev) == 1) &&
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:3621:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				p->dtmf_buf[strlen(p->dtmf_buf)] = ev[0];
data/asterisk-16.15.0~dfsg/channels/chan_mgcp.c:3622:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				p->dtmf_buf[strlen(p->dtmf_buf)] = '\0';
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:2399:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	party->LengthOfNumber = strlen((char *) party->Number);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:3388:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len_prefix = strlen(str_prefix);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:3393:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len_main = strlen(str_main);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:3756:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (strncasecmp(a->argv[4], "only", strlen(a->argv[4]))) {
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:3774:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strncasecmp(a->argv[4], "port", strlen(a->argv[4])))
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:3791:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (strncasecmp(a->argv[6], "only", strlen(a->argv[6]))) {
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:5232:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (max_len < strlen(nr)) {
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:5245:88:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		tmp->bc->fac_out.u.CallDeflection.Component.Invoke.Deflection.Party.LengthOfNumber = strlen(nr);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:5252:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (max_len < strlen(nr)) {
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:5288:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (max_len < strlen(nr)) {
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:5303:91:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		tmp->bc->fac_out.u.CallRerouteing.Component.Invoke.CalledAddress.Party.LengthOfNumber = strlen(nr);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:5349:4:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strlen((char *) bc->fac_out.u.ActivationDiversion.Component.Invoke.ServedUser.Number);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:5354:4:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strlen((char *) bc->fac_out.u.ActivationDiversion.Component.Invoke.ForwardedTo.Party.Number);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:5390:4:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strlen((char *) bc->fac_out.u.DeactivationDiversion.Component.Invoke.ServedUser.Number);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:5534:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	msglen = strlen(msg);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:5551:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
		usleep(250000);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:5686:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int wordlen = strlen(a->word);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:6683:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant character.
			strncat(newbc->incoming_cid_tag, "_", sizeof(newbc->incoming_cid_tag) - strlen(newbc->incoming_cid_tag) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:6683:76:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(newbc->incoming_cid_tag, "_", sizeof(newbc->incoming_cid_tag) - strlen(newbc->incoming_cid_tag) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:6684:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
			strncat(newbc->incoming_cid_tag, newbc->caller.number, sizeof(newbc->incoming_cid_tag) - strlen(newbc->incoming_cid_tag) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:6684:93:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(newbc->incoming_cid_tag, newbc->caller.number, sizeof(newbc->incoming_cid_tag) - strlen(newbc->incoming_cid_tag) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:6935:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(bc->infos_pending) < sizeof(bc->infos_pending) - 1) {
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:6936:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
			strncat(bc->infos_pending, buf, sizeof(bc->infos_pending) - strlen(bc->infos_pending) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:6936:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(bc->infos_pending, buf, sizeof(bc->infos_pending) - strlen(bc->infos_pending) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:6941:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(bc->dialed.number) < sizeof(bc->dialed.number) - 1) {
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:6942:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
			strncat(bc->dialed.number, buf, sizeof(bc->dialed.number) - strlen(bc->dialed.number) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:6942:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(bc->dialed.number, buf, sizeof(bc->dialed.number) - strlen(bc->dialed.number) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:7207:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		bc->uulen = strlen(bc->uu);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:7425:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		len = read(tmp->pipe[0], tmp->ast_rd_buf, sizeof(tmp->ast_rd_buf));
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:8167:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strncmp(ast_channel_name(tmp), newname, strlen(newname))) {
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:8800:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		bc->uulen = strlen(bc->uu);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:10077:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
			strncat(bc->dialed.number, bc->info_dad, sizeof(bc->dialed.number) - strlen(bc->dialed.number) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:10077:73:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(bc->dialed.number, bc->info_dad, sizeof(bc->dialed.number) - strlen(bc->dialed.number) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:10163:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
					strncat(bc->dialed.number, bc->info_dad, sizeof(bc->dialed.number) - strlen(bc->dialed.number) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:10163:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					strncat(bc->dialed.number, bc->info_dad, sizeof(bc->dialed.number) - strlen(bc->dialed.number) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:10274:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant character.
			strncat(bc->incoming_cid_tag, "_", sizeof(bc->incoming_cid_tag) - strlen(bc->incoming_cid_tag) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:10274:70:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(bc->incoming_cid_tag, "_", sizeof(bc->incoming_cid_tag) - strlen(bc->incoming_cid_tag) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:10275:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
			strncat(bc->incoming_cid_tag, bc->dialed.number, sizeof(bc->incoming_cid_tag) - strlen(bc->incoming_cid_tag) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:10275:84:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(bc->incoming_cid_tag, bc->dialed.number, sizeof(bc->incoming_cid_tag) - strlen(bc->incoming_cid_tag) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:10491:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
			strncat(bc->dialed.number, bc->infos_pending, sizeof(bc->dialed.number) - strlen(bc->dialed.number) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:10491:78:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(bc->dialed.number, bc->infos_pending, sizeof(bc->dialed.number) - strlen(bc->dialed.number) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:12206:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (max_len < strlen(args.arg[0])) {
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:12218:87:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ch->bc->fac_out.u.CallDeflection.Component.Invoke.Deflection.Party.LengthOfNumber = strlen(args.arg[0]);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:12225:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (max_len < strlen(args.arg[0])) {
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:12248:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (max_len < strlen(args.arg[0])) {
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:12262:90:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ch->bc->fac_out.u.CallRerouteing.Component.Invoke.CalledAddress.Party.LengthOfNumber = strlen(args.arg[0]);
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:12507:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(tok) > 1 && tok[1] == '1') {
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:12736:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
				return read;
data/asterisk-16.15.0~dfsg/channels/chan_misdn.c:12761:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	return read;
data/asterisk-16.15.0~dfsg/channels/chan_motif.c:2558:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		data_size += 6 + strlen(iks_name(text));
data/asterisk-16.15.0~dfsg/channels/chan_oss.c:717:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	res = read(o->sounddev, o->oss_read_buf + o->readpos, sizeof(o->oss_read_buf) - o->readpos);
data/asterisk-16.15.0~dfsg/channels/chan_oss.c:1030:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int i = strlen(buf);
data/asterisk-16.15.0~dfsg/channels/chan_oss.c:1121:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		for (i = 0; i < strlen(digits); i++) {
data/asterisk-16.15.0~dfsg/channels/chan_oss.c:1317:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	for (i = 0; i < strlen(s); i++) {
data/asterisk-16.15.0~dfsg/channels/chan_phone.c:219:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
		usleep(320000);
data/asterisk-16.15.0~dfsg/channels/chan_phone.c:284:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
		usleep(320000);
data/asterisk-16.15.0~dfsg/channels/chan_phone.c:580:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	res = read(p->fd, p->buf, PHONE_MAX_BUF);
data/asterisk-16.15.0~dfsg/channels/chan_phone.c:656:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int length = strlen(text);
data/asterisk-16.15.0~dfsg/channels/chan_phone.c:929:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	res = read(i->fd, buf, sizeof(buf));
data/asterisk-16.15.0~dfsg/channels/chan_phone.c:953:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(i->ext) < AST_MAX_EXTENSION - 1)
data/asterisk-16.15.0~dfsg/channels/chan_phone.c:954:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
				strncat(i->ext, digit, sizeof(i->ext) - strlen(i->ext) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_phone.c:954:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strncat(i->ext, digit, sizeof(i->ext) - strlen(i->ext) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_phone.c:1265:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			size_t length = strlen(p->dev + 5);
data/asterisk-16.15.0~dfsg/channels/chan_phone.c:1307:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (value[strlen(value) - 1] == '%')
data/asterisk-16.15.0~dfsg/channels/chan_pjsip.c:1091:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncmp(left, right, strlen(right));
data/asterisk-16.15.0~dfsg/channels/chan_pjsip.c:1123:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	hold_uid = ao2_alloc_options(strlen(chan_uid) + 1, NULL,
data/asterisk-16.15.0~dfsg/channels/chan_pjsip.c:1129:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ast_copy_string(hold_uid, chan_uid, strlen(chan_uid) + 1);
data/asterisk-16.15.0~dfsg/channels/chan_pjsip.c:1793:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		device_buf_size = strlen(ast_channel_name(ast)) + 1;
data/asterisk-16.15.0~dfsg/channels/chan_pjsip.c:1809:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		device_buf_size = strlen(ast_channel_name(ast)) + 1;
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:2706:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy(data, payload, payload_len);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:2795:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!(msg_copy = ast_str_create(strlen(message) + 1))) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:3146:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			if (read(me->alert_pipe[0], &alert, sizeof(alert)) == -1) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:3585:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int len = strlen(sip_methods[id].text);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:3586:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int l_name = name ? strlen(name) : 0;
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:3700:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
		strncat(buf, "UDP,", SIP_TRANSPORT_STR_BUFSIZE - strlen(buf));
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:3700:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(buf, "UDP,", SIP_TRANSPORT_STR_BUFSIZE - strlen(buf));
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:3703:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
		strncat(buf, "TCP,", SIP_TRANSPORT_STR_BUFSIZE - strlen(buf));
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:3703:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(buf, "TCP,", SIP_TRANSPORT_STR_BUFSIZE - strlen(buf));
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:3706:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
		strncat(buf, "TLS,", SIP_TRANSPORT_STR_BUFSIZE - strlen(buf));
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:3706:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(buf, "TLS,", SIP_TRANSPORT_STR_BUFSIZE - strlen(buf));
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:3709:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
		strncat(buf, "WS,", SIP_TRANSPORT_STR_BUFSIZE - strlen(buf));
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:3709:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(buf, "WS,", SIP_TRANSPORT_STR_BUFSIZE - strlen(buf));
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:3712:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
		strncat(buf, "WSS,", SIP_TRANSPORT_STR_BUFSIZE - strlen(buf));
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:3712:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(buf, "WSS,", SIP_TRANSPORT_STR_BUFSIZE - strlen(buf));
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:3716:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(buf)) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:3717:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		buf[strlen(buf) - 1] = 0;
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:3993:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	l = strlen(buf) + 1;
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:4393:8:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
			if (sscanf(p->lastmsg, "Tx: %30s", method_str) == 1 || sscanf(p->lastmsg, "Rx: %30s", method_str) == 1) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:4393:59:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
			if (sscanf(p->lastmsg, "Tx: %30s", method_str) == 1 || sscanf(p->lastmsg, "Rx: %30s", method_str) == 1) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:6252:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				callid_size = strlen(tmpcall) + strlen(peer->fromdomain) + 2;
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:6252:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				callid_size = strlen(tmpcall) + strlen(peer->fromdomain) + 2;
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:6481:92:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		} else if (!p->options->addsipheaders && !strncmp(ast_var_name(current), "SIPADDHEADER", strlen("SIPADDHEADER"))) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:6689:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
		usleep(1);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:8434:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int len = strlen(name);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:8480:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int len = strlen(name);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:8539:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(name) == 1) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:8560:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int x, len = strlen(name), slen = (sname ? 1 : 0);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:9974:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					  i, (int) strlen(previous_header), previous_header);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:10011:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				  i, (int) strlen(previous_header), previous_header );
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:10103:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		boundary[strlen(boundary) - 1] = '\0';
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:10110:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!strncasecmp(line, boundary, strlen(boundary))){
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:10449:9:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
			if ((sscanf(m, "audio %30u/%30u %17s %n", &x, &numberofports, protocol, &len) == 3 && len > 0) ||
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:10450:9:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
			    (sscanf(m, "audio %30u %17s %n", &x, protocol, &len) == 2 && len > 0)) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:10454:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (!(offer->decline_m_line = ast_malloc(10 + strlen(protocol) + 1 + strlen(codecs) + 3))) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:10454:74:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (!(offer->decline_m_line = ast_malloc(10 + strlen(protocol) + 1 + strlen(codecs) + 3))) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:10559:9:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
			if ((sscanf(m, "video %30u/%30u %17s %n", &x, &numberofports, protocol, &len) == 3 && len > 0) ||
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:10560:9:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
			    (sscanf(m, "video %30u %17s %n", &x, protocol, &len) == 2 && len > 0)) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:10564:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (!(offer->decline_m_line = ast_malloc(10 + strlen(protocol) + 1 + strlen(codecs) + 3))) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:10564:74:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (!(offer->decline_m_line = ast_malloc(10 + strlen(protocol) + 1 + strlen(codecs) + 3))) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:10638:9:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
			if ((sscanf(m, "text %30u/%30u %17s %n", &x, &numberofports, protocol, &len) == 3 && len > 0) ||
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:10639:9:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
			    (sscanf(m, "text %30u %17s %n", &x, protocol, &len) == 2 && len > 0)) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:10643:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (!(offer->decline_m_line = ast_malloc(9 + strlen(protocol) + 1 + strlen(codecs) + 3))) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:10643:73:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (!(offer->decline_m_line = ast_malloc(9 + strlen(protocol) + 1 + strlen(codecs) + 3))) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:10744:15:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
			} else if (sscanf(m, "image %30u %17s t38%n", &x, protocol, &len) == 2 && len > 0) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:10748:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (!(offer->decline_m_line = ast_malloc(10 + strlen(protocol) + 7))) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:10763:9:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
			if ((sscanf(m, "%19s %30u/%30u %n", type, &x, &numberofports, &len) == 3 && len > 0) ||
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:10764:10:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
			     (sscanf(m, "%19s %30u %n", type, &x, &len) == 2 && len > 0)) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:10767:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (!(offer->decline_m_line = ast_malloc(2 + strlen(type) + 3 + strlen(m + len) + 3))) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:10767:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (!(offer->decline_m_line = ast_malloc(2 + strlen(type) + 3 + strlen(m + len) + 3))) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:11379:6:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	if (sscanf(c, "IN %3s %255s", proto, host) == 2) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:11432:6:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	if (sscanf(a, "ice-ufrag: %255s", ufrag) == 1) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:11435:13:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	} else if (sscanf(a, "ice-pwd: %255s", pwd) == 1) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:11438:13:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	} else if (sscanf(a, "candidate: %32s %30u %3s %30u %23s %30u typ %5s %*s %23s %*s %30u", foundation, &candidate.id, transport, (unsigned *)&candidate.priority,
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:11503:6:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	if (sscanf(a, "setup: %255s", value) == 1) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:11518:13:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	} else if (sscanf(a, "connection: %255s", value) == 1) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:11529:13:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	} else if (sscanf(a, "fingerprint: %31s %255s", hash, value) == 2) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:11710:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	} else if (!strncmp(a, red_fmtp, strlen(red_fmtp))) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:11713:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		red_cp = &red_fmtp[strlen(red_fmtp)];
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:11714:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(red_fmtp, a, 100);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:11822:14:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	} else if ((sscanf(attrib, "t38faxratemanagement:%255s", s) == 1)) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:11829:14:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	} else if ((sscanf(attrib, "t38faxudpec:%255s", s) == 1)) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:12001:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						memmove(rport, end, strlen(end) + 1);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:12067:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		trans += strlen(";transport=");
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:12901:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	hdr_len_name = strlen(hdr_name) + 1;
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:12902:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	hdr_len_value = strlen(hdr_value) + 1;
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:14189:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(e) < 3)	/* status code is 3 digits */
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:14552:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		name_len = strlen(n);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:14854:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (!strncmp(ast_var_name(current), "SIPADDHEADER", strlen("SIPADDHEADER"))) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:14867:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						end = content + strlen(content) -1;
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:15382:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					need = strlen(cid_num) + (cid_num_restricted ? strlen(invalid) :
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:15382:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					need = strlen(cid_num) + (cid_num_restricted ? strlen(invalid) :
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:15383:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
								  strlen(p->fromdomain)) + sizeof("sip:@");
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:15401:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					need = strlen(connected_num) + (connected_num_restricted ? strlen(invalid) :
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:15401:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					need = strlen(connected_num) + (connected_num_restricted ? strlen(invalid) :
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:15402:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
									strlen(p->fromdomain)) + sizeof("sip:@");
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:17268:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			len = strlen(header);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:17342:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        if (strncasecmp(c, i->key, strlen(i->key)) != 0) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:17346:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        c += strlen(i->key);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:17494:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			!strncasecmp(keys[K_RESP].s, resp_hash, strlen(resp_hash)) &&
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:17794:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strncasecmp(c, i->key, strlen(i->key)) != 0) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:17798:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			c += strlen(i->key);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:18693:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			|| !strncmp(decoded_uri, pickupexten, strlen(decoded_uri)))) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:19609:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			namebuf = name = ast_strdup(hdr + strlen("username=\""));
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:19746:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strncmp(content_type, "text/plain", strlen("text/plain"))) { /* No text/plain attachment */
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:19765:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(buf);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:19783:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		f.datalen = strlen(buf) + 1;
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:21054:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(peer_name) >= 4 && !strncasecmp("SIP/", peer_name, 4)) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:21498:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:22282:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:22310:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:22334:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
       int wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:22391:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:22434:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(a->argv[3]);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:22574:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(a->argv[3]);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:22802:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		for (j = 0; j < strlen(feat); j++) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:23100:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strncasecmp(tmp, "Digest ", strlen("Digest "))) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:23104:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	c = tmp + strlen("Digest ");
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:23109:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strncasecmp(c, i->key, strlen(i->key)) != 0)
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:23112:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			c += strlen(i->key);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:24478:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			char *quoted_rest = ast_alloca(strlen(rest) + 3);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:25776:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strncasecmp(sip_get_header(req, "Content-Type"), "message/sipfrag", strlen("message/sipfrag"))) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:28200:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!(doc = ast_xml_read_memory(pidf_body, strlen(pidf_body)))) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:29174:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				data_size += 4 + strlen(REQ_OFFSET_TO_STR(req, rlpart2));
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:30354:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ref_idx = strlen("refresher=");
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:30359:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (!strncasecmp(p_se_hdr, "uac", strlen("uac"))) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:30362:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			} else if (!strncasecmp(p_se_hdr, "uas", strlen("uas"))) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:31646:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		mailbox = ast_calloc(1, sizeof(*mailbox) + strlen(mbox));
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:34134:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size_t len = strlen(inbuf);
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:34163:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strncmp(ast_var_name(newvariable), "SIPADDHEADER", strlen("SIPADDHEADER")) == 0) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:34164:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (removeall || (!strncasecmp(ast_var_value(newvariable),inbuf,strlen(inbuf)))) {
data/asterisk-16.15.0~dfsg/channels/chan_sip.c:34385:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	a += strlen("crypto:");
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:2540:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strptr += strlen(thestrings[i]) + 1;
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:2541:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			callinfostrleft -= strlen(thestrings[i]) + 1;
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:2858:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int octalstrlen = strlen(text);
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:2884:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int octalstrlen = strlen(text);
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:2887:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		packetlen = req->len - MAXDISPLAYNOTIFYSTR + strlen(text) + strlen(extratext);
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:2887:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		packetlen = req->len - MAXDISPLAYNOTIFYSTR + strlen(text) + strlen(extratext);
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:2892:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		packetlen = req->len - MAXDISPLAYNOTIFYSTR + strlen(text);
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:2923:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int octalstrlen = strlen(text);
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:2948:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int octalstrlen = strlen(text);
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:2951:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		packetlen = req->len - MAXCALLINFOSTR + strlen(text) + strlen(extratext);
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:2951:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		packetlen = req->len - MAXCALLINFOSTR + strlen(text) + strlen(extratext);
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:2956:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		packetlen = req->len - MAXCALLINFOSTR + strlen(text);
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:3757:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant character.
		strncpy(--ptr, "\0", 1);
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:3779:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	wordlen = strlen(wordptr);
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:3907:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int wordlen = strlen(word), which = 0;
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:3945:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int wordlen = strlen(word), which = 0;
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:4670:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			charleft -= strlen(strp);
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:4671:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strp += strlen(strp);
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:4675:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				charleft -= strlen(strp);
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:4676:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strp += strlen(strp);
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:6269:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			len = strlen(sub->exten);
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:7108:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			len = strlen(sub->exten);
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:7574:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		if ((res = read(s->fd, req, skinny_header_size)) != skinny_header_size) {
data/asterisk-16.15.0~dfsg/channels/chan_skinny.c:7622:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			res = read(s->fd, ((char*)&req->data)+bytesread, dlen-bytesread);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:877:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size = strlen(lang_entry->str_trans)+1;
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1193:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	i = strlen(text);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1286:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	i = strlen(ustmtext(text, pte));
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1596:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	i = strlen(text);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1613:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			int n = strlen(text);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1630:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	i = strlen(text);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:1749:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	i = strlen(text);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:2486:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size = strlen(callerid);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:2953:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (offset > strlen(tmp_number)) {
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:2954:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			offset = strlen(tmp_number);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:2956:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		tmp_copy = strlen(tmp_number) - offset + 1;
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:2967:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		memcpy(tmp + strlen(tmp), pte->device->phone_number + offset, pte->device->size_phone_number - offset + 1);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:2969:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	offset = strlen(tmp);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:2971:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	for (i = strlen(tmp); i < TEXT_LENGTH_MAX; i++) {
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:3234:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (strlen(s->device->phone_number) > 0) {
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:3374:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
		usleep(pte->device->dtmfduration * 1000);	 /* XXX Less than perfect, blocking an important thread is not a good idea */
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:4049:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(pte->device->lst_cid)) {
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:4163:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(pte->device->maintext0)) {
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:4840:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(cidnum_str) == 0) {
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:4850:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(cidname_str) == 0) {
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:5554:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size = strlen(text);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:6173:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(a->argv[3]) < 9) {
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:6176:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(a->argv[4]);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:6277:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int len = strlen(src);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:6304:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int len = strlen(text);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:6696:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			int len = strlen(linelabel);
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:6821:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(tm.tm_zone) < 4) {
data/asterisk-16.15.0~dfsg/channels/chan_unistim.c:6824:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			} else if (strlen(tm.tm_zone) < 9) {
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:1254:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(p->ext, s, sizeof(p->ext) - strlen(p->ext) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:1254:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(p->ext, s, sizeof(p->ext) - strlen(p->ext) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:1343:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				str[strlen(str) - 1] = '\0';
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:1793:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(p->play_dtmf, s, sizeof(p->play_dtmf) - strlen(p->play_dtmf) - 1);
data/asterisk-16.15.0~dfsg/channels/chan_vpb.cc:1793:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	strncat(p->play_dtmf, s, sizeof(p->play_dtmf) - strlen(p->play_dtmf) - 1);
data/asterisk-16.15.0~dfsg/channels/console_board.c:238:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	l = strlen(s);
data/asterisk-16.15.0~dfsg/channels/console_gui.c:861:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int l = strlen(s), mod = 0;
data/asterisk-16.15.0~dfsg/channels/console_gui.c:1132:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int reg_len = strlen(region);
data/asterisk-16.15.0~dfsg/channels/console_gui.c:1573:6:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	i = sscanf(val, "%14s %14s %d %d %d %d %d",
data/asterisk-16.15.0~dfsg/channels/console_video.c:384:23:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	return dev->grabber->read(dev->grabber_data);
data/asterisk-16.15.0~dfsg/channels/console_video.c:570:4:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
			usleep(t);
data/asterisk-16.15.0~dfsg/channels/console_video.h:83:19:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	struct fbuf_t *(*read)(void *d);
data/asterisk-16.15.0~dfsg/channels/iax2/codec_pref.c:212:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		name_len = strlen(name);
data/asterisk-16.15.0~dfsg/channels/iax2/firmware.c:70:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	s2 = ast_alloca(strlen(s) + 100);
data/asterisk-16.15.0~dfsg/channels/iax2/firmware.c:78:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	snprintf(s2, strlen(s) + 100, "/var/tmp/%s-%ld", last, ast_random());
data/asterisk-16.15.0~dfsg/channels/iax2/firmware.c:108:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		res = read(ifd, buf, chunk);
data/asterisk-16.15.0~dfsg/channels/iax2/firmware.c:127:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	if ((res = read(fd, &fwh2, sizeof(fwh2))) != sizeof(fwh2)) {
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:122:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(output, value, maxlen);
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:137:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(output, value, maxlen);
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:235:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(tmp))
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:369:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(output, "\n");
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:370:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	maxlen -= strlen(output); output += strlen(output);
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:370:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	maxlen -= strlen(output); output += strlen(output);
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:377:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			maxlen -= strlen(output);
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:378:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			output += strlen(output);
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:388:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					maxlen -= strlen(output); output += strlen(output);
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:388:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					maxlen -= strlen(output); output += strlen(output);
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:396:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					maxlen -= strlen(output); output += strlen(output);
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:396:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					maxlen -= strlen(output); output += strlen(output);
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:404:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			maxlen -= strlen(output); output += strlen(output);
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:404:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			maxlen -= strlen(output); output += strlen(output);
data/asterisk-16.15.0~dfsg/channels/iax2/parser.c:767:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return iax_ie_append_raw(ied, ie, str, strlen(str));
data/asterisk-16.15.0~dfsg/channels/iax2/provision.c:101:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
			strncat(buf, iax_flags[x].name, buflen - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/channels/iax2/provision.c:101:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(buf, iax_flags[x].name, buflen - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/channels/iax2/provision.c:102:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant character.
			strncat(buf, ",", buflen - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/channels/iax2/provision.c:102:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(buf, ",", buflen - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/channels/iax2/provision.c:107:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		buf[strlen(buf) - 1] = '\0';
data/asterisk-16.15.0~dfsg/channels/iax2/provision.c:109:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
		strncpy(buf, "none", buflen - 1);
data/asterisk-16.15.0~dfsg/channels/iax2/provision.c:184:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/channels/iax2/provision.c:222:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (force || strlen(cur->user))
data/asterisk-16.15.0~dfsg/channels/iax2/provision.c:224:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (force || strlen(cur->pass))
data/asterisk-16.15.0~dfsg/channels/iax2/provision.c:226:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (force || strlen(cur->lang))
data/asterisk-16.15.0~dfsg/channels/iax2/provision.c:296:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (t && strlen(t)) {
data/asterisk-16.15.0~dfsg/channels/iax2/provision.c:419:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(s))
data/asterisk-16.15.0~dfsg/channels/iax2/provision.c:469:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			ast_cli(a->fd, "Base Templ:   %s\n", strlen(cur->src) ? cur->src : "<none>");
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:50:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(dest, src, len);
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:375:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	l = 1+strlen((char *)number);
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:384:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy((char *)p+3, (char *)number, strlen((char *)number));
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:384:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	strncpy((char *)p+3, (char *)number, strlen((char *)number));
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:447:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		l += strlen((char *)number);
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:462:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy((char *)p+4, (char *)number, strlen((char *)number));
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:462:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncpy((char *)p+4, (char *)number, strlen((char *)number));
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:467:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy((char *)p+3, (char *)number, strlen((char *)number));
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:467:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncpy((char *)p+3, (char *)number, strlen((char *)number));
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:549:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		l += strlen((char *)number);
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:564:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy((char *)p+4, (char *)number, strlen((char *)number));
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:564:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncpy((char *)p+4, (char *)number, strlen((char *)number));
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:569:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy((char *)p+3, (char *)number, strlen((char *)number));
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:569:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncpy((char *)p+3, (char *)number, strlen((char *)number));
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:900:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	l = strlen(display);
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:917:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy((char *) p + 2, display, l);
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:961:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	l = strlen(keypad);
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:969:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy((char *)p+2, keypad, strlen(keypad));
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:969:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	strncpy((char *)p+2, keypad, strlen(keypad));
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:1150:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		l += strlen((char *)number);
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:1172:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
				strncpy((char *)p+5, (char *)number, strlen((char *)number));
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:1172:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strncpy((char *)p+5, (char *)number, strlen((char *)number));
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:1178:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
				strncpy((char *)p+4, (char *)number, strlen((char *)number));
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:1178:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strncpy((char *)p+4, (char *)number, strlen((char *)number));
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:1184:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy((char *)p+3, (char *)number, strlen((char *)number));
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:1184:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncpy((char *)p+3, (char *)number, strlen((char *)number));
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:1261:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		l += strlen((char *)number);
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:1277:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy((char *)p+4, (char *)number, strlen((char *)number));
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:1277:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncpy((char *)p+4, (char *)number, strlen((char *)number));
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:1282:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy((char *)p+3, (char *)number, strlen((char *)number));
data/asterisk-16.15.0~dfsg/channels/misdn/ie.c:1282:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncpy((char *)p+3, (char *)number, strlen((char *)number));
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:363:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
		usleep(300000);
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:403:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
		usleep(300000);
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:1104:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
				strncpy(li.name, "B L3", l);
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:1115:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
				strncpy(li.name, "B L4", l);
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:1357:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy(li.name,nt?"net l2":"user l4", l);
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:1607:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				manager_ph_control_block(bc,  BF_ENABLE_KEY, bc->crypt_key, strlen(bc->crypt_key) );
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:1636:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				manager_ph_control_block(bc,  BF_ENABLE_KEY, bc->crypt_key, strlen(bc->crypt_key) );
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:3035:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
				usleep(5000);
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:3619:66:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					manager_ph_control_block(bc,  BF_ENABLE_KEY, bc->crypt_key, strlen(bc->crypt_key) );
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:4171:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(plist, portlist, 1024);
data/asterisk-16.15.0~dfsg/channels/misdn/isdn_lib.c:4641:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		manager_ph_control_block(bc, PIPELINE_CFG, bc->pipeline, strlen(bc->pipeline) + 1);
data/asterisk-16.15.0~dfsg/channels/misdn_config.c:799:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((l = strlen(ports))) {
data/asterisk-16.15.0~dfsg/channels/misdn_config.c:878:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
					strncat(tempbuf, iter->msn, sizeof(tempbuf) - strlen(tempbuf) - 1);
data/asterisk-16.15.0~dfsg/channels/misdn_config.c:878:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					strncat(tempbuf, iter->msn, sizeof(tempbuf) - strlen(tempbuf) - 1);
data/asterisk-16.15.0~dfsg/channels/misdn_config.c:880:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (strlen(tempbuf) > 1) {
data/asterisk-16.15.0~dfsg/channels/misdn_config.c:881:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					tempbuf[strlen(tempbuf)-2] = 0;
data/asterisk-16.15.0~dfsg/channels/misdn_config.c:964:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if ((len = strlen(value))) {
data/asterisk-16.15.0~dfsg/channels/misdn_config.c:966:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy(dest->str, value, len);
data/asterisk-16.15.0~dfsg/channels/misdn_config.c:1009:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if ((len = strlen(valtmp))) {
data/asterisk-16.15.0~dfsg/channels/misdn_config.c:1012:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
				strncpy(ml->msn, valtmp, len);
data/asterisk-16.15.0~dfsg/channels/misdn_config.c:1075:9:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
				if (sscanf(token, "%30d-%30d%511s", &start, &end, ptpbuf) >= 2) {
data/asterisk-16.15.0~dfsg/channels/misdn_config.c:1084:10:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
					if (sscanf(token, "%30d%511s", &start, ptpbuf)) {
data/asterisk-16.15.0~dfsg/channels/pjsip/cli_commands.c:70:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncmp(left_obj->name, right_key, strlen(right_key));
data/asterisk-16.15.0~dfsg/channels/pjsip/cli_commands.c:99:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncmp(left_obj->name, right_key, strlen(right_key));
data/asterisk-16.15.0~dfsg/channels/pjsip/cli_commands.c:126:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strncmp(left_obj->name, right_key, strlen(right_key)) == 0) {
data/asterisk-16.15.0~dfsg/channels/pjsip/cli_commands.c:158:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strncmp(left_obj->name, right_key, strlen(right_key)) == 0) {
data/asterisk-16.15.0~dfsg/channels/pjsip/cli_commands.c:285:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	print_name_len = strlen(snapshot->name) + strlen(snapshot->appl) + 2;
data/asterisk-16.15.0~dfsg/channels/pjsip/cli_commands.c:285:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	print_name_len = strlen(snapshot->name) + strlen(snapshot->appl) + 2;
data/asterisk-16.15.0~dfsg/channels/pjsip/dialplan_functions.c:1290:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size = strlen(ast_format_get_name(fmt)) + 1;
data/asterisk-16.15.0~dfsg/channels/pjsip/dialplan_functions.c:1479:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(buf, AST_YESNO(channel->session->moh_passthrough), len);
data/asterisk-16.15.0~dfsg/channels/sig_analog.c:581:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
		usleep(1);
data/asterisk-16.15.0~dfsg/channels/sig_analog.c:1034:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (c && (strlen(c) < p->stripmsd)) {
data/asterisk-16.15.0~dfsg/channels/sig_analog.c:1145:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(c) < p->stripmsd) {
data/asterisk-16.15.0~dfsg/channels/sig_analog.c:1220:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (p->echotraining && (strlen(p->dop.dialstr) > 4)) {
data/asterisk-16.15.0~dfsg/channels/sig_analog.c:1222:71:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strcpy(p->echorest + (p->echotraining / 400) + 1, p->dop.dialstr + strlen(p->dop.dialstr) - 2);
data/asterisk-16.15.0~dfsg/channels/sig_analog.c:1225:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			p->dop.dialstr[strlen(p->dop.dialstr)-2] = '\0';
data/asterisk-16.15.0~dfsg/channels/sig_analog.c:1688:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int extlen = strlen(exten);
data/asterisk-16.15.0~dfsg/channels/sig_analog.c:1692:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (extlen < strlen(pickupexten) && !strncmp(pickupexten, exten, extlen)) {
data/asterisk-16.15.0~dfsg/channels/sig_analog.c:1820:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					res = analog_my_getsigstr(chan, dtmfbuf + strlen(dtmfbuf), "*", 3000);
data/asterisk-16.15.0~dfsg/channels/sig_analog.c:1849:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					&& (strlen(dtmfbuf) != 14)) {
data/asterisk-16.15.0~dfsg/channels/sig_analog.c:1867:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					res = analog_my_getsigstr(chan, dtmfbuf + strlen(dtmfbuf), "#", 3000);
data/asterisk-16.15.0~dfsg/channels/sig_analog.c:1888:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						res = analog_my_getsigstr(chan, dtmfbuf + strlen(dtmfbuf), "*", 3000);
data/asterisk-16.15.0~dfsg/channels/sig_analog.c:1940:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if ((res > 0) && (strlen(anibuf) > 2)) {
data/asterisk-16.15.0~dfsg/channels/sig_analog.c:1941:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (anibuf[strlen(anibuf) - 1] == '#') {
data/asterisk-16.15.0~dfsg/channels/sig_analog.c:1942:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					anibuf[strlen(anibuf) - 1] = 0;
data/asterisk-16.15.0~dfsg/channels/sig_analog.c:2134:7:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
						usleep(500000);
data/asterisk-16.15.0~dfsg/channels/sig_analog.c:2509:9:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
								usleep(1);
data/asterisk-16.15.0~dfsg/channels/sig_analog.c:2521:7:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
						usleep(1);
data/asterisk-16.15.0~dfsg/channels/sig_analog.c:2754:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		data_size += strlen(subclass);
data/asterisk-16.15.0~dfsg/channels/sig_analog.c:2981:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(p->dop.dialstr) > 4) {
data/asterisk-16.15.0~dfsg/channels/sig_analog.c:2983:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strcpy(p->echorest + (p->echotraining / 401) + 1, p->dop.dialstr + strlen(p->dop.dialstr) - 2);
data/asterisk-16.15.0~dfsg/channels/sig_analog.c:2986:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				p->dop.dialstr[strlen(p->dop.dialstr)-2] = '\0';
data/asterisk-16.15.0~dfsg/channels/sig_analog.c:3840:4:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
			usleep(1);
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:810:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int len = strlen(src);
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:853:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			pri_subaddress->length = strlen((char *) pri_subaddress->data);
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:867:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			length = strlen(ast_subaddress->str);
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:1444:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int datalen = sizeof(*cause_code) + strlen(cause);
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:2151:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(exten);
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:2925:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	monitor_instance = ao2_alloc(sizeof(*monitor_instance) + strlen(device_name),
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:6144:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		&& (!strlen(pri->pvts[chanpos]->exten)
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:6611:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					int digitlen = strlen(e->digit.digits);
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:6644:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					int digitlen = strlen(e->ring.callednum);
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:7479:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				len = strlen(pri->pvts[chanpos]->dialdest);
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:7844:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(number) < p->stripmsd) {
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:7995:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(c) < p->stripmsd) {
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:8060:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strncmp(c + p->stripmsd, p->pri->internationalprefix, strlen(p->pri->internationalprefix)) == 0) {
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:8062:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				dp_strip = strlen(p->pri->internationalprefix);
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:8065:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		} else if (strncmp(c + p->stripmsd, p->pri->nationalprefix, strlen(p->pri->nationalprefix)) == 0) {
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:8067:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				dp_strip = strlen(p->pri->nationalprefix);
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:8197:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strncmp(l, p->pri->internationalprefix, strlen(p->pri->internationalprefix)) == 0) {
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:8199:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				ldp_strip = strlen(p->pri->internationalprefix);
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:8202:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		} else if (strncmp(l, p->pri->nationalprefix, strlen(p->pri->nationalprefix)) == 0) {
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:8204:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				ldp_strip = strlen(p->pri->nationalprefix);
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:8543:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					strlen(p->pri->internationalprefix))) {
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:8544:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					prefix_strip = strlen(p->pri->internationalprefix);
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:8547:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					strlen(p->pri->nationalprefix))) {
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:8548:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					prefix_strip = strlen(p->pri->nationalprefix);
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:8559:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						strlen(connected.id.number.str + prefix_strip) + 1);
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:8798:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			len = strlen(pvt->dialdest);
data/asterisk-16.15.0~dfsg/channels/sig_pri.c:9533:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		display.length = strlen(display.text);
data/asterisk-16.15.0~dfsg/channels/sig_ss7.c:441:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int datalen = sizeof(*cause_code) + strlen(cause);
data/asterisk-16.15.0~dfsg/channels/sig_ss7.c:1709:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
					strncat(p->exten, e->sam.called_party_num, sizeof(p->exten) - strlen(p->exten) - 1);
data/asterisk-16.15.0~dfsg/channels/sig_ss7.c:1709:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					strncat(p->exten, e->sam.called_party_num, sizeof(p->exten) - strlen(p->exten) - 1);
data/asterisk-16.15.0~dfsg/channels/sig_ss7.c:2522:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strncmp(number, p->ss7->internationalprefix, strlen(p->ss7->internationalprefix)) == 0) {
data/asterisk-16.15.0~dfsg/channels/sig_ss7.c:2523:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strip = strlen(p->ss7->internationalprefix);
data/asterisk-16.15.0~dfsg/channels/sig_ss7.c:2525:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	} else if (strncmp(number, p->ss7->nationalprefix, strlen(p->ss7->nationalprefix)) == 0) {
data/asterisk-16.15.0~dfsg/channels/sig_ss7.c:2526:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strip = strlen(p->ss7->nationalprefix);
data/asterisk-16.15.0~dfsg/channels/sig_ss7.c:2528:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	} else if (strncmp(number, p->ss7->networkroutedprefix, strlen(p->ss7->networkroutedprefix)) == 0) {
data/asterisk-16.15.0~dfsg/channels/sig_ss7.c:2529:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strip = strlen(p->ss7->networkroutedprefix);
data/asterisk-16.15.0~dfsg/channels/sig_ss7.c:2531:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	} else if (strncmp(number, p->ss7->unknownprefix, strlen(p->ss7->unknownprefix)) == 0) {
data/asterisk-16.15.0~dfsg/channels/sig_ss7.c:2532:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strip = strlen(p->ss7->unknownprefix);
data/asterisk-16.15.0~dfsg/channels/sig_ss7.c:2534:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	} else if (strncmp(number, p->ss7->subscriberprefix, strlen(p->ss7->subscriberprefix)) == 0) {
data/asterisk-16.15.0~dfsg/channels/sig_ss7.c:2535:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strip = strlen(p->ss7->subscriberprefix);
data/asterisk-16.15.0~dfsg/channels/sig_ss7.c:2867:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(c) < p->stripmsd) {
data/asterisk-16.15.0~dfsg/channels/sig_ss7.c:2936:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((rlt_flag) && ((strncmp("NO", rlt_flag, strlen(rlt_flag))) != 0 )) {
data/asterisk-16.15.0~dfsg/channels/sig_ss7.c:2948:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (send_far && strncmp("NO", send_far, strlen(send_far)) != 0) {
data/asterisk-16.15.0~dfsg/channels/sig_ss7.c:2987:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (ss7_cug_interlock_code && ss7_cug_interlock_ni && strlen(ss7_cug_interlock_ni) == 4) {
data/asterisk-16.15.0~dfsg/channels/sip/config_parser.c:130:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		pre2.transport[strlen(pre2.transport) - 1] = '\0'; /* Remove trailing : */
data/asterisk-16.15.0~dfsg/channels/sip/reqresp_parser.c:79:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			l = strlen(cur);
data/asterisk-16.15.0~dfsg/channels/sip/reqresp_parser.c:1739:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			size_t copylen = strlen(next);
data/asterisk-16.15.0~dfsg/channels/sip/reqresp_parser.c:1740:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			size_t cur_outlen = strlen(out);
data/asterisk-16.15.0~dfsg/channels/sip/reqresp_parser.c:2085:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(headers1) != strlen(headers2)) {
data/asterisk-16.15.0~dfsg/channels/sip/reqresp_parser.c:2085:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(headers1) != strlen(headers2)) {
data/asterisk-16.15.0~dfsg/channels/sip/route.c:123:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		const char *uri = sip_route_add(dst, hop->uri, strlen(hop->uri), 0);
data/asterisk-16.15.0~dfsg/channels/vgrabbers.c:296:7:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		r = read(v->fd, b->data + b->used, l);
data/asterisk-16.15.0~dfsg/codecs/codec_dahdi.c:450:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	res = read(dahdip->fd, pvt->outbuf.c + pvt->datalen, pvt->t->buf_size - pvt->datalen);
data/asterisk-16.15.0~dfsg/codecs/codec_dahdi.c:527:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		res = read(dahdip->fd, dahdip->ulaw_buffer, sizeof(dahdip->ulaw_buffer));
data/asterisk-16.15.0~dfsg/codecs/codec_dahdi.c:529:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		res = read(dahdip->fd, pvt->outbuf.c + pvt->datalen, pvt->t->buf_size - pvt->datalen);
data/asterisk-16.15.0~dfsg/contrib/utils/eagi_proxy.c:168:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			write_buf(command_desc,buf,strlen(buf));
data/asterisk-16.15.0~dfsg/contrib/utils/eagi_proxy.c:181:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		write_buf(command_desc,buf,strlen(buf));
data/asterisk-16.15.0~dfsg/contrib/utils/eagi_proxy.c:206:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		count=read(file,buffer+pos,num);
data/asterisk-16.15.0~dfsg/contrib/utils/eagi_proxy.c:288:7:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		res=read(desc,&c,1);
data/asterisk-16.15.0~dfsg/contrib/utils/rawplayer.c:22:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		while ((bytes=read(fd, buf, BUFLEN)) > 0) {
data/asterisk-16.15.0~dfsg/funcs/func_aes.c:108:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(args.key) != AES_BLOCK_SIZE) {        /* key must be of 16 characters in length, 128 bits */
data/asterisk-16.15.0~dfsg/funcs/func_aes.c:125:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		data_len = strlen(tmp);
data/asterisk-16.15.0~dfsg/funcs/func_base64.c:85:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			ast_base64encode(buf, (unsigned char *) data, strlen(data), len);
data/asterisk-16.15.0~dfsg/funcs/func_base64.c:88:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				ast_str_make_space(str, len ? len : ast_str_strlen(*str) + strlen(data) * 4 / 3 + 2);
data/asterisk-16.15.0~dfsg/funcs/func_base64.c:90:90:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			ast_base64encode(ast_str_buffer(*str) + ast_str_strlen(*str), (unsigned char *) data, strlen(data), ast_str_size(*str) - ast_str_strlen(*str));
data/asterisk-16.15.0~dfsg/funcs/func_base64.c:102:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				ast_str_make_space(str, len ? len : ast_str_strlen(*str) + strlen(data) * 3 / 4 + 2);
data/asterisk-16.15.0~dfsg/funcs/func_channel.c:684:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			size_t namelen = strlen(ast_channel_name(c));
data/asterisk-16.15.0~dfsg/funcs/func_channel.c:687:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
					strcat(buf, " ");
data/asterisk-16.15.0~dfsg/funcs/func_channel.c:718:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char *template = ast_alloca(4 + strlen(data));
data/asterisk-16.15.0~dfsg/funcs/func_config.c:138:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (!(cur = ast_calloc(1, sizeof(*cur) + strlen(args.filename) + 1))) {
data/asterisk-16.15.0~dfsg/funcs/func_config.c:167:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (!(cur = ast_calloc(1, sizeof(*cur) + strlen(args.filename) + 1))) {
data/asterisk-16.15.0~dfsg/funcs/func_curl.c:384:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if ((new = ast_calloc(1, sizeof(*new) + strlen(value) + 1))) {
data/asterisk-16.15.0~dfsg/funcs/func_cut.c:142:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int blen = strlen(buffer);
data/asterisk-16.15.0~dfsg/funcs/func_cut.c:144:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant character.
			strncat(buffer + blen, ",", buflen - blen - 1);
data/asterisk-16.15.0~dfsg/funcs/func_cut.c:147:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(buffer + blen, sortable_keys[count2].key, buflen - blen - 1);
data/asterisk-16.15.0~dfsg/funcs/func_cut.c:172:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	var_expr = ast_alloca(strlen(args.varname) + 4);
data/asterisk-16.15.0~dfsg/funcs/func_cut.c:175:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	snprintf(var_expr, strlen(args.varname) + 4, "${%s}", args.varname);
data/asterisk-16.15.0~dfsg/funcs/func_db.c:213:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
		strcpy(buf, "0");
data/asterisk-16.15.0~dfsg/funcs/func_db.c:216:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
		strcpy(buf, "1");
data/asterisk-16.15.0~dfsg/funcs/func_db.c:230:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t parselen = strlen(parse);
data/asterisk-16.15.0~dfsg/funcs/func_db.c:271:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ast_str_append_escapecommas(result, maxlen, curkey, strlen(curkey));
data/asterisk-16.15.0~dfsg/funcs/func_devstate.c:111:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t len = strlen("Custom:");
data/asterisk-16.15.0~dfsg/funcs/func_devstate.c:274:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen("Custom:");
data/asterisk-16.15.0~dfsg/funcs/func_dialgroup.c:147:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int tmp = strlen(entry->name);
data/asterisk-16.15.0~dfsg/funcs/func_dialplan.c:83:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(buf, "0");
data/asterisk-16.15.0~dfsg/funcs/func_dialplan.c:101:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
				strcpy(buf, "1");
data/asterisk-16.15.0~dfsg/funcs/func_dialplan.c:108:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
				strcpy(buf, "1");
data/asterisk-16.15.0~dfsg/funcs/func_dialplan.c:116:4:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
			strcpy(buf, "1");
data/asterisk-16.15.0~dfsg/funcs/func_dialplan.c:119:4:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
			strcpy(buf, "1");
data/asterisk-16.15.0~dfsg/funcs/func_enum.c:205:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
			strncat(num, tmp, sizeof(num) - strlen(num) - 1);
data/asterisk-16.15.0~dfsg/funcs/func_enum.c:205:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(num, tmp, sizeof(num) - strlen(num) - 1);
data/asterisk-16.15.0~dfsg/funcs/func_env.c:289:4:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
			strcpy(buf, "1");
data/asterisk-16.15.0~dfsg/funcs/func_env.c:769:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	vlength = strlen(value);
data/asterisk-16.15.0~dfsg/funcs/func_env.c:960:84:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			} else if (!strchr(args.options, 'd') && fwrite(format2term(newline_format), 1, strlen(format2term(newline_format)), ff) < strlen(format2term(newline_format))) {
data/asterisk-16.15.0~dfsg/funcs/func_env.c:960:127:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			} else if (!strchr(args.options, 'd') && fwrite(format2term(newline_format), 1, strlen(format2term(newline_format)), ff) < strlen(format2term(newline_format))) {
data/asterisk-16.15.0~dfsg/funcs/func_env.c:973:84:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			} else if (!strchr(args.options, 'd') && fwrite(format2term(newline_format), 1, strlen(format2term(newline_format)), ff) < strlen(format2term(newline_format))) {
data/asterisk-16.15.0~dfsg/funcs/func_env.c:973:127:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			} else if (!strchr(args.options, 'd') && fwrite(format2term(newline_format), 1, strlen(format2term(newline_format)), ff) < strlen(format2term(newline_format))) {
data/asterisk-16.15.0~dfsg/funcs/func_env.c:1124:84:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (length_offset - offset_offset == vlength + (strchr(args.options, 'd') ? 0 : strlen(format2term(newline_format)))) {
data/asterisk-16.15.0~dfsg/funcs/func_env.c:1129:85:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				} else if (!strchr(args.options, 'd') && fwrite(format2term(newline_format), 1, strlen(format2term(newline_format)), ff) < strlen(format2term(newline_format))) {
data/asterisk-16.15.0~dfsg/funcs/func_env.c:1129:128:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				} else if (!strchr(args.options, 'd') && fwrite(format2term(newline_format), 1, strlen(format2term(newline_format)), ff) < strlen(format2term(newline_format))) {
data/asterisk-16.15.0~dfsg/funcs/func_env.c:1133:90:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			} else if (length_offset - offset_offset > vlength + (strchr(args.options, 'd') ? 0 : strlen(format2term(newline_format)))) {
data/asterisk-16.15.0~dfsg/funcs/func_env.c:1137:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				size_t vlen = vlength + (strchr(args.options, 'd') ? 0 : strlen(format2term(newline_format)));
data/asterisk-16.15.0~dfsg/funcs/func_env.c:1178:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				size_t vlen = vlength + (strchr(args.options, 'd') ? 0 : strlen(format2term(newline_format)));
data/asterisk-16.15.0~dfsg/funcs/func_env.c:1214:85:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				} else if (!strchr(args.options, 'd') && fwrite(format2term(newline_format), 1, strlen(format2term(newline_format)), ff) < strlen(format2term(newline_format))) {
data/asterisk-16.15.0~dfsg/funcs/func_env.c:1214:128:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				} else if (!strchr(args.options, 'd') && fwrite(format2term(newline_format), 1, strlen(format2term(newline_format)), ff) < strlen(format2term(newline_format))) {
data/asterisk-16.15.0~dfsg/funcs/func_global.c:167:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		char *prefix = ast_alloca(strlen(args.chan) + 2);
data/asterisk-16.15.0~dfsg/funcs/func_global.c:169:105:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!(c_ref = ast_channel_get_by_name(args.chan)) && !(c_ref = ast_channel_get_by_name_prefix(prefix, strlen(prefix)))) {
data/asterisk-16.15.0~dfsg/funcs/func_global.c:230:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		char *prefix = ast_alloca(strlen(args.chan) + 2);
data/asterisk-16.15.0~dfsg/funcs/func_global.c:232:105:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!(c_ref = ast_channel_get_by_name(args.chan)) && !(c_ref = ast_channel_get_by_name_prefix(prefix, strlen(prefix)))) {
data/asterisk-16.15.0~dfsg/funcs/func_global.c:242:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = 9 + strlen(args.var); /* SHARED() + var */
data/asterisk-16.15.0~dfsg/funcs/func_iconv.c:100:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	incount = strlen(args.text);
data/asterisk-16.15.0~dfsg/funcs/func_lock.c:273:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		current = ast_calloc(1, sizeof(*current) + strlen(lockname) + 1);
data/asterisk-16.15.0~dfsg/funcs/func_logic.c:231:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ast_str_make_space(str, len == 0 ? strlen(data) : len);
data/asterisk-16.15.0~dfsg/funcs/func_logic.c:251:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			char *s = ast_alloca(strlen(args.varname) + 4);
data/asterisk-16.15.0~dfsg/funcs/func_odbc.c:195:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncmp(object_left->name, right_key, strlen(right_key));
data/asterisk-16.15.0~dfsg/funcs/func_odbc.c:233:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	dsn = ao2_alloc(sizeof(*dsn) + strlen(name) + 1, dsn_destructor);
data/asterisk-16.15.0~dfsg/funcs/func_odbc.c:560:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ast_str_make_space(&buf, strlen(query->sql_write) * 2 + 300);
data/asterisk-16.15.0~dfsg/funcs/func_odbc.c:563:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ast_str_make_space(&insertbuf, strlen(query->sql_insert) * 2 + 300);
data/asterisk-16.15.0~dfsg/funcs/func_odbc.c:960:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			buflen = strlen(buf);
data/asterisk-16.15.0~dfsg/funcs/func_odbc.c:1425:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			int wordlen = strlen(a->word), which = 0;
data/asterisk-16.15.0~dfsg/funcs/func_odbc.c:1475:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ast_str_make_space(&sql, strlen(query->sql_read) * 2 + 300);
data/asterisk-16.15.0~dfsg/funcs/func_odbc.c:1641:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			int wordlen = strlen(a->word), which = 0;
data/asterisk-16.15.0~dfsg/funcs/func_odbc.c:1694:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ast_str_make_space(&sql, strlen(query->sql_write) * 2 + 300);
data/asterisk-16.15.0~dfsg/funcs/func_odbc.c:1859:2:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
	usleep(1);
data/asterisk-16.15.0~dfsg/funcs/func_pjsip_contact.c:132:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(aor_name, args.contact_name, aor_name_len);
data/asterisk-16.15.0~dfsg/funcs/func_presencestate.c:141:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			ast_base64encode(buf, (unsigned char *) subtype, strlen(subtype), len);
data/asterisk-16.15.0~dfsg/funcs/func_presencestate.c:147:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			ast_base64encode(buf, (unsigned char *) message, strlen(message), len);
data/asterisk-16.15.0~dfsg/funcs/func_presencestate.c:209:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t len = strlen("CustomPresence:");
data/asterisk-16.15.0~dfsg/funcs/func_presencestate.c:411:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen("CustomPresence:");
data/asterisk-16.15.0~dfsg/funcs/func_presencestate.c:801:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ast_base64encode(encoded_subtype, (unsigned char *) PRES_SUBTYPE, strlen(PRES_SUBTYPE), sizeof(encoded_subtype) - 1);
data/asterisk-16.15.0~dfsg/funcs/func_presencestate.c:802:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ast_base64encode(encoded_message, (unsigned char *) PRES_MESSAGE, strlen(PRES_MESSAGE), sizeof(encoded_message) - 1);
data/asterisk-16.15.0~dfsg/funcs/func_realtime.c:222:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		resultslen += strlen(var->name) + strlen(var->value);
data/asterisk-16.15.0~dfsg/funcs/func_realtime.c:222:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		resultslen += strlen(var->name) + strlen(var->value);
data/asterisk-16.15.0~dfsg/funcs/func_realtime.c:224:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	resultslen += n * (strlen(args.delim1) + strlen(args.delim2)) + 1;
data/asterisk-16.15.0~dfsg/funcs/func_realtime.c:224:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	resultslen += n * (strlen(args.delim1) + strlen(args.delim2)) + 1;
data/asterisk-16.15.0~dfsg/funcs/func_realtime.c:453:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			resultslen += strlen(var->name) + strlen(var->value);
data/asterisk-16.15.0~dfsg/funcs/func_realtime.c:453:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			resultslen += strlen(var->name) + strlen(var->value);
data/asterisk-16.15.0~dfsg/funcs/func_realtime.c:456:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		resultslen += n * (strlen(args.delim1) + strlen(args.delim2)) + 1;
data/asterisk-16.15.0~dfsg/funcs/func_realtime.c:456:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		resultslen += n * (strlen(args.delim1) + strlen(args.delim2)) + 1;
data/asterisk-16.15.0~dfsg/funcs/func_shell.c:61:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
				strncat(buf, plbuff, len - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/funcs/func_shell.c:61:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strncat(buf, plbuff, len - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/funcs/func_srv.c:100:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!(srds = ast_calloc(1, sizeof(*srds) + strlen(service)))) {
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:461:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		varsubst = ast_alloca(strlen(args.varname) + 4);
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:527:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		varsubst = ast_alloca(strlen(args.varname) + 4);
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:611:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	varsubst = ast_alloca(strlen(args.listname) + 4);
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:639:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	dlen = strlen(args.delimiter);
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:643:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((dlen = strlen(delim)) == 0) {
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:648:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	flen = strlen(args.fieldvalue);
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:823:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	varsubst = ast_alloca(strlen(args.varname) + 4);
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:841:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				memmove(strptr, strptr + 1, strlen(strptr + 1) + 1);
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:906:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	find_size = strlen(args.find_string);
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:909:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	varsubstr = ast_alloca(strlen(args.varname) + 4);
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:999:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int len = strlen(prefix);
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:1104:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	var_len = strlen(var_name);
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:1132:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
			strncat(buf, key, len - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:1132:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(buf, key, len - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:1134:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			buf[strlen(buf) - 1] = ',';
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:1138:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	buf_len = strlen(buf);
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:1242:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
			strncat(buf, varvalue, len - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:1242:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(buf, varvalue, len - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:1243:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant character.
			strncat(buf, ",", len - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:1243:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(buf, ",", len - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:1247:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		buf[strlen(buf) - 1] = '\0';
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:1349:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		length = strlen(data);
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:1524:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ast_str_make_space(buf, buflen > 0 ? buflen : strlen(data) + 1);
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:1553:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ast_str_make_space(buf, buflen > 0 ? buflen : strlen(data) + 1);
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:1591:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	varsubst = ast_alloca(strlen(args.var) + 4);
data/asterisk-16.15.0~dfsg/funcs/func_strings.c:1663:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	varsubst = ast_alloca(strlen(stripped_var) + 4);
data/asterisk-16.15.0~dfsg/include/asterisk/astmm.h:304:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size_t __len = strlen(__old) + 1;                         \
data/asterisk-16.15.0~dfsg/include/asterisk/astobj2.h:2069:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = partial_key_cmp(object_left->field, right_key, strlen(right_key)); \
data/asterisk-16.15.0~dfsg/include/asterisk/channel.h:713:30:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	struct ast_frame * (* const read)(struct ast_channel *chan);
data/asterisk-16.15.0~dfsg/include/asterisk/lock.h:336:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
		usleep(1); \
data/asterisk-16.15.0~dfsg/include/asterisk/lock.h:358:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
		usleep(1); \
data/asterisk-16.15.0~dfsg/include/asterisk/lock.h:380:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
		usleep(1); \
data/asterisk-16.15.0~dfsg/include/asterisk/lock.h:469:2:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
	usleep(1); \
data/asterisk-16.15.0~dfsg/include/asterisk/lock.h:474:2:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
	usleep(1); \
data/asterisk-16.15.0~dfsg/include/asterisk/lock.h:481:4:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
			usleep(1); \
data/asterisk-16.15.0~dfsg/include/asterisk/mod_format.h:74:23:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	struct ast_frame * (*read)(struct ast_filestream *, int *whennext);
data/asterisk-16.15.0~dfsg/include/asterisk/pbx.h:129:20:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	ast_acf_read_fn_t read;		/*!< Read function, if read is supported */
data/asterisk-16.15.0~dfsg/include/asterisk/res_fax.h:255:29:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	struct ast_frame *(* const read)(struct ast_fax_session *);
data/asterisk-16.15.0~dfsg/include/asterisk/rtp_engine.h:661:22:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	struct ast_frame *(*read)(struct ast_rtp_instance *instance, int rtcp);
data/asterisk-16.15.0~dfsg/include/asterisk/sched.h:51:4:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
			usleep(1); \
data/asterisk-16.15.0~dfsg/include/asterisk/sched.h:64:4:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
			usleep(1); \
data/asterisk-16.15.0~dfsg/include/asterisk/sched.h:84:4:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
			usleep(1); \
data/asterisk-16.15.0~dfsg/include/asterisk/sched.h:104:4:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
			usleep(1); \
data/asterisk-16.15.0~dfsg/include/asterisk/sched.h:118:4:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
			usleep(1); \
data/asterisk-16.15.0~dfsg/include/asterisk/sched.h:137:4:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
			usleep(1); \
data/asterisk-16.15.0~dfsg/include/asterisk/stringfields.h:483:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t __dlen__ = (__d__) ? strlen(__d__) + 1 : 1;                                         \
data/asterisk-16.15.0~dfsg/include/asterisk/strings.h:72:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define ast_strlen_real(a)	(a) ? strlen(a) : 0
data/asterisk-16.15.0~dfsg/include/asterisk/strings.h:119:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	str_len = strlen(str);
data/asterisk-16.15.0~dfsg/include/asterisk/strings.h:120:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	suffix_len = strlen(suffix);
data/asterisk-16.15.0~dfsg/include/asterisk/strings.h:170:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		work += strlen(work) - 1;
data/asterisk-16.15.0~dfsg/include/asterisk/strings.h:661:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	buf->__AST_STR_USED = strlen(buf->__AST_STR_STR);
data/asterisk-16.15.0~dfsg/include/asterisk/test.h:404:90:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			__ast_test_status_update(__FILE__, __PRETTY_FUNCTION__, __LINE__, (test), "%s: %s\n", strlen(#__VA_ARGS__) ? #__VA_ARGS__ : "Condition failed", #condition); \
data/asterisk-16.15.0~dfsg/main/alertpipe.c:110:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	if (read(alert_pipe[0], &tmp, sizeof(tmp)) < 0) {
data/asterisk-16.15.0~dfsg/main/alertpipe.c:145:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		bytes_read = read(alert_pipe[0], tmp, sizeof(tmp));
data/asterisk-16.15.0~dfsg/main/aoc.c:1462:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			strcat(prefix, "/");
data/asterisk-16.15.0~dfsg/main/aoc.c:1482:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			strcat(prefix, "/");
data/asterisk-16.15.0~dfsg/main/aoc.c:1491:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			strcat(prefix, "/");
data/asterisk-16.15.0~dfsg/main/app.c:163:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	for (x = strlen(collect); x < maxlen; ) {
data/asterisk-16.15.0~dfsg/main/app.c:331:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	args_len = strlen(macro_name) + strlen(macro_args) + 2;
data/asterisk-16.15.0~dfsg/main/app.c:331:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	args_len = strlen(macro_name) + strlen(macro_args) + 2;
data/asterisk-16.15.0~dfsg/main/app.c:412:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	args_len = strlen(sub_location) + strlen(sub_args) + 3;
data/asterisk-16.15.0~dfsg/main/app.c:412:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	args_len = strlen(sub_location) + strlen(sub_args) + 3;
data/asterisk-16.15.0~dfsg/main/app.c:832:2:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
	usleep(ms * 1000);
data/asterisk-16.15.0~dfsg/main/app.c:966:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	res = read(ls->fd, buf + AST_FRIENDLY_OFFSET/2, len);
data/asterisk-16.15.0~dfsg/main/app.c:1085:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		blen += strlen(stop);
data/asterisk-16.15.0~dfsg/main/app.c:1088:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		blen += strlen(suspend);
data/asterisk-16.15.0~dfsg/main/app.c:1091:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		blen += strlen(restart);
data/asterisk-16.15.0~dfsg/main/app.c:1570:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
		strncat(prependfile, "-prepend", sizeof(prependfile) - strlen(prependfile) - 1);
data/asterisk-16.15.0~dfsg/main/app.c:1570:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(prependfile, "-prepend", sizeof(prependfile) - strlen(prependfile) - 1);
data/asterisk-16.15.0~dfsg/main/app.c:1971:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = sizeof(*gi) + strlen(group) + 1;
data/asterisk-16.15.0~dfsg/main/app.c:1973:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len += strlen(category) + 1;
data/asterisk-16.15.0~dfsg/main/app.c:1993:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			gi->category = (char *) gi + sizeof(*gi) + strlen(group) + 1;
data/asterisk-16.15.0~dfsg/main/app.c:2159:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					memmove(scan, scan + 1, strlen(scan));
data/asterisk-16.15.0~dfsg/main/app.c:2165:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					memmove(scan, scan + 1, strlen(scan));
data/asterisk-16.15.0~dfsg/main/app.c:2192:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int lp = strlen(path);
data/asterisk-16.15.0~dfsg/main/app.c:2198:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	snprintf(fs, strlen(path) + 19, "%s/.lock-%08lx", path, (unsigned long)ast_random());
data/asterisk-16.15.0~dfsg/main/app.c:2206:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	snprintf(s, strlen(path) + 9, "%s/.lock", path);
data/asterisk-16.15.0~dfsg/main/app.c:2228:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	s = ast_alloca(strlen(path) + 10);
data/asterisk-16.15.0~dfsg/main/app.c:2230:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	snprintf(s, strlen(path) + 9, "%s/%s", path, ".lock");
data/asterisk-16.15.0~dfsg/main/app.c:2269:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	fs = ast_alloca(strlen(path) + 20);
data/asterisk-16.15.0~dfsg/main/app.c:2271:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	snprintf(fs, strlen(path) + 19, "%s/lock", path);
data/asterisk-16.15.0~dfsg/main/app.c:2312:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
		usleep(1000);
data/asterisk-16.15.0~dfsg/main/app.c:2350:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	s = ast_alloca(strlen(path) + 20);
data/asterisk-16.15.0~dfsg/main/app.c:2363:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		snprintf(s, strlen(path) + 19, "%s/lock", path);
data/asterisk-16.15.0~dfsg/main/app.c:2597:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if ((!strncasecmp(menu->options[x].option, option, strlen(option))) &&
data/asterisk-16.15.0~dfsg/main/app.c:2598:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				(menu->options[x].option[strlen(option)])) {
data/asterisk-16.15.0~dfsg/main/app.c:2611:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(exten) >= maxexten - 1) {
data/asterisk-16.15.0~dfsg/main/app.c:2617:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		exten[strlen(exten) + 1] = '\0';
data/asterisk-16.15.0~dfsg/main/app.c:2618:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		exten[strlen(exten)] = res;
data/asterisk-16.15.0~dfsg/main/app.c:2631:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
		strcpy(exten, "g");
data/asterisk-16.15.0~dfsg/main/app.c:2663:8:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
							strcpy(exten, "g");
data/asterisk-16.15.0~dfsg/main/app.c:2665:8:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
							strcpy(exten, "s");
data/asterisk-16.15.0~dfsg/main/app.c:2680:8:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
							strcpy(exten, "i");
data/asterisk-16.15.0~dfsg/main/app.c:2700:4:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
			strcpy(exten, "g");
data/asterisk-16.15.0~dfsg/main/app.c:2734:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		res = read(fd, output, count - 1);
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:1235:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#   define yystrlen strlen
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:2547:80:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	for (i = 0, isint = (isdigit(s[0]) || s[0] == '-' || s[0]=='.'); isint && i < strlen(s); i++)
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:2612:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if( vp->u.s[0] == '"' && vp->u.s[strlen(vp->u.s)-1] == '"' )
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:2701:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if( s[strlen(s)-1] == '\n' )
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:2702:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				s[strlen(s)-1] = 0;
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:2760:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				total_len += strlen(t->val->u.s);
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:2774:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			strcat(argbuf,",");
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:2785:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ast_log(LOG_NOTICE,"argbuf uses %d bytes;\n", (int) strlen(argbuf));
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:2791:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ( strspn(str,"-0123456789. 	") == strlen(str))
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:2800:71:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strspn(funcname->u.s,"ABCDEFGHIJKLMNOPQRSTUVWXYZ_0123456789") == strlen(funcname->u.s))
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:3057:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
				if (f->read) {
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:3060:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
					f->read(chan, funcname->u.s, argbuf, workspace, sizeof(workspace));
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:3229:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if( strlen(a->u.s) && strcmp(a->u.s, "\"\"") != 0 && strcmp(a->u.s,"0") != 0 )
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:3418:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				else if (strlen(a->u.s) == 1 && a->u.s[0] == '0' )
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:3432:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				else if (strlen(a->u.s) == 1 && a->u.s[0] == '0' )
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:3667:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	vs = malloc(strlen(a->u.s)+strlen(b->u.s)+1);
data/asterisk-16.15.0~dfsg/main/ast_expr2.c:3667:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	vs = malloc(strlen(a->u.s)+strlen(b->u.s)+1);
data/asterisk-16.15.0~dfsg/main/ast_expr2f.c:776:14:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			     (c = getc( yyin )) != EOF && c != '\n'; ++n ) \
data/asterisk-16.15.0~dfsg/main/ast_expr2f.c:1977:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return ast_yy_scan_bytes(yystr,strlen(yystr) ,yyscanner);
data/asterisk-16.15.0~dfsg/main/ast_expr2f.c:2420:4:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
			strcpy(buf, "0");
data/asterisk-16.15.0~dfsg/main/ast_expr2f.c:2432:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
				strncpy(buf, io.val->u.s, length - 1);
data/asterisk-16.15.0~dfsg/main/ast_expr2f.c:2438:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			return_value = strlen(buf);
data/asterisk-16.15.0~dfsg/main/ast_expr2f.c:2553:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if ( strncmp(p,expr2_token_equivs1[i],strlen(expr2_token_equivs1[i])) == 0 )
data/asterisk-16.15.0~dfsg/main/ast_expr2f.c:2555:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				len+=strlen(expr2_token_equivs2[i])+2;
data/asterisk-16.15.0~dfsg/main/ast_expr2f.c:2556:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				p += strlen(expr2_token_equivs1[i])-1;
data/asterisk-16.15.0~dfsg/main/ast_expr2f.c:2568:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if ( strncmp(p,expr2_token_equivs1[i],strlen(expr2_token_equivs1[i])) == 0 ) {
data/asterisk-16.15.0~dfsg/main/ast_expr2f.c:2574:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				p += strlen(expr2_token_equivs1[i]);
data/asterisk-16.15.0~dfsg/main/asterisk.c:1029:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return write(fd, s, strlen(s) + 1);
data/asterisk-16.15.0~dfsg/main/asterisk.c:1035:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return write(fd, s, strlen(s));
data/asterisk-16.15.0~dfsg/main/asterisk.c:1352:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	result = read(fd, buffer, size);
data/asterisk-16.15.0~dfsg/main/asterisk.c:1911:4:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
			usleep(100000);
data/asterisk-16.15.0~dfsg/main/asterisk.c:2657:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			num_read = read(STDIN_FILENO, &c, 1);
data/asterisk-16.15.0~dfsg/main/asterisk.c:2668:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			res = read(ast_consock, buf, sizeof(buf) - 1);
data/asterisk-16.15.0~dfsg/main/asterisk.c:2688:7:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
						usleep(1000000 / reconnects_per_second);
data/asterisk-16.15.0~dfsg/main/asterisk.c:2969:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			res = read(ast_consock, mbuf + mlen, 1024);
data/asterisk-16.15.0~dfsg/main/asterisk.c:3001:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				match_len = strlen(AST_VECTOR_GET(matches, i));
data/asterisk-16.15.0~dfsg/main/asterisk.c:3083:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(buf) > (MAX_HISTORY_COMMAND_LENGTH - 1)) {
data/asterisk-16.15.0~dfsg/main/asterisk.c:3162:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	if (read(ast_consock, buf, sizeof(buf) - 1) < 0) {
data/asterisk-16.15.0~dfsg/main/asterisk.c:3168:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		char *tmp = ast_alloca(strlen(data) + strlen(prefix) + 1);
data/asterisk-16.15.0~dfsg/main/asterisk.c:3168:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		char *tmp = ast_alloca(strlen(data) + strlen(prefix) + 1);
data/asterisk-16.15.0~dfsg/main/asterisk.c:3170:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (write(ast_consock, tmp, strlen(tmp) + 1) < 0) {
data/asterisk-16.15.0~dfsg/main/asterisk.c:3208:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			if (read(ast_consock, buffer, sizeof(buffer) - 1) <= 0) {
data/asterisk-16.15.0~dfsg/main/asterisk.c:3272:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (ebuf[strlen(ebuf)-1] == '\n')
data/asterisk-16.15.0~dfsg/main/asterisk.c:3273:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				ebuf[strlen(ebuf)-1] = '\0';
data/asterisk-16.15.0~dfsg/main/asterisk.c:3275:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				res = write(ast_consock, ebuf, strlen(ebuf) + 1);
data/asterisk-16.15.0~dfsg/main/asterisk.c:4232:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (buf[strlen(buf)-1] == '\n')
data/asterisk-16.15.0~dfsg/main/asterisk.c:4233:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					buf[strlen(buf)-1] = '\0';
data/asterisk-16.15.0~dfsg/main/astfd.c:67:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int dlen = sizeof(dst), slen = strlen(src);                \
data/asterisk-16.15.0~dfsg/main/astmm.c:231:2:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
	usleep(1);
data/asterisk-16.15.0~dfsg/main/astmm.c:615:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(s) + 1;
data/asterisk-16.15.0~dfsg/main/astobj2_container.c:964:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	reg = ao2_t_alloc_options(sizeof(*reg) + strlen(name), ao2_reg_destructor,
data/asterisk-16.15.0~dfsg/main/astobj2_container.c:1015:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	partial_key.len = strlen(a->word);
data/asterisk-16.15.0~dfsg/main/autoservice.c:123:4:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
			usleep(10000);
data/asterisk-16.15.0~dfsg/main/autoservice.c:314:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
		usleep(1000);
data/asterisk-16.15.0~dfsg/main/bridge.c:1399:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len += strlen(names[idx]);
data/asterisk-16.15.0~dfsg/main/bridge.c:3641:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncasecmp(hook_left->dtmf.code, right_key, strlen(right_key));
data/asterisk-16.15.0~dfsg/main/bridge.c:4098:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncmp(ast_channel_name(left), right_name, strlen(right_name));
data/asterisk-16.15.0~dfsg/main/bridge.c:5083:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncmp(bridge_left->uniqueid, right_key, strlen(right_key));
data/asterisk-16.15.0~dfsg/main/bridge.c:5115:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/main/bridge.c:5306:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/main/bridge.c:5371:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		chan = ast_channel_get_by_name_prefix(a->argv[3], strlen(a->argv[3]));
data/asterisk-16.15.0~dfsg/main/bridge.c:5449:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/main/bridge_after.c:430:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		remaining_size = remaining_size - strlen(current_pos);
data/asterisk-16.15.0~dfsg/main/bridge_after.c:431:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		current_pos += strlen(current_pos);
data/asterisk-16.15.0~dfsg/main/bridge_after.c:436:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		remaining_size = remaining_size - strlen(current_pos);
data/asterisk-16.15.0~dfsg/main/bridge_after.c:437:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		current_pos += strlen(current_pos);
data/asterisk-16.15.0~dfsg/main/bridge_after.c:440:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		remaining_size = remaining_size - strlen(current_pos);
data/asterisk-16.15.0~dfsg/main/bridge_after.c:441:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		current_pos += strlen(current_pos);
data/asterisk-16.15.0~dfsg/main/bridge_basic.c:166:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char missing_features[strlen(features) + 1];
data/asterisk-16.15.0~dfsg/main/bridge_basic.c:489:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len_name = strlen(pvt->app_name) + 1;
data/asterisk-16.15.0~dfsg/main/bridge_basic.c:490:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len_args = pvt->app_args_offset ? strlen(&pvt->app_name[pvt->app_args_offset]) + 1 : 0;
data/asterisk-16.15.0~dfsg/main/bridge_basic.c:491:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len_moh = pvt->moh_offset ? strlen(&pvt->app_name[pvt->moh_offset]) + 1 : 0;
data/asterisk-16.15.0~dfsg/main/bridge_basic.c:492:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len_feature = strlen(&pvt->app_name[pvt->feature_offset]) + 1;
data/asterisk-16.15.0~dfsg/main/bridge_basic.c:496:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len_activated = strlen(activated_name) + 1;
data/asterisk-16.15.0~dfsg/main/bridge_basic.c:547:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t len_name = strlen(app_name) + 1;
data/asterisk-16.15.0~dfsg/main/bridge_basic.c:548:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t len_args = ast_strlen_zero(app_args) ? 0 : strlen(app_args) + 1;
data/asterisk-16.15.0~dfsg/main/bridge_basic.c:549:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t len_moh = ast_strlen_zero(moh_class) ? 0 : strlen(moh_class) + 1;
data/asterisk-16.15.0~dfsg/main/bridge_basic.c:550:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t len_feature = strlen(feature_name) + 1;
data/asterisk-16.15.0~dfsg/main/bridge_channel.c:1170:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		datalen = strlen(moh_class) + 1;
data/asterisk-16.15.0~dfsg/main/bridge_channel.c:1285:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t len_name = strlen(app_name) + 1;
data/asterisk-16.15.0~dfsg/main/bridge_channel.c:1286:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t len_args = ast_strlen_zero(app_args) ? 0 : strlen(app_args) + 1;
data/asterisk-16.15.0~dfsg/main/bridge_channel.c:1287:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t len_moh = !moh_class ? 0 : strlen(moh_class) + 1;
data/asterisk-16.15.0~dfsg/main/bridge_channel.c:1378:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t len_name = strlen(playfile) + 1;
data/asterisk-16.15.0~dfsg/main/bridge_channel.c:1379:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t len_moh = !moh_class ? 0 : strlen(moh_class) + 1;
data/asterisk-16.15.0~dfsg/main/bridge_channel.c:1534:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t len_parkee_uuid = strlen(parkee_uuid) + 1;
data/asterisk-16.15.0~dfsg/main/bridge_channel.c:1535:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t len_parker_uuid = strlen(parker_uuid) + 1;
data/asterisk-16.15.0~dfsg/main/bridge_channel.c:1536:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t len_app_data = !app_data ? 0 : strlen(app_data) + 1;
data/asterisk-16.15.0~dfsg/main/bridge_channel.c:1658:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		BRIDGE_CHANNEL_ACTION_DTMF_STREAM, dtmf, strlen(dtmf) + 1);
data/asterisk-16.15.0~dfsg/main/bridge_channel.c:1754:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			bridge_channel, digit, strlen(bridge_channel->dtmf_hook_state.collected));
data/asterisk-16.15.0~dfsg/main/bridge_channel.c:1768:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	dtmf_len = strlen(bridge_channel->dtmf_hook_state.collected);
data/asterisk-16.15.0~dfsg/main/bridge_channel.c:1787:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		} else if (dtmf_len != strlen(hook->dtmf.code)) {
data/asterisk-16.15.0~dfsg/main/bridge_channel.c:1847:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			dtmf_len = strlen(bridge_channel->dtmf_hook_state.collected);
data/asterisk-16.15.0~dfsg/main/bridge_channel.c:2485:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
		usleep(1);
data/asterisk-16.15.0~dfsg/main/bucket.c:294:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	scheme = ao2_alloc(sizeof(*scheme) + strlen(name) + 1, NULL);
data/asterisk-16.15.0~dfsg/main/bucket.c:317:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int name_len = strlen(name) + 1, value_len = strlen(value) + 1;
data/asterisk-16.15.0~dfsg/main/bucket.c:317:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int name_len = strlen(name) + 1, value_len = strlen(value) + 1;
data/asterisk-16.15.0~dfsg/main/bucket.c:394:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncmp(str_left, str_right, strlen(str_right));
data/asterisk-16.15.0~dfsg/main/bucket.c:744:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	while ( (len = read(ifd, buf, sizeof(buf)) ) ) {
data/asterisk-16.15.0~dfsg/main/callerid.c:209:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(cidstring) < 2) {
data/asterisk-16.15.0~dfsg/main/callerid.c:233:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		for (i = 1; i < strlen(cidstring); i++) {
data/asterisk-16.15.0~dfsg/main/callerid.c:248:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		for (i = 0; i < strlen(cidstring); i++) {
data/asterisk-16.15.0~dfsg/main/callerid.c:705:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
					strcpy(cid->number, "");
data/asterisk-16.15.0~dfsg/main/callerid.c:708:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
					strcpy(cid->number, "");
data/asterisk-16.15.0~dfsg/main/callerid.c:712:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
					strcpy(cid->name, "");
data/asterisk-16.15.0~dfsg/main/callerid.c:715:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
					strcpy(cid->name, "");
data/asterisk-16.15.0~dfsg/main/callerid.c:769:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		i = strlen(number);
data/asterisk-16.15.0~dfsg/main/callerid.c:794:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		i = strlen(name);
data/asterisk-16.15.0~dfsg/main/callerid.c:925:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	sum = 0x80 + strlen(msg);
data/asterisk-16.15.0~dfsg/main/ccss.c:2254:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t device_name_len = strlen(device_name);
data/asterisk-16.15.0~dfsg/main/ccss.c:2561:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!(agent = ao2_t_alloc(sizeof(*agent) + strlen(caller_name), agent_destroy,
data/asterisk-16.15.0~dfsg/main/ccss.c:2751:87:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	struct ast_channel *recall_chan = ast_channel_get_by_name_prefix(agent->device_name, strlen(agent->device_name));
data/asterisk-16.15.0~dfsg/main/ccss.c:4557:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/main/cdr.c:881:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        cmp = strncmp(left->uniqueid, right_key, strlen(right_key));
data/asterisk-16.15.0~dfsg/main/cdr.c:939:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        cmp = strncasecmp(left->party_b_name, right_key, strlen(right_key));
data/asterisk-16.15.0~dfsg/main/cdr.c:3990:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int wordlen = strlen(a->word);
data/asterisk-16.15.0~dfsg/main/cel.c:765:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!(app_data = ast_malloc(strlen(record.application_name) + strlen(record.application_data) + 2))) {
data/asterisk-16.15.0~dfsg/main/cel.c:765:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!(app_data = ast_malloc(strlen(record.application_name) + strlen(record.application_data) + 2))) {
data/asterisk-16.15.0~dfsg/main/cel.c:772:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ast_channel_data_set(tchan, strcpy(app_data + strlen(record.application_name) + 1,
data/asterisk-16.15.0~dfsg/main/cel.c:802:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		lid = ao2_alloc_options(sizeof(*lid) + strlen(linkedid) + 1, NULL,
data/asterisk-16.15.0~dfsg/main/cel.c:1195:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	dialstatus_string_len = strlen(dialstatus_string) + 1;
data/asterisk-16.15.0~dfsg/main/cel.c:1761:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	backend = ao2_alloc_options(sizeof(*backend) + 1 + strlen(name), NULL,
data/asterisk-16.15.0~dfsg/main/channel.c:314:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	wordlen = strlen(a->word);
data/asterisk-16.15.0~dfsg/main/channel.c:350:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!strncasecmp(cl->tech->type, a->argv[3], strlen(cl->tech->type)))
data/asterisk-16.15.0~dfsg/main/channel.c:632:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!strncasecmp(causes[x].name, name, strlen(causes[x].name)))
data/asterisk-16.15.0~dfsg/main/channel.c:1233:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		f.datalen = strlen(musicclass) + 1;
data/asterisk-16.15.0~dfsg/main/channel.c:3756:64:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		} else if (ast_channel_tech(chan) && ast_channel_tech(chan)->read) {
data/asterisk-16.15.0~dfsg/main/channel.c:3757:32:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			f = ast_channel_tech(chan)->read(chan);
data/asterisk-16.15.0~dfsg/main/channel.c:4796:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size_t body_len = strlen(body);
data/asterisk-16.15.0~dfsg/main/channel.c:4950:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
		usleep(duration * 1000);
data/asterisk-16.15.0~dfsg/main/channel.c:5120:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
		usleep(1);
data/asterisk-16.15.0~dfsg/main/channel.c:6554:4:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
			usleep(1000);
data/asterisk-16.15.0~dfsg/main/channel.c:6609:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return ast_channel_sendhtml(chan, AST_HTML_URL, url, strlen(url) + 1);
data/asterisk-16.15.0~dfsg/main/channel.c:7247:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				len = strlen(latest_musicclass) + 1;
data/asterisk-16.15.0~dfsg/main/channel.c:7669:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(piece);
data/asterisk-16.15.0~dfsg/main/channel.c:7841:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!(mcv = ast_calloc(1, sizeof(*mcv) + strlen(var) + 1))) {
data/asterisk-16.15.0~dfsg/main/channel.c:8012:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
				strncat(buf, ", ", buflen - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/main/channel.c:8012:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strncat(buf, ", ", buflen - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/main/channel.c:8017:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
			strncat(buf, num, buflen - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/main/channel.c:8017:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(buf, num, buflen - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/main/channel.c:8312:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		length = strlen(name->str);
data/asterisk-16.15.0~dfsg/main/channel.c:8386:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		length = strlen(number->str);
data/asterisk-16.15.0~dfsg/main/channel.c:8460:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		length = strlen(subaddress->str);
data/asterisk-16.15.0~dfsg/main/channel.c:8573:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		length = strlen(id->tag);
data/asterisk-16.15.0~dfsg/main/channel.c:9206:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		length = strlen(reason->str);
data/asterisk-16.15.0~dfsg/main/chanvars.c:39:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int name_len = strlen(name) + 1;
data/asterisk-16.15.0~dfsg/main/chanvars.c:40:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int value_len = strlen(value) + 1;
data/asterisk-16.15.0~dfsg/main/cli.c:208:80:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strcasecmp(perm->command, "all") && strncasecmp(perm->command, command, strlen(perm->command))) {
data/asterisk-16.15.0~dfsg/main/cli.c:494:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			int mod_len = strlen(mod);
data/asterisk-16.15.0~dfsg/main/cli.c:530:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				ml = ast_calloc(1, sizeof(*ml) + strlen(mod) + 1);
data/asterisk-16.15.0~dfsg/main/cli.c:609:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (a->pos == 3 && !strncasecmp(argv3, "off", strlen(argv3))) {
data/asterisk-16.15.0~dfsg/main/cli.c:611:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				} else if (a->pos == 3 && !strncasecmp(argv3, "atleast", strlen(argv3))) {
data/asterisk-16.15.0~dfsg/main/cli.c:662:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (a->pos == 3 && !strncasecmp(argv3, "off", strlen(argv3))) {
data/asterisk-16.15.0~dfsg/main/cli.c:664:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				} else if (a->pos == 3 && !strncasecmp(argv3, "atleast", strlen(argv3))) {
data/asterisk-16.15.0~dfsg/main/cli.c:720:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (a->pos == 3 && !strncasecmp(argv3, "off", strlen(argv3))) {
data/asterisk-16.15.0~dfsg/main/cli.c:722:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				} else if (a->pos == 3 && !strncasecmp(argv3, "atleast", strlen(argv3))) {
data/asterisk-16.15.0~dfsg/main/cli.c:732:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (a->n == 0 && !strncasecmp(pos, "silent", strlen(pos))) {
data/asterisk-16.15.0~dfsg/main/cli.c:1341:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			return ast_cli_generator(a->line + strlen("cli check permissions") + strlen(a->argv[3]) + 1, a->word, a->n);
data/asterisk-16.15.0~dfsg/main/cli.c:1341:73:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			return ast_cli_generator(a->line + strlen("cli check permissions") + strlen(a->argv[3]) + 1, a->word, a->n);
data/asterisk-16.15.0~dfsg/main/cli.c:1426:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			matchlen = strlen(matches[x]) + 1;
data/asterisk-16.15.0~dfsg/main/cli.c:1550:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int offset = strncasecmp(argv4, "off", strlen(argv4)) ? 0 : 1;
data/asterisk-16.15.0~dfsg/main/cli.c:1819:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = ast_strlen_zero(word) ? 0 : strlen(word);
data/asterisk-16.15.0~dfsg/main/cli.c:1837:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int wordlen = strlen(word), which = 0;
data/asterisk-16.15.0~dfsg/main/cli.c:1942:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
		usleep(100);
data/asterisk-16.15.0~dfsg/main/cli.c:2245:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	l = strlen(cmd);
data/asterisk-16.15.0~dfsg/main/cli.c:2286:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	lw = strlen(word);
data/asterisk-16.15.0~dfsg/main/cli.c:2540:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(matchstr);
data/asterisk-16.15.0~dfsg/main/cli.c:2578:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int l = strlen(a->line);
data/asterisk-16.15.0~dfsg/main/cli.c:2780:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	max_equal = strlen(prevstr);
data/asterisk-16.15.0~dfsg/main/cli.c:2858:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	matchlen = strlen(matchstr);
data/asterisk-16.15.0~dfsg/main/cli.c:2860:3:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		strcat(matchstr, " "); /* XXX */
data/asterisk-16.15.0~dfsg/main/codec.c:106:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncmp(left->name, right_key, strlen(right_key));
data/asterisk-16.15.0~dfsg/main/config.c:291:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int name_len = strlen(name) + 1;
data/asterisk-16.15.0~dfsg/main/config.c:292:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int val_len = strlen(value) + 1;
data/asterisk-16.15.0~dfsg/main/config.c:293:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int fn_len = strlen(filename) + 1;
data/asterisk-16.15.0~dfsg/main/config.c:391:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int from_len = strlen(from_file);
data/asterisk-16.15.0~dfsg/main/config.c:392:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int to_len = strlen(to_file);
data/asterisk-16.15.0~dfsg/main/config.c:1568:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		sizeof(*cfmtime) + strlen(filename) + 1 + strlen(who_asked) + 1);
data/asterisk-16.15.0~dfsg/main/config.c:1568:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		sizeof(*cfmtime) + strlen(filename) + 1 + strlen(who_asked) + 1);
data/asterisk-16.15.0~dfsg/main/config.c:1574:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	dst += strlen(dst) + 1;
data/asterisk-16.15.0~dfsg/main/config.c:1719:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cfinclude = ast_calloc(1, sizeof(*cfinclude) + strlen(filename) + 1);
data/asterisk-16.15.0~dfsg/main/config.c:1913:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (*(c + strlen(c) - 1) == quote_char) {
data/asterisk-16.15.0~dfsg/main/config.c:1915:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				*(c + strlen(c) - 1) = '\0';
data/asterisk-16.15.0~dfsg/main/config.c:2212:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						if (strlen(buf) == sizeof(buf) - 1 && buf[sizeof(buf) - 2] != '\n') {
data/asterisk-16.15.0~dfsg/main/config.c:2215:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
								if (strlen(buf) != sizeof(buf) - 1 || buf[sizeof(buf) - 2] == '\n') {
data/asterisk-16.15.0~dfsg/main/config.c:2225:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
							size_t line_bytes = strlen(buf);
data/asterisk-16.15.0~dfsg/main/config.c:2251:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
							&& (ast_strlen_zero(buf) || strlen(buf) == strspn(buf," \t\n\r"))) {
data/asterisk-16.15.0~dfsg/main/config.c:2262:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
								memmove(comment_p - 1, comment_p, strlen(comment_p) + 1);
data/asterisk-16.15.0~dfsg/main/config.c:2285:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
										oldptr = process_buf + strlen(process_buf);
data/asterisk-16.15.0~dfsg/main/config.c:2291:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
										memmove(oldptr, new_buf, strlen(new_buf) + 1);
data/asterisk-16.15.0~dfsg/main/config.c:2775:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					int escaped_len = 2 * strlen(var->value) + 1;
data/asterisk-16.15.0~dfsg/main/config.c:2878:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	length += strlen(name) + 1;
data/asterisk-16.15.0~dfsg/main/config.c:2879:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	length += strlen(driver) + 1;
data/asterisk-16.15.0~dfsg/main/config.c:2880:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	length += strlen(database) + 1;
data/asterisk-16.15.0~dfsg/main/config.c:2882:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		length += strlen(table) + 1;
data/asterisk-16.15.0~dfsg/main/config.c:2889:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	dst += strlen(dst) + 1;
data/asterisk-16.15.0~dfsg/main/config.c:2891:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	dst += strlen(dst) + 1;
data/asterisk-16.15.0~dfsg/main/config.c:2894:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		dst += strlen(dst) + 1;
data/asterisk-16.15.0~dfsg/main/config.c:3631:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			memmove(chunk + 1, chunk + 3, strlen(chunk + 3) + 1);
data/asterisk-16.15.0~dfsg/main/config.c:3973:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		wordlen = strlen(a->word);
data/asterisk-16.15.0~dfsg/main/config.c:4008:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			char *buf = ast_alloca(strlen("module reload ") + strlen(cfmtime->who_asked) + 1);
data/asterisk-16.15.0~dfsg/main/config.c:4008:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			char *buf = ast_alloca(strlen("module reload ") + strlen(cfmtime->who_asked) + 1);
data/asterisk-16.15.0~dfsg/main/config_options.c:381:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		return strncasecmp(name, match->name, strlen(match->name)) ? 0 : CMP_MATCH | CMP_STOP;
data/asterisk-16.15.0~dfsg/main/config_options.c:967:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/main/config_options.c:991:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/main/config_options.c:1018:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/main/core_unreal.c:749:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	f.datalen = strlen(text) + 1;
data/asterisk-16.15.0~dfsg/main/core_unreal.c:1091:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		uniqueid2 = ast_alloca(strlen(id1.uniqueid) + 3);
data/asterisk-16.15.0~dfsg/main/db.c:244:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!(dbname = ast_alloca(strlen(ast_config_AST_DB) + sizeof(".sqlite3")))) {
data/asterisk-16.15.0~dfsg/main/db.c:333:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(family) + strlen(key) + 2 > sizeof(fullkey) - 1) {
data/asterisk-16.15.0~dfsg/main/db.c:333:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(family) + strlen(key) + 2 > sizeof(fullkey) - 1) {
data/asterisk-16.15.0~dfsg/main/db.c:380:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(family) + strlen(key) + 2 > sizeof(fullkey) - 1) {
data/asterisk-16.15.0~dfsg/main/db.c:380:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(family) + strlen(key) + 2 > sizeof(fullkey) - 1) {
data/asterisk-16.15.0~dfsg/main/db.c:435:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(family) + strlen(key) + 2 > sizeof(fullkey) - 1) {
data/asterisk-16.15.0~dfsg/main/db.c:435:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(family) + strlen(key) + 2 > sizeof(fullkey) - 1) {
data/asterisk-16.15.0~dfsg/main/db.c:507:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		key_len = strlen(key);
data/asterisk-16.15.0~dfsg/main/db.c:508:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		value_len = strlen(value);
data/asterisk-16.15.0~dfsg/main/devicestate.c:295:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!(chan = ast_channel_get_by_name_prefix(match, strlen(match)))) {
data/asterisk-16.15.0~dfsg/main/devicestate.c:493:94:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	} else if (change_thread == AST_PTHREADT_NULL || !(change = ast_calloc(1, sizeof(*change) + strlen(device)))) {
data/asterisk-16.15.0~dfsg/main/devicestate.c:555:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	stuff_len = strlen(device) + 1;
data/asterisk-16.15.0~dfsg/main/dns_core.c:222:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	query = ao2_alloc_options(sizeof(*query) + strlen(name) + 1, dns_query_destroy, AO2_ALLOC_OPT_LOCK_NOLOCK);
data/asterisk-16.15.0~dfsg/main/dns_core.c:481:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	query->result = ast_calloc(1, sizeof(*query->result) + strlen(canonical) + 1 + answer_size);
data/asterisk-16.15.0~dfsg/main/dns_core.c:494:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	buf_ptr += strlen(canonical) + 1;
data/asterisk-16.15.0~dfsg/main/dns_naptr.c:487:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		+ regexp_size + 1 + strlen(replacement) + 1;
data/asterisk-16.15.0~dfsg/main/dns_naptr.c:499:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(ptr, flags, flags_size);
data/asterisk-16.15.0~dfsg/main/dns_naptr.c:504:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(ptr, services, services_size);
data/asterisk-16.15.0~dfsg/main/dns_naptr.c:509:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(ptr, regexp, regexp_size);
data/asterisk-16.15.0~dfsg/main/dns_recurring.c:117:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	recurring = ao2_alloc(sizeof(*recurring) + strlen(name) + 1, dns_query_recurring_destroy);
data/asterisk-16.15.0~dfsg/main/dns_srv.c:93:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	host_len = strlen(host) + 1;
data/asterisk-16.15.0~dfsg/main/dns_test.c:165:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t actual_len = strlen(string->val);
data/asterisk-16.15.0~dfsg/main/dns_test.c:173:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		memcpy(&buf[1], string->val, strlen(string->val));
data/asterisk-16.15.0~dfsg/main/dns_test.c:212:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		dns_str.len = strlen(part);
data/asterisk-16.15.0~dfsg/main/dnsmgr.c:109:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int total_size = sizeof(*entry) + strlen(name) + (service ? strlen(service) + 1 : 0);
data/asterisk-16.15.0~dfsg/main/dnsmgr.c:109:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int total_size = sizeof(*entry) + strlen(name) + (service ? strlen(service) + 1 : 0);
data/asterisk-16.15.0~dfsg/main/dnsmgr.c:119:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		entry->service = ((char *) entry) + sizeof(*entry) + strlen(name);
data/asterisk-16.15.0~dfsg/main/dnsmgr.c:265:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
		usleep((ast_sched_wait(sched)*1000));
data/asterisk-16.15.0~dfsg/main/enum.c:121:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!number || (strlen(number) < 3)) {
data/asterisk-16.15.0~dfsg/main/enum.c:125:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(digits, number, 2);
data/asterisk-16.15.0~dfsg/main/enum.c:212:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (sizeof(domain) < (strlen(cc) * 2 + strlen(ienum_branchlabel) + strlen(suffix) + 2)) {
data/asterisk-16.15.0~dfsg/main/enum.c:212:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (sizeof(domain) < (strlen(cc) * 2 + strlen(ienum_branchlabel) + strlen(suffix) + 2)) {
data/asterisk-16.15.0~dfsg/main/enum.c:212:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (sizeof(domain) < (strlen(cc) * 2 + strlen(ienum_branchlabel) + strlen(suffix) + 2)) {
data/asterisk-16.15.0~dfsg/main/enum.c:221:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	for (p2 = (char *) cc + strlen(cc) - 1; p2 >= cc; p2--) {
data/asterisk-16.15.0~dfsg/main/enum.c:341:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (sizeof(domain) < (strlen(cc) * 2 + strlen(ienum_branchlabel) + strlen(suffix) + 2)) {
data/asterisk-16.15.0~dfsg/main/enum.c:341:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (sizeof(domain) < (strlen(cc) * 2 + strlen(ienum_branchlabel) + strlen(suffix) + 2)) {
data/asterisk-16.15.0~dfsg/main/enum.c:341:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (sizeof(domain) < (strlen(cc) * 2 + strlen(ienum_branchlabel) + strlen(suffix) + 2)) {
data/asterisk-16.15.0~dfsg/main/enum.c:350:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	for (p2 = (char *) cc + strlen(cc) - 1; p2 >= cc; p2--) {
data/asterisk-16.15.0~dfsg/main/enum.c:489:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	regexp_len = strlen(regexp);
data/asterisk-16.15.0~dfsg/main/enum.c:567:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if ((strlen((char *) naptrinput) >= pmatch[matchindex].rm_eo) && (pmatch[matchindex].rm_so <= pmatch[matchindex].rm_eo)) {
data/asterisk-16.15.0~dfsg/main/enum.c:766:3:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		strcat(middle, ".");
data/asterisk-16.15.0~dfsg/main/enum.c:772:3:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		strcat(middle, ".");
data/asterisk-16.15.0~dfsg/main/enum.c:812:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (sdl > strlen(number)) {	/* Number too short for this sdl? */
data/asterisk-16.15.0~dfsg/main/enum.c:821:3:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		strcat(middle, ".");
data/asterisk-16.15.0~dfsg/main/enum.c:825:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if ((sdl * 2 + strlen(middle) + 2) > sizeof(middle)) {
data/asterisk-16.15.0~dfsg/main/enum.c:831:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		p1 = middle + strlen(middle);
data/asterisk-16.15.0~dfsg/main/enum.c:843:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(left) * 2 + 2 > sizeof(domain)) {
data/asterisk-16.15.0~dfsg/main/enum.c:851:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	for (p2 = left + strlen(left); p2 >= left; p2--) {
data/asterisk-16.15.0~dfsg/main/enum.c:866:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	spaceleft -= strlen(domain);
data/asterisk-16.15.0~dfsg/main/enum.c:869:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(tmp, middle, spaceleft);
data/asterisk-16.15.0~dfsg/main/enum.c:870:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		spaceleft -= strlen(middle);
data/asterisk-16.15.0~dfsg/main/enum.c:873:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(tmp,apex,spaceleft);
data/asterisk-16.15.0~dfsg/main/enum.c:884:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
		strcpy(dst, "0");
data/asterisk-16.15.0~dfsg/main/enum.c:959:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t number_length = strlen(number);
data/asterisk-16.15.0~dfsg/main/enum.c:966:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	suffix_length = strlen(suffix);
data/asterisk-16.15.0~dfsg/main/event.c:351:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	payload_len = sizeof(*str_payload) + strlen(str);
data/asterisk-16.15.0~dfsg/main/features.c:776:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	chana = ast_channel_get_by_name_prefix(channela, strlen(channela));
data/asterisk-16.15.0~dfsg/main/features.c:792:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	chanb = ast_channel_get_by_name_prefix(channelb, strlen(channelb));
data/asterisk-16.15.0~dfsg/main/features.c:1031:4:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strlen(args.dest_chan));
data/asterisk-16.15.0~dfsg/main/features_config.c:428:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		return strncasecmp(item1->name, key2, strlen(key2));
data/asterisk-16.15.0~dfsg/main/features_config.c:470:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		return strncasecmp(item1->appmap_item_name, key2, strlen(key2));
data/asterisk-16.15.0~dfsg/main/features_config.c:520:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		return strncasecmp(group1->name, key2, strlen(key2)) ? 0 : CMP_MATCH;
data/asterisk-16.15.0~dfsg/main/file.c:285:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	while ( (len = read(ifd, buf, sizeof(buf)) ) ) {
data/asterisk-16.15.0~dfsg/main/file.c:523:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		char storage[strlen(f->exts) + 1];
data/asterisk-16.15.0~dfsg/main/file.c:780:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	buflen = strlen(preflang) + strlen(filename) + 4;
data/asterisk-16.15.0~dfsg/main/file.c:780:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	buflen = strlen(preflang) + strlen(filename) + 4;
data/asterisk-16.15.0~dfsg/main/file.c:825:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	buflen = strlen(preflang) + strlen(filename) + 4;
data/asterisk-16.15.0~dfsg/main/file.c:825:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	buflen = strlen(preflang) + strlen(filename) + 4;
data/asterisk-16.15.0~dfsg/main/file.c:882:21:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	if (!(fr = s->fmt->read(s, whennext))) {
data/asterisk-16.15.0~dfsg/main/file.c:1093:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	buflen = strlen(preflang) + strlen(filename) + 4;	/* room for everything */
data/asterisk-16.15.0~dfsg/main/file.c:1093:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	buflen = strlen(preflang) + strlen(filename) + 4;	/* room for everything */
data/asterisk-16.15.0~dfsg/main/file.c:1157:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			full_path = ast_malloc(strlen(path) + strlen(entry->d_name) + 2);
data/asterisk-16.15.0~dfsg/main/file.c:1157:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			full_path = ast_malloc(strlen(path) + strlen(entry->d_name) + 2);
data/asterisk-16.15.0~dfsg/main/file.c:1195:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				full_path = ast_malloc(strlen(path) + strlen(entry->d_name) + 2);
data/asterisk-16.15.0~dfsg/main/file.c:1195:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				full_path = ast_malloc(strlen(path) + strlen(entry->d_name) + 2);
data/asterisk-16.15.0~dfsg/main/file.c:1425:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			size = strlen(fn) + strlen(record_cache_dir) + 2;
data/asterisk-16.15.0~dfsg/main/file.c:1425:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			size = strlen(fn) + strlen(record_cache_dir) + 2;
data/asterisk-16.15.0~dfsg/main/file.c:1428:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			strcat(buf, "/");
data/asterisk-16.15.0~dfsg/main/file.c:1520:14:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			eoftest = fgetc(ast_channel_stream(c)->f);
data/asterisk-16.15.0~dfsg/main/file.c:1833:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int len = strlen(fmts) + 1;
data/asterisk-16.15.0~dfsg/main/format.c:107:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	format_interface = ao2_alloc_options(sizeof(*format_interface) + strlen(codec) + 1,
data/asterisk-16.15.0~dfsg/main/format_cache.c:311:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncasecmp(ast_format_get_name(left), right_key, strlen(right_key));
data/asterisk-16.15.0~dfsg/main/format_cap.c:335:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (parse[0] == '(' && parse[strlen(parse) - 1] == ')') {
data/asterisk-16.15.0~dfsg/main/format_cap.c:337:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		parse[strlen(parse) - 1] = '\0';
data/asterisk-16.15.0~dfsg/main/frame.c:314:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		srclen = strlen(f->src);
data/asterisk-16.15.0~dfsg/main/http.c:293:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((len = strlen(uri) + strlen(ast_config_AST_DATA_DIR) + strlen("/static-http/") + 5) > 1024) {
data/asterisk-16.15.0~dfsg/main/http.c:293:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((len = strlen(uri) + strlen(ast_config_AST_DATA_DIR) + strlen("/static-http/") + 5) > 1024) {
data/asterisk-16.15.0~dfsg/main/http.c:293:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((len = strlen(uri) + strlen(ast_config_AST_DATA_DIR) + strlen("/static-http/") + 5) > 1024) {
data/asterisk-16.15.0~dfsg/main/http.c:546:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		while ((len = read(fd, buf, sizeof(buf))) > 0) {
data/asterisk-16.15.0~dfsg/main/http.c:676:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int len = strlen(urih->uri);
data/asterisk-16.15.0~dfsg/main/http.c:682:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ( AST_RWLIST_EMPTY(&uris) || strlen(AST_RWLIST_FIRST(&uris)->uri) <= len ) {
data/asterisk-16.15.0~dfsg/main/http.c:690:4:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strlen(AST_RWLIST_NEXT(uri, entry)->uri) <= len) {
data/asterisk-16.15.0~dfsg/main/http.c:772:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size = param ? param - content_type : strlen(content_type);
data/asterisk-16.15.0~dfsg/main/http.c:1051:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	length = chunked_atoh(header_line, strlen(header_line));
data/asterisk-16.15.0~dfsg/main/http.c:1459:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	l = strlen(prefix);
data/asterisk-16.15.0~dfsg/main/http.c:1465:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			l = strlen(urih->uri);
data/asterisk-16.15.0~dfsg/main/http.c:1556:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	userid_len = strlen(userid) + 1;
data/asterisk-16.15.0~dfsg/main/http.c:1557:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	password_len = strlen(password) + 1;
data/asterisk-16.15.0~dfsg/main/http.c:1639:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t size = strlen(version);
data/asterisk-16.15.0~dfsg/main/http.c:1662:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char *buf = ast_malloc(strlen(s) + 1);
data/asterisk-16.15.0~dfsg/main/http.c:2041:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	target_len = strlen(target) + 1;
data/asterisk-16.15.0~dfsg/main/http.c:2042:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	dest_len = strlen(dest) + 1;
data/asterisk-16.15.0~dfsg/main/http.c:2056:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		|| strlen(AST_RWLIST_FIRST(&uri_redirects)->target) <= target_len ) {
data/asterisk-16.15.0~dfsg/main/http.c:2065:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			&& strlen(AST_RWLIST_NEXT(cur, entry)->target) <= target_len ) {
data/asterisk-16.15.0~dfsg/main/indications.c:641:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	wordlen = strlen(a->word);
data/asterisk-16.15.0~dfsg/main/indications.c:739:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	wordlen = strlen(a->word);
data/asterisk-16.15.0~dfsg/main/iostream.c:248:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		res = read(stream->fd, buf, size);
data/asterisk-16.15.0~dfsg/main/json.c:230:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return str ? ast_json_utf8_check_len(str, strlen(str)) : 0;
data/asterisk-16.15.0~dfsg/main/json.c:541:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(error->text, text, sizeof(error->text));
data/asterisk-16.15.0~dfsg/main/json.c:542:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(error->source, source, sizeof(error->text));
data/asterisk-16.15.0~dfsg/main/loader.c:172:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	new_entry = ao2_alloc(sizeof(*new_entry) + strlen(name) + 1, NULL);
data/asterisk-16.15.0~dfsg/main/loader.c:197:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(resource);
data/asterisk-16.15.0~dfsg/main/loader.c:662:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		mod = ast_std_calloc(1, sizeof(*mod) + strlen(info->name) + 1);
data/asterisk-16.15.0~dfsg/main/loader.c:904:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	MD5Update(&c, key, strlen((char *)key));
data/asterisk-16.15.0~dfsg/main/loader.c:917:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t len = strlen(name);
data/asterisk-16.15.0~dfsg/main/loader.c:1075:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	mod = ast_calloc(1, sizeof(*mod) + strlen(resource_in) + strlen(so_ext) + 1);
data/asterisk-16.15.0~dfsg/main/loader.c:1075:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	mod = ast_calloc(1, sizeof(*mod) + strlen(resource_in) + strlen(so_ext) + 1);
data/asterisk-16.15.0~dfsg/main/loader.c:1157:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t resource_in_len = strlen(resource_in);
data/asterisk-16.15.0~dfsg/main/loader.c:1363:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		.len = strlen(word),
data/asterisk-16.15.0~dfsg/main/loader.c:1364:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		.moddir_len = strlen(ast_config_AST_MODULE_DIR),
data/asterisk-16.15.0~dfsg/main/loader.c:1376:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/main/loader.c:1456:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		item = ast_calloc(1, sizeof(*item) + strlen(module) + 1);
data/asterisk-16.15.0~dfsg/main/loader.c:2232:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!strncasecmp(v->name, "preload", strlen("preload"))) {
data/asterisk-16.15.0~dfsg/main/loader.c:2271:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				int ld = strlen(dirent->d_name);
data/asterisk-16.15.0~dfsg/main/lock.c:315:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
				usleep(200);
data/asterisk-16.15.0~dfsg/main/lock.c:874:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
				usleep(200);
data/asterisk-16.15.0~dfsg/main/lock.c:972:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
				usleep(200);
data/asterisk-16.15.0~dfsg/main/lock.c:1057:4:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
			usleep(1);
data/asterisk-16.15.0~dfsg/main/lock.c:1139:4:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
			usleep(1);
data/asterisk-16.15.0~dfsg/main/logger.c:297:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	json_str_len = strlen(str);
data/asterisk-16.15.0~dfsg/main/logger.c:326:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!strncmp(logmsg->message, VERBOSE_PREFIX_4, strlen(VERBOSE_PREFIX_4))) {
data/asterisk-16.15.0~dfsg/main/logger.c:328:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		} else if (!strncmp(logmsg->message, VERBOSE_PREFIX_3, strlen(VERBOSE_PREFIX_3))) {
data/asterisk-16.15.0~dfsg/main/logger.c:330:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		} else if (!strncmp(logmsg->message, VERBOSE_PREFIX_2, strlen(VERBOSE_PREFIX_2))) {
data/asterisk-16.15.0~dfsg/main/logger.c:332:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		} else if (!strncmp(logmsg->message, VERBOSE_PREFIX_1, strlen(VERBOSE_PREFIX_1))) {
data/asterisk-16.15.0~dfsg/main/logger.c:623:73:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (ast_strlen_zero(channel) || !(chan = ast_calloc(1, sizeof(*chan) + strlen(components) + 1)))
data/asterisk-16.15.0~dfsg/main/logger.c:896:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				"data1", RQ_CHAR, strlen(S_OR(args.data[0], "")),
data/asterisk-16.15.0~dfsg/main/logger.c:897:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				"data2", RQ_CHAR, strlen(S_OR(args.data[1], "")),
data/asterisk-16.15.0~dfsg/main/logger.c:898:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				"data3", RQ_CHAR, strlen(S_OR(args.data[2], "")),
data/asterisk-16.15.0~dfsg/main/logger.c:899:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				"data4", RQ_CHAR, strlen(S_OR(args.data[3], "")),
data/asterisk-16.15.0~dfsg/main/logger.c:900:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				"data5", RQ_CHAR, strlen(S_OR(args.data[4], "")),
data/asterisk-16.15.0~dfsg/main/logger.c:1500:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				|| !strncmp(a->argv[3], chan->filename, strlen(a->argv[3])))) {
data/asterisk-16.15.0~dfsg/main/logger_category.c:81:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	category = ast_calloc(1, sizeof(*category) + strlen(name) + 1);
data/asterisk-16.15.0~dfsg/main/logger_category.c:199:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/main/logger_category.c:216:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (!strncasecmp(category->name, argv[j], strlen(category->name))) {
data/asterisk-16.15.0~dfsg/main/manager.c:2360:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		l = strlen(a->word);
data/asterisk-16.15.0~dfsg/main/manager.c:2513:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		l = strlen(a->word);
data/asterisk-16.15.0~dfsg/main/manager.c:2632:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int incoming_len = strlen(cur->action);
data/asterisk-16.15.0~dfsg/main/manager.c:2785:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int x, l = strlen(var);
data/asterisk-16.15.0~dfsg/main/manager.c:2921:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	varlen = strlen(var_hdr);
data/asterisk-16.15.0~dfsg/main/manager.c:2960:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	curlen = strlen(src);
data/asterisk-16.15.0~dfsg/main/manager.c:3042:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(string);
data/asterisk-16.15.0~dfsg/main/manager.c:3537:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			MD5Update(&md5, (unsigned char *) s->session->challenge, strlen(s->session->challenge));
data/asterisk-16.15.0~dfsg/main/manager.c:3538:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			MD5Update(&md5, (unsigned char *) user->secret, strlen(user->secret));
data/asterisk-16.15.0~dfsg/main/manager.c:3745:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	buf = ast_alloca(2 * strlen(str) + 1);
data/asterisk-16.15.0~dfsg/main/manager.c:3873:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			char copy[strlen(options) + 1];
data/asterisk-16.15.0~dfsg/main/manager.c:4522:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	regex_string = ast_str_create(strlen(name_or_regex));
data/asterisk-16.15.0~dfsg/main/manager.c:4637:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (varname[strlen(varname) - 1] == ')') {
data/asterisk-16.15.0~dfsg/main/manager.c:4704:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (vars[i][strlen(vars[i]) - 1] == ')') {
data/asterisk-16.15.0~dfsg/main/manager.c:4899:3:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strlen(body) + 1, AST_FRAME_READ_ACTION_SEND_TEXT);
data/asterisk-16.15.0~dfsg/main/manager.c:5341:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	if (read(fd, buf, len) < 0) {
data/asterisk-16.15.0~dfsg/main/manager.c:5553:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		chan = ast_channel_get_by_name_prefix(pchannel, strlen(pchannel));
data/asterisk-16.15.0~dfsg/main/manager.c:5761:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((assignedids.uniqueid && AST_MAX_PUBLIC_UNIQUEID < strlen(assignedids.uniqueid))
data/asterisk-16.15.0~dfsg/main/manager.c:5762:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		|| (assignedids.uniqueid2 && AST_MAX_PUBLIC_UNIQUEID < strlen(assignedids.uniqueid2))) {
data/asterisk-16.15.0~dfsg/main/manager.c:6264:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strncasecmp("UserEvent:", m->headers[x], strlen("UserEvent:")) &&
data/asterisk-16.15.0~dfsg/main/manager.c:6265:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strncasecmp("Action:", m->headers[x], strlen("Action:"))) {
data/asterisk-16.15.0~dfsg/main/manager.c:6488:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cut = filename + strlen(filename);
data/asterisk-16.15.0~dfsg/main/manager.c:6490:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	snprintf(cut, (sizeof(filename) - strlen(filename)) - 1, ".so");
data/asterisk-16.15.0~dfsg/main/manager.c:6516:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!loadtype || strlen(loadtype) == 0) {
data/asterisk-16.15.0~dfsg/main/manager.c:6519:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((!module || strlen(module) == 0) && strcasecmp(loadtype, "reload") != 0) {
data/asterisk-16.15.0~dfsg/main/manager.c:7075:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	struct eventqent *tmp = ast_malloc(sizeof(*tmp) + strlen(str));
data/asterisk-16.15.0~dfsg/main/manager.c:8236:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strncasecmp(d.response, resp_hash, strlen(resp_hash))) {
data/asterisk-16.15.0~dfsg/main/manager.c:8862:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		length = strlen(a->word);
data/asterisk-16.15.0~dfsg/main/media_cache.c:521:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/main/media_index.c:64:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t str_sz = strlen(variant_str) + 1;
data/asterisk-16.15.0~dfsg/main/media_index.c:113:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t name_sz = strlen(name) + 1;
data/asterisk-16.15.0~dfsg/main/media_index.c:164:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t base_dir_sz = strlen(base_dir) + 1;
data/asterisk-16.15.0~dfsg/main/media_index.c:422:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(buf) == sizeof(buf) - 1 && buf[sizeof(buf) - 1] != '\n') {
data/asterisk-16.15.0~dfsg/main/media_index.c:425:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (strlen(buf) != sizeof(buf) - 1 || buf[sizeof(buf) - 1] == '\n') {
data/asterisk-16.15.0~dfsg/main/media_index.c:541:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	match_len = strlen(subdirs) + strlen(filename) + 2;
data/asterisk-16.15.0~dfsg/main/media_index.c:541:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	match_len = strlen(subdirs) + strlen(filename) + 2;
data/asterisk-16.15.0~dfsg/main/media_index.c:594:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t dirname_len = strlen(index->base_dir) + strlen(S_OR(variant, "")) + 1;
data/asterisk-16.15.0~dfsg/main/media_index.c:594:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t dirname_len = strlen(index->base_dir) + strlen(S_OR(variant, "")) + 1;
data/asterisk-16.15.0~dfsg/main/media_index.c:597:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		.search_filename_len = strlen(S_OR(filename, "")),
data/asterisk-16.15.0~dfsg/main/message.c:1406:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len += (strlen(attributes[i].value) + 1);
data/asterisk-16.15.0~dfsg/main/message.c:1423:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = (strlen(attributes[i].value) + 1);
data/asterisk-16.15.0~dfsg/main/named_acl.c:494:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		length = strlen(a->word);
data/asterisk-16.15.0~dfsg/main/named_locks.c:75:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int keylen = strlen(keyspace) + strlen(key) + 2;
data/asterisk-16.15.0~dfsg/main/named_locks.c:75:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int keylen = strlen(keyspace) + strlen(key) + 2;
data/asterisk-16.15.0~dfsg/main/optional_api.c:97:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t size = sizeof(*user) + strlen(module) + 1;
data/asterisk-16.15.0~dfsg/main/optional_api.c:138:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	api = ast_calloc(1, sizeof(*api) + strlen(symname) + 1);
data/asterisk-16.15.0~dfsg/main/pbx.c:440:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncmp(left->hintdevice, right_key, strlen(right_key));
data/asterisk-16.15.0~dfsg/main/pbx.c:493:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncmp(left->context, right_key, strlen(right_key));
data/asterisk-16.15.0~dfsg/main/pbx.c:574:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		devicelength = strlen(cur);
data/asterisk-16.15.0~dfsg/main/pbx.c:842:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
		usleep(500000);
data/asterisk-16.15.0~dfsg/main/pbx.c:902:6:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
					usleep(500000);
data/asterisk-16.15.0~dfsg/main/pbx.c:961:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
				usleep(500000);
data/asterisk-16.15.0~dfsg/main/pbx.c:1091:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(node->x) > 1) {
data/asterisk-16.15.0~dfsg/main/pbx.c:1122:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(node->x) > 1) {
data/asterisk-16.15.0~dfsg/main/pbx.c:1463:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!(m = ast_calloc(1, sizeof(*m) + strlen(pattern->buf)))) {
data/asterisk-16.15.0~dfsg/main/pbx.c:1597:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			length = strlen(node->buf);
data/asterisk-16.15.0~dfsg/main/pbx.c:1615:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			length = strlen(node->buf);
data/asterisk-16.15.0~dfsg/main/pbx.c:1671:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (sizeof(extenbuf) < strlen(e1->exten) + strlen(e1->cidmatch) + 2) {
data/asterisk-16.15.0~dfsg/main/pbx.c:1671:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (sizeof(extenbuf) < strlen(e1->exten) + strlen(e1->cidmatch) + 2) {
data/asterisk-16.15.0~dfsg/main/pbx.c:3098:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			obj = ao2_alloc_options(sizeof(*obj) + strlen(cur), device_state_info_dt, AO2_ALLOC_OPT_LOCK_NOLOCK);
data/asterisk-16.15.0~dfsg/main/pbx.c:3338:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		chan_iter = ast_channel_iterator_by_name_new(match, strlen(match));
data/asterisk-16.15.0~dfsg/main/pbx.c:3645:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	cmpdevice = ast_alloca(sizeof(*cmpdevice) + strlen(dev_state->device));
data/asterisk-16.15.0~dfsg/main/pbx.c:4438:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					pos = strlen(dst_exten);
data/asterisk-16.15.0~dfsg/main/pbx.c:5279:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/main/pbx.c:5337:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	extenlen = strlen(a->argv[3]);
data/asterisk-16.15.0~dfsg/main/pbx.c:5461:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/main/pbx.c:6202:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int length = sizeof(struct ast_context) + strlen(name) + 1;
data/asterisk-16.15.0~dfsg/main/pbx.c:6342:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size_t name_len = strlen(con->name) + 1;
data/asterisk-16.15.0~dfsg/main/pbx.c:6343:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size_t registrar_len = strlen(con->registrar) + 1;
data/asterisk-16.15.0~dfsg/main/pbx.c:6540:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			exten_len = strlen(hint->exten->exten) + 1;
data/asterisk-16.15.0~dfsg/main/pbx.c:6541:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			length = exten_len + strlen(hint->exten->parent->name) + 1
data/asterisk-16.15.0~dfsg/main/pbx.c:6560:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			saved_hint->exten = saved_hint->data + strlen(saved_hint->context) + 1;
data/asterisk-16.15.0~dfsg/main/pbx.c:7387:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	length += strlen(extension) + 1;
data/asterisk-16.15.0~dfsg/main/pbx.c:7389:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		length += strlen(extension) + 1 - exten_fluff;
data/asterisk-16.15.0~dfsg/main/pbx.c:7391:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	length += strlen(application) + 1;
data/asterisk-16.15.0~dfsg/main/pbx.c:7393:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		length += strlen(label) + 1;
data/asterisk-16.15.0~dfsg/main/pbx.c:7396:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		length += strlen(callerid) + 1;
data/asterisk-16.15.0~dfsg/main/pbx.c:7398:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			length += strlen(callerid) + 1 - callerid_fluff;
data/asterisk-16.15.0~dfsg/main/pbx.c:7404:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		length += strlen(registrar_file) + 1;
data/asterisk-16.15.0~dfsg/main/pbx.c:7425:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		p += strlen(label) + 1;
data/asterisk-16.15.0~dfsg/main/pbx.c:7428:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	p += ext_strncpy(p, extension, strlen(extension) + 1, 0);
data/asterisk-16.15.0~dfsg/main/pbx.c:7431:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		p += ext_strncpy(p, extension, strlen(extension) + 1 - exten_fluff, 1);
data/asterisk-16.15.0~dfsg/main/pbx.c:7441:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		p += ext_strncpy(p, callerid, strlen(callerid) + 1, 0);
data/asterisk-16.15.0~dfsg/main/pbx.c:7444:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			p += ext_strncpy(p, callerid, strlen(callerid) + 1 - callerid_fluff, 1);
data/asterisk-16.15.0~dfsg/main/pbx.c:7455:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		p += strlen(registrar_file) + 1;
data/asterisk-16.15.0~dfsg/main/pbx.c:8308:2:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	sscanf(remainder, "%79s", timezone);
data/asterisk-16.15.0~dfsg/main/pbx.c:8357:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	cmpdevice = ast_alloca(sizeof(*cmpdevice) + strlen(presence_state->provider));
data/asterisk-16.15.0~dfsg/main/pbx.c:8835:6:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	if (sscanf(pri, "%30d%1s", &ipri, rest) != 1) {
data/asterisk-16.15.0~dfsg/main/pbx_app.c:120:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	length = sizeof(*tmp) + strlen(app) + 1;
data/asterisk-16.15.0~dfsg/main/pbx_app.c:435:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/main/pbx_builtins.c:1061:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			!ast_strlen_zero(opts[0]) ? strlen(opts[0]) + 1 : 0);
data/asterisk-16.15.0~dfsg/main/pbx_builtins.c:1357:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!args.options || strlen(args.options) != 1) {
data/asterisk-16.15.0~dfsg/main/pbx_builtins.c:1447:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			char *s = ast_alloca(strlen(value) + 4);
data/asterisk-16.15.0~dfsg/main/pbx_functions.c:117:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/main/pbx_functions.c:173:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	syntax_size = strlen(S_OR(acf->syntax, "Not Available")) + AST_TERM_MAX_ESCAPE_CHARS;
data/asterisk-16.15.0~dfsg/main/pbx_functions.c:198:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		synopsis_size = strlen(S_OR(acf->synopsis, "Not Available")) + AST_TERM_MAX_ESCAPE_CHARS;
data/asterisk-16.15.0~dfsg/main/pbx_functions.c:201:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		description_size = strlen(S_OR(acf->desc, "Not Available")) + AST_TERM_MAX_ESCAPE_CHARS;
data/asterisk-16.15.0~dfsg/main/pbx_functions.c:204:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		arguments_size = strlen(S_OR(acf->arguments, "Not Available")) + AST_TERM_MAX_ESCAPE_CHARS;
data/asterisk-16.15.0~dfsg/main/pbx_functions.c:207:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		seealso_size = strlen(S_OR(acf->seealso, "Not Available")) + AST_TERM_MAX_ESCAPE_CHARS;
data/asterisk-16.15.0~dfsg/main/pbx_functions.c:609:22:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	} else if (!acfptr->read && !acfptr->read2) {
data/asterisk-16.15.0~dfsg/main/pbx_functions.c:613:21:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	} else if (acfptr->read) {
data/asterisk-16.15.0~dfsg/main/pbx_functions.c:617:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		res = acfptr->read(chan, copy, args, workspace, len);
data/asterisk-16.15.0~dfsg/main/pbx_functions.c:652:22:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	} else if (!acfptr->read && !acfptr->read2) {
data/asterisk-16.15.0~dfsg/main/pbx_functions.c:680:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			res = acfptr->read(chan, copy, args, ast_str_buffer(*str), maxsize);
data/asterisk-16.15.0~dfsg/main/pbx_hangup_handler.c:152:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	h_handler = ast_malloc(sizeof(*h_handler) + 1 + strlen(expanded_handler));
data/asterisk-16.15.0~dfsg/main/pbx_ignorepat.c:55:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int length = strlen(value) + 1;
data/asterisk-16.15.0~dfsg/main/pbx_include.c:78:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int valuebufsz = strlen(value) + 1;
data/asterisk-16.15.0~dfsg/main/pbx_sw.c:78:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	length += strlen(value) + 1;
data/asterisk-16.15.0~dfsg/main/pbx_sw.c:79:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	length += strlen(data) + 1;
data/asterisk-16.15.0~dfsg/main/pbx_sw.c:91:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	p += strlen(value) + 1;
data/asterisk-16.15.0~dfsg/main/pbx_variables.c:156:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	lr = strlen(ret); /* compute length after copy, so we never go out of the workspace */
data/asterisk-16.15.0~dfsg/main/pbx_variables.c:447:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			pos = strlen(whereweare);
data/asterisk-16.15.0~dfsg/main/pbx_variables.c:666:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			pos = strlen(whereweare);
data/asterisk-16.15.0~dfsg/main/pbx_variables.c:765:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				length = strlen(cp4);
data/asterisk-16.15.0~dfsg/main/pbx_variables.c:1041:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (name[strlen(name)-1] == ')') {
data/asterisk-16.15.0~dfsg/main/pbx_variables.c:1077:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (name[strlen(name) - 1] == ')') {
data/asterisk-16.15.0~dfsg/main/rtp_engine.c:335:102:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	if (ast_strlen_zero(engine->name) || !engine->new || !engine->destroy || !engine->write || !engine->read) {
data/asterisk-16.15.0~dfsg/main/rtp_engine.c:583:28:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	frame = instance->engine->read(instance, rtcp);
data/asterisk-16.15.0~dfsg/main/say.c:987:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (strlen(fna) != 0 && !ast_streamfile(chan, fna, language)) {
data/asterisk-16.15.0~dfsg/main/say.c:994:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
				strcpy(fna, "");
data/asterisk-16.15.0~dfsg/main/say.c:2013:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	buffer += strlen(str);
data/asterisk-16.15.0~dfsg/main/say.c:2500:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (last_length - strlen(buf) > 1 && last_length != 0) {
data/asterisk-16.15.0~dfsg/main/say.c:2501:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					last_length = strlen(buf);
data/asterisk-16.15.0~dfsg/main/say.c:2509:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (last_length - strlen(buf) > 1 && last_length != 0) {
data/asterisk-16.15.0~dfsg/main/say.c:2510:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					last_length = strlen(buf);
data/asterisk-16.15.0~dfsg/main/say.c:2514:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				last_length = strlen(buf);
data/asterisk-16.15.0~dfsg/main/say.c:2520:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					if (last_length - strlen(buf) > 1 && last_length != 0) {
data/asterisk-16.15.0~dfsg/main/say.c:2521:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						last_length = strlen(buf);
data/asterisk-16.15.0~dfsg/main/say.c:2528:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					ast_debug(1, "Number '%d' %d %d\n", num, (int)strlen(buf), last_length);
data/asterisk-16.15.0~dfsg/main/say.c:2529:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					last_length = strlen(buf);
data/asterisk-16.15.0~dfsg/main/say.c:2536:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					ast_debug(1, "Number '%d' %d %d\n", num, (int)strlen(buf), last_length);
data/asterisk-16.15.0~dfsg/main/say.c:2537:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					last_length = strlen(buf);
data/asterisk-16.15.0~dfsg/main/say.c:2544:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						ast_debug(1, "Number '%d' %d %d\n", num, (int)strlen(buf), last_length);
data/asterisk-16.15.0~dfsg/main/say.c:2546:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						last_length = strlen(buf);
data/asterisk-16.15.0~dfsg/main/say.c:2554:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						ast_debug(1, "Number '%d' %d %d\n", num, (int)strlen(buf), last_length);
data/asterisk-16.15.0~dfsg/main/say.c:2555:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						last_length = strlen(buf);
data/asterisk-16.15.0~dfsg/main/say.c:2684:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (options && strlen(options) == 1 && num < 3) {
data/asterisk-16.15.0~dfsg/main/say.c:3198:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (strlen(fna) != 0 && !ast_streamfile(chan, fna, language)) {
data/asterisk-16.15.0~dfsg/main/say.c:3206:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
				strcpy(fna, "");
data/asterisk-16.15.0~dfsg/main/say.c:3361:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (strlen(fna) != 0 && !ast_streamfile(chan, fna, language)) {
data/asterisk-16.15.0~dfsg/main/say.c:3369:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
				strcpy(fna, "");
data/asterisk-16.15.0~dfsg/main/say.c:3625:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (strlen(fna) != 0 && !ast_streamfile(chan, fna, language)) {
data/asterisk-16.15.0~dfsg/main/say.c:3633:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
				strcpy(fna, "");
data/asterisk-16.15.0~dfsg/main/say.c:9022:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
		strncat(res, "minus ", res_len - strlen(res) - 1);
data/asterisk-16.15.0~dfsg/main/say.c:9022:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(res, "minus ", res_len - strlen(res) - 1);
data/asterisk-16.15.0~dfsg/main/say.c:9034:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(res, buf, res_len - strlen(res) - 1);
data/asterisk-16.15.0~dfsg/main/say.c:9034:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(res, buf, res_len - strlen(res) - 1);
data/asterisk-16.15.0~dfsg/main/say.c:9040:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
		strncat(res, "20_ ", res_len - strlen(res) - 1);
data/asterisk-16.15.0~dfsg/main/say.c:9040:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(res, "20_ ", res_len - strlen(res) - 1);
data/asterisk-16.15.0~dfsg/main/say.c:9045:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
		strncat(res, "40_ ", res_len - strlen(res) - 1);
data/asterisk-16.15.0~dfsg/main/say.c:9045:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(res, "40_ ", res_len - strlen(res) - 1);
data/asterisk-16.15.0~dfsg/main/say.c:9050:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
		strncat(res, "60_ ", res_len - strlen(res) - 1);
data/asterisk-16.15.0~dfsg/main/say.c:9050:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(res, "60_ ", res_len - strlen(res) - 1);
data/asterisk-16.15.0~dfsg/main/say.c:9055:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
		strncat(res, "80_ ", res_len - strlen(res) - 1);
data/asterisk-16.15.0~dfsg/main/say.c:9055:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(res, "80_ ", res_len - strlen(res) - 1);
data/asterisk-16.15.0~dfsg/main/say.c:9066:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
			strncat(res, buf, res_len - strlen(res) - 1);
data/asterisk-16.15.0~dfsg/main/say.c:9066:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(res, buf, res_len - strlen(res) - 1);
data/asterisk-16.15.0~dfsg/main/say.c:9070:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
			strncat(res, buf, res_len - strlen(res) - 1);
data/asterisk-16.15.0~dfsg/main/say.c:9070:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(res, buf, res_len - strlen(res) - 1);
data/asterisk-16.15.0~dfsg/main/say.c:9077:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
		strncat(res, "1000", res_len - strlen(res) - 1);
data/asterisk-16.15.0~dfsg/main/say.c:9077:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(res, "1000", res_len - strlen(res) - 1);
data/asterisk-16.15.0~dfsg/main/say.c:9088:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
			strncat(res, " 1000", res_len - strlen(res) - 1);
data/asterisk-16.15.0~dfsg/main/say.c:9088:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(res, " 1000", res_len - strlen(res) - 1);
data/asterisk-16.15.0~dfsg/main/say.c:9093:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
			strncat(res, "1000_ ", res_len - strlen(res) - 1);
data/asterisk-16.15.0~dfsg/main/say.c:9093:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(res, "1000_ ", res_len - strlen(res) - 1);
data/asterisk-16.15.0~dfsg/main/say.c:9098:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
		strncat(res, " 1000_ ", res_len - strlen(res) - 1);
data/asterisk-16.15.0~dfsg/main/say.c:9098:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(res, " 1000_ ", res_len - strlen(res) - 1);
data/asterisk-16.15.0~dfsg/main/say.c:9104:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
		strncat(res, "1 1000000", res_len - strlen(res) - 1);
data/asterisk-16.15.0~dfsg/main/say.c:9104:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(res, "1 1000000", res_len - strlen(res) - 1);
data/asterisk-16.15.0~dfsg/main/say.c:9115:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
			strncat(res, " 1000000", res_len - strlen(res) - 1);
data/asterisk-16.15.0~dfsg/main/say.c:9115:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(res, " 1000000", res_len - strlen(res) - 1);
data/asterisk-16.15.0~dfsg/main/say.c:9120:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
		strncat(res, " 1000000_ ", res_len - strlen(res) - 1);
data/asterisk-16.15.0~dfsg/main/say.c:9120:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(res, " 1000000_ ", res_len - strlen(res) - 1);
data/asterisk-16.15.0~dfsg/main/say.c:9126:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
		strncat(res, "1 1000000000", res_len - strlen(res) - 1);
data/asterisk-16.15.0~dfsg/main/say.c:9126:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(res, "1 1000000000", res_len - strlen(res) - 1);
data/asterisk-16.15.0~dfsg/main/say.c:9137:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
			strncat(res, " 1000000000", res_len - strlen(res) - 1);
data/asterisk-16.15.0~dfsg/main/say.c:9137:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(res, " 1000000000", res_len - strlen(res) - 1);
data/asterisk-16.15.0~dfsg/main/say.c:9142:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
		strncat(res, " 1000000000_ ", res_len - strlen(res) - 1);
data/asterisk-16.15.0~dfsg/main/say.c:9142:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(res, " 1000000000_ ", res_len - strlen(res) - 1);
data/asterisk-16.15.0~dfsg/main/say.c:9171:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		char* new_string = ast_malloc(len + 1 + strlen("digits/"));
data/asterisk-16.15.0~dfsg/main/say.c:9174:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(new_string, remaining, len);  /* we can't sprintf() it, it's not null-terminated. */
data/asterisk-16.15.0~dfsg/main/say.c:9198:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		char* new_string = ast_malloc(strlen(remaining) + 1 + strlen("digits/"));
data/asterisk-16.15.0~dfsg/main/say.c:9198:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		char* new_string = ast_malloc(strlen(remaining) + 1 + strlen("digits/"));
data/asterisk-16.15.0~dfsg/main/say.c:9432:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	temp = ast_alloca((temp_len = (strlen(noun) + strlen(ending) + 1)));
data/asterisk-16.15.0~dfsg/main/say.c:9432:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	temp = ast_alloca((temp_len = (strlen(noun) + strlen(ending) + 1)));
data/asterisk-16.15.0~dfsg/main/say.c:9474:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	temp = ast_alloca((temp_len = (strlen(adjective) + strlen(ending) + 1)));
data/asterisk-16.15.0~dfsg/main/say.c:9474:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	temp = ast_alloca((temp_len = (strlen(adjective) + strlen(ending) + 1)));
data/asterisk-16.15.0~dfsg/main/serializer.c:85:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	pool = ast_malloc(sizeof(*pool) + strlen(name) + 1);
data/asterisk-16.15.0~dfsg/main/sorcery.c:614:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	proxy = ao2_t_weakproxy_alloc(sizeof(*proxy) + strlen(module_name) + 1, NULL, module_name);
data/asterisk-16.15.0~dfsg/main/sorcery.c:877:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		+ (ast_strlen_zero(wizard_args) ? 0 : strlen(wizard_args) + 1),
data/asterisk-16.15.0~dfsg/main/sorcery.c:2433:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncmp(ast_sorcery_object_get_id(object_left), right_key, strlen(right_key));
data/asterisk-16.15.0~dfsg/main/sounds.c:224:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		length = strlen(a->word);
data/asterisk-16.15.0~dfsg/main/srv.c:100:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!(entry = ast_calloc(1, sizeof(*entry) + strlen(repl))))
data/asterisk-16.15.0~dfsg/main/stasis.c:477:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	statistics = ao2_alloc(sizeof(*statistics) + strlen(topic->name) + 1, topic_statistics_destroy);
data/asterisk-16.15.0~dfsg/main/stasis.c:503:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!topic || !name || !strlen(name) || !detail) {
data/asterisk-16.15.0~dfsg/main/stasis.c:518:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	detail_len = strlen(detail) + 1;
data/asterisk-16.15.0~dfsg/main/stasis.c:521:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			sizeof(*proxy) + strlen(name) + 1 + detail_len, NULL, name);
data/asterisk-16.15.0~dfsg/main/stasis.c:530:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	proxy->detail = proxy->name + strlen(name) + 1;
data/asterisk-16.15.0~dfsg/main/stasis.c:572:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!name|| !strlen(name) || !detail) {
data/asterisk-16.15.0~dfsg/main/stasis.c:830:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	statistics = ao2_alloc(sizeof(*statistics) + strlen(sub->uniqueid) + 1, subscription_statistics_destroy);
data/asterisk-16.15.0~dfsg/main/stasis.c:1625:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t description_len = strlen(description) + 1;
data/asterisk-16.15.0~dfsg/main/stasis.c:1626:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t uniqueid_len = strlen(uniqueid) + 1;
data/asterisk-16.15.0~dfsg/main/stasis.c:1724:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	topic_pool_entry = ao2_alloc_options(sizeof(*topic_pool_entry) + strlen(topic_name) + 1,
data/asterisk-16.15.0~dfsg/main/stasis.c:1747:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			ast_alloca(strlen(stasis_topic_name(pool->pool_topic)) + strlen("-pool") + 1);
data/asterisk-16.15.0~dfsg/main/stasis.c:1747:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			ast_alloca(strlen(stasis_topic_name(pool->pool_topic)) + strlen("-pool") + 1);
data/asterisk-16.15.0~dfsg/main/stasis.c:1848:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			ast_alloca(strlen(stasis_topic_name(pooled_topic)) + strlen("-pool") + 1);
data/asterisk-16.15.0~dfsg/main/stasis.c:1848:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			ast_alloca(strlen(stasis_topic_name(pooled_topic)) + strlen("-pool") + 1);
data/asterisk-16.15.0~dfsg/main/stasis.c:1868:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int pool_topic_name_len = strlen(pool_topic_name);
data/asterisk-16.15.0~dfsg/main/stasis.c:2391:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/main/stasis.c:2555:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/main/stasis.c:2750:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/main/stasis_channels.c:210:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncasecmp(object_left->name, right_key, strlen(right_key));
data/asterisk-16.15.0~dfsg/main/stasis_channels.c:560:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncasecmp(object_left->role, right_key, strlen(right_key));
data/asterisk-16.15.0~dfsg/main/stasis_channels.c:675:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int role_len = strlen(role) + 1;
data/asterisk-16.15.0~dfsg/main/stdtime/localtime.c:378:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		if ((res = read(inotify_fd, iev, real_sizeof_iev)) < sizeof(*iev) && res > 0) {
data/asterisk-16.15.0~dfsg/main/stdtime/localtime.c:886:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if ((strlen(p) + strlen(name) + 1) >= sizeof fullname)
data/asterisk-16.15.0~dfsg/main/stdtime/localtime.c:886:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if ((strlen(p) + strlen(name) + 1) >= sizeof fullname)
data/asterisk-16.15.0~dfsg/main/stdtime/localtime.c:889:11:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			(void) strcat(fullname, "/");
data/asterisk-16.15.0~dfsg/main/stdtime/localtime.c:911:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	nread = read(fid, u.buf, sizeof u.buf);
data/asterisk-16.15.0~dfsg/main/stdtime/localtime.c:1401:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		stdlen = strlen(name);	/* length of standard zone name */
data/asterisk-16.15.0~dfsg/main/stdtime/localtime.c:1572:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	(void) strncpy(cp, stdname, stdlen);
data/asterisk-16.15.0~dfsg/main/stdtime/localtime.c:1576:10:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		(void) strncpy(cp, dstname, dstlen);
data/asterisk-16.15.0~dfsg/main/stdtime/localtime.c:2406:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					if ((cur = ast_calloc(1, sizeof(*cur) + strlen(name) + 1))) {
data/asterisk-16.15.0~dfsg/main/stdtime/localtime.c:2435:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if ((cur = ast_calloc(1, sizeof(*cur) + strlen(locale) + 1))) {
data/asterisk-16.15.0~dfsg/main/stdtime/localtime.c:2454:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t fmtlen = strlen(tmp) + 1;
data/asterisk-16.15.0~dfsg/main/strcompat.c:79:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	buflen = strlen(name) + strlen(value) + 2;
data/asterisk-16.15.0~dfsg/main/strcompat.c:79:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	buflen = strlen(name) + strlen(value) + 2;
data/asterisk-16.15.0~dfsg/main/strcompat.c:114:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int u1len = strlen(haystack) + 1, u2len = strlen(needle) + 1;
data/asterisk-16.15.0~dfsg/main/strcompat.c:114:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int u1len = strlen(haystack) + 1, u2len = strlen(needle) + 1;
data/asterisk-16.15.0~dfsg/main/strcompat.c:533:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(path);
data/asterisk-16.15.0~dfsg/main/stream.c:109:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t name_len = MAX(strlen(S_OR(name, "")), MIN_STREAM_NAME_LEN); /* Ensure there is enough room for 'removed' or a type-position */
data/asterisk-16.15.0~dfsg/main/stream.c:141:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	name_len = MAX(strlen(S_OR(stream_name, "")), MIN_STREAM_NAME_LEN); /* Ensure there is enough room for 'removed' or a type-position */
data/asterisk-16.15.0~dfsg/main/strings.c:181:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		return strncmp(lhs, rhs, strlen(rhs));
data/asterisk-16.15.0~dfsg/main/strings.c:192:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncmp(lhs, rhs, strlen(rhs));
data/asterisk-16.15.0~dfsg/main/strings.c:211:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ao2_add = ao2_alloc_options(strlen(add) + 1, NULL, AO2_ALLOC_OPT_LOCK_NOLOCK);
data/asterisk-16.15.0~dfsg/main/strings.c:265:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(right) >= 2 && right[0] == '/' && right[strlen(right) - 1] == '/') {
data/asterisk-16.15.0~dfsg/main/strings.c:265:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(right) >= 2 && right[0] == '/' && right[strlen(right) - 1] == '/') {
data/asterisk-16.15.0~dfsg/main/strings.c:270:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			internal_right[strlen(internal_right) - 1] = '\0';
data/asterisk-16.15.0~dfsg/main/stun.c:205:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int str_length = strlen(s);
data/asterisk-16.15.0~dfsg/main/taskprocessor.c:385:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	tklen = strlen(a->word);
data/asterisk-16.15.0~dfsg/main/taskprocessor.c:504:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncasecmp(tps_left->name, right_key, strlen(right_key));
data/asterisk-16.15.0~dfsg/main/taskprocessor.c:556:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	word_len = strlen(like);
data/asterisk-16.15.0~dfsg/main/taskprocessor.c:672:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	alert = ast_malloc(sizeof(*alert) + strlen(subsystem) + 1);
data/asterisk-16.15.0~dfsg/main/taskprocessor.c:718:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	alert_copy = ast_malloc(sizeof(*alert_copy) + strlen(alert->subsystem) + 1);
data/asterisk-16.15.0~dfsg/main/taskprocessor.c:990:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	name_length = strlen(name);
data/asterisk-16.15.0~dfsg/main/taskprocessor.c:1287:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int final_size = strlen(name) + SEQ_STR_SIZE;
data/asterisk-16.15.0~dfsg/main/tcptls.c:95:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen((char *) str) != ret) {
data/asterisk-16.15.0~dfsg/main/tcptls.c:297:4:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
			usleep(1);
data/asterisk-16.15.0~dfsg/main/tcptls.c:312:4:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
			usleep(1);
data/asterisk-16.15.0~dfsg/main/tcptls.c:498:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			size_t certfile_len = strlen(cfg->certfile);
data/asterisk-16.15.0~dfsg/main/term.c:124:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		int actsize = read(termfd, buffer, sizeof(buffer) - 1);
data/asterisk-16.15.0~dfsg/main/term.c:337:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int len = strlen(line);
data/asterisk-16.15.0~dfsg/main/test.c:306:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	struct ast_str *category = ast_str_create(strlen(test->info.category) + 32);
data/asterisk-16.15.0~dfsg/main/test.c:327:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size_t name_length = strlen(test->info.name) + 2;
data/asterisk-16.15.0~dfsg/main/test.c:651:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len1 = strlen(cat1);
data/asterisk-16.15.0~dfsg/main/test.c:652:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len2 = strlen(cat2);
data/asterisk-16.15.0~dfsg/main/test.c:706:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (test->info.category[0] != '/' || test->info.category[strlen(test->info.category) - 1] != '/') {
data/asterisk-16.15.0~dfsg/main/test.c:721:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (test->info.summary[strlen(test->info.summary) - 1] == '\n') {
data/asterisk-16.15.0~dfsg/main/test.c:736:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (test->info.description[strlen(test->info.description) - 1] == '\n') {
data/asterisk-16.15.0~dfsg/main/test.c:757:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/main/test.c:775:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/main/threadpool.c:939:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	fullname = ast_alloca(strlen(name) + strlen("/pool") + 1);
data/asterisk-16.15.0~dfsg/main/threadpool.c:939:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	fullname = ast_alloca(strlen(name) + strlen("/pool") + 1);
data/asterisk-16.15.0~dfsg/main/translate.c:942:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/main/translate.c:997:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		curlen = strlen(codec->name);
data/asterisk-16.15.0~dfsg/main/translate.c:1038:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				curlen = strlen(col->name);
data/asterisk-16.15.0~dfsg/main/uri.c:93:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		scheme, scheme ? strlen(scheme) + 1 : 0,
data/asterisk-16.15.0~dfsg/main/uri.c:94:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		user_info, user_info ? strlen(user_info) + 1 : 0,
data/asterisk-16.15.0~dfsg/main/uri.c:95:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		host, host ? strlen(host) + 1 : 0,
data/asterisk-16.15.0~dfsg/main/uri.c:96:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		port, port ? strlen(port) + 1 : 0,
data/asterisk-16.15.0~dfsg/main/uri.c:97:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		path, path ? strlen(path) + 1 : 0,
data/asterisk-16.15.0~dfsg/main/uri.c:98:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		query, query ? strlen(query) + 1 : 0);
data/asterisk-16.15.0~dfsg/main/uri.c:148:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		*(uri->scheme + strlen(uri->scheme) - 1) == 's';
data/asterisk-16.15.0~dfsg/main/uri.c:231:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size_query = strlen(query) + 1;
data/asterisk-16.15.0~dfsg/main/uri.c:233:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		p = uri + strlen(uri);
data/asterisk-16.15.0~dfsg/main/uri.c:257:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int len = strlen(scheme);
data/asterisk-16.15.0~dfsg/main/uri.c:263:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		char *with_scheme = ast_malloc(len + strlen(uri) + 4);
data/asterisk-16.15.0~dfsg/main/uri.c:303:3:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strlen(ast_uri_host(uri)) : 0;
data/asterisk-16.15.0~dfsg/main/uri.c:306:3:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strlen(ast_uri_port(uri)) + 1 : 0;
data/asterisk-16.15.0~dfsg/main/utf8.c:261:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ast_test_validate(test, ast_utf8_is_validn("Asterisk" "\xff", strlen("Asterisk")));
data/asterisk-16.15.0~dfsg/main/utf8.c:262:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ast_test_validate(test, ast_utf8_is_validn("\xce\xbb" "\xff", strlen("\xce\xbb")));
data/asterisk-16.15.0~dfsg/main/utf8.c:263:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ast_test_validate(test, ast_utf8_is_validn("\xe2\x8a\x9b" "\xff", strlen("\xe2\x8a\x9b")));
data/asterisk-16.15.0~dfsg/main/utf8.c:264:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ast_test_validate(test, ast_utf8_is_validn("\xf0\x9f\x93\x9e" "\xff", strlen("\xf0\x9f\x93\x9e")));
data/asterisk-16.15.0~dfsg/main/utils.c:120:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			nbytes += (strlen(*p)+1); /* aliases */
data/asterisk-16.15.0~dfsg/main/utils.c:165:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			pbuf += strlen(*p); /* advance pbuf */
data/asterisk-16.15.0~dfsg/main/utils.c:172:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		pbuf += strlen(ph->h_name); /* advance pbuf */
data/asterisk-16.15.0~dfsg/main/utils.c:249:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	MD5Update(&md5, (const unsigned char *) input, strlen(input));
data/asterisk-16.15.0~dfsg/main/utils.c:266:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	SHA1Input(&sha, (const unsigned char *) input, strlen(input));
data/asterisk-16.15.0~dfsg/main/utils.c:281:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        SHA1Input(&sha, (const unsigned char *) input, strlen(input));
data/asterisk-16.15.0~dfsg/main/utils.c:325:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	encoded_len = strlen(src);
data/asterisk-16.15.0~dfsg/main/utils.c:412:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	encoded_len = ((strlen(src) * 4 / 3 + 3) & ~3) + 1;
data/asterisk-16.15.0~dfsg/main/utils.c:415:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ast_base64encode(encoded_string, (const unsigned char *)src, strlen(src), encoded_len);
data/asterisk-16.15.0~dfsg/main/utils.c:571:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int quote_str_len = strlen(quote_str);
data/asterisk-16.15.0~dfsg/main/utils.c:635:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			ast_assert(len == strlen(entity));
data/asterisk-16.15.0~dfsg/main/utils.c:1517:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		e = s + strlen(s) - 1;
data/asterisk-16.15.0~dfsg/main/utils.c:1594:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			memmove(e - 1, e, strlen(e) + 1);
data/asterisk-16.15.0~dfsg/main/utils.c:1751:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	*size = strlen(s) * 2 + 1;
data/asterisk-16.15.0~dfsg/main/utils.c:1804:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int regex_len = strlen(regex_string);
data/asterisk-16.15.0~dfsg/main/utils.c:1940:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		int read_res = read(dev_urandom_fd, &res, sizeof(res));
data/asterisk-16.15.0~dfsg/main/utils.c:2029:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size = strlen(front);
data/asterisk-16.15.0~dfsg/main/utils.c:2105:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int len = strlen(path), count = 0, x, piececount = 0;
data/asterisk-16.15.0~dfsg/main/utils.c:2128:3:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		strcat(fullpath, "/");
data/asterisk-16.15.0~dfsg/main/utils.c:2294:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strncasecmp(c, "Digest ", strlen("Digest "))) {
data/asterisk-16.15.0~dfsg/main/utils.c:2299:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	c += strlen("Digest ");
data/asterisk-16.15.0~dfsg/main/utils.c:2307:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strncasecmp(c, i->key, strlen(i->key)) != 0) {
data/asterisk-16.15.0~dfsg/main/utils.c:2312:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			c += strlen(i->key);
data/asterisk-16.15.0~dfsg/main/utils.c:2454:2:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
	usleep(1);
data/asterisk-16.15.0~dfsg/main/xmldoc.c:128:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	postbrlen = strlen(postbr);
data/asterisk-16.15.0~dfsg/main/xmldoc.c:188:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	tmp = ast_str_create(strlen(text) * 3);
data/asterisk-16.15.0~dfsg/main/xmldoc.c:201:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	textlen = strlen(text);
data/asterisk-16.15.0~dfsg/main/xmldoc.c:255:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	bwinputlen = strlen(bwinput);
data/asterisk-16.15.0~dfsg/main/xmldoc.c:272:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strncasecmp(bwinput + i, colorized_tags[c].inittag, strlen(colorized_tags[c].inittag))) {
data/asterisk-16.15.0~dfsg/main/xmldoc.c:276:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (!(tmp = strcasestr(bwinput + i + strlen(colorized_tags[c].inittag), colorized_tags[c].endtag))) {
data/asterisk-16.15.0~dfsg/main/xmldoc.c:280:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			len = tmp - (bwinput + i + strlen(colorized_tags[c].inittag));
data/asterisk-16.15.0~dfsg/main/xmldoc.c:303:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				ast_copy_string(buf, bwinput + i + strlen(colorized_tags[c].inittag), sizeof(buf));
data/asterisk-16.15.0~dfsg/main/xmldoc.c:324:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			i += len + strlen(colorized_tags[c].endtag) + strlen(colorized_tags[c].inittag) - 1;
data/asterisk-16.15.0~dfsg/main/xmldoc.c:324:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			i += len + strlen(colorized_tags[c].endtag) + strlen(colorized_tags[c].inittag) - 1;
data/asterisk-16.15.0~dfsg/main/xmldoc.c:371:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	textlen = strlen(text);
data/asterisk-16.15.0~dfsg/main/xmldoc.c:532:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	tmpfmtlen = strlen(tmpfmt);
data/asterisk-16.15.0~dfsg/main/xmldoc.c:2918:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	xmlpattern_maxlen = strlen(ast_config_AST_DATA_DIR) + strlen("/documentation/thirdparty") + strlen("/*-??_??.xml") + 1;
data/asterisk-16.15.0~dfsg/main/xmldoc.c:2918:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	xmlpattern_maxlen = strlen(ast_config_AST_DATA_DIR) + strlen("/documentation/thirdparty") + strlen("/*-??_??.xml") + 1;
data/asterisk-16.15.0~dfsg/main/xmldoc.c:2918:94:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	xmlpattern_maxlen = strlen(ast_config_AST_DATA_DIR) + strlen("/documentation/thirdparty") + strlen("/*-??_??.xml") + 1;
data/asterisk-16.15.0~dfsg/menuselect/menuselect.c:846:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(dep_file->name, name, sizeof(dep_file->name) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect.c:1359:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strncasecmp(buf, "MENUSELECT_", strlen("MENUSELECT_")))
data/asterisk-16.15.0~dfsg/menuselect/menuselect.c:1362:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!strncasecmp(buf, "MENUSELECT_DEPENDS_", strlen("MENUSELECT_DEPENDS_")))
data/asterisk-16.15.0~dfsg/menuselect/menuselect.c:1365:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!strncasecmp(buf, "MENUSELECT_BUILD_DEPS", strlen("MENUSELECT_BUILD_DEPS")))
data/asterisk-16.15.0~dfsg/menuselect/menuselect.h:175:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size_t __len = strlen(__old) + 1;                         \
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:231:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if ((strlen(buf) + strlen(word) + 1) > maxlen) {
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:231:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if ((strlen(buf) + strlen(word) + 1) > maxlen) {
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:238:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			sprintf(buf + strlen(buf), "%*.*s%s", new_line ? 0 : 1, new_line ? 0 : 1, " ", word);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:241:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(buf)) {
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:250:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
			strncat(buf, dep->displayname, sizeof(buf) - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:250:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(buf, dep->displayname, sizeof(buf) - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:251:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
			strncat(buf, dep->member ? "(M)" : "(E)", sizeof(buf) - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:251:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(buf, dep->member ? "(M)" : "(E)", sizeof(buf) - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:253:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
				strncat(buf, ", ", sizeof(buf) - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:253:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strncat(buf, ", ", sizeof(buf) - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:261:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
			strncat(buf, use->displayname, sizeof(buf) - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:261:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(buf, use->displayname, sizeof(buf) - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:262:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
			strncat(buf, use->member ? "(M)" : "(E)", sizeof(buf) - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:262:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(buf, use->member ? "(M)" : "(E)", sizeof(buf) - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:264:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
				strncat(buf, ", ", sizeof(buf) - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:264:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strncat(buf, ", ", sizeof(buf) - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:272:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
			strncat(buf, con->displayname, sizeof(buf) - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:272:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(buf, con->displayname, sizeof(buf) - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:273:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
			strncat(buf, con->member ? "(M)" : "(E)", sizeof(buf) - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:273:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(buf, con->member ? "(M)" : "(E)", sizeof(buf) - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:275:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
				strncat(buf, ", ", sizeof(buf) - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:275:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strncat(buf, ", ", sizeof(buf) - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:287:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
				strncat(buf, buf2, sizeof(buf) - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:287:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strncat(buf, buf2, sizeof(buf) - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:499:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char titlebar[strlen(menu_name) + 9];
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:504:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	wmove(title, 1, (max_x / 2) - (strlen(titlebar) / 2));
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:506:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	wmove(title, 2, (max_x / 2) - (strlen(menu_name) / 2));
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:508:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	wmove(title, 3, (max_x / 2) - (strlen(titlebar) / 2));
data/asterisk-16.15.0~dfsg/menuselect/menuselect_curses.c:1068:4:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
			usleep(alien_sleeptime);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_gtk.c:135:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	mem_num_str = alloca(strlen(path)) + 1;
data/asterisk-16.15.0~dfsg/menuselect/menuselect_gtk.c:305:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
				strncat(dep_buf, dep->displayname, sizeof(dep_buf) - strlen(dep_buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_gtk.c:305:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strncat(dep_buf, dep->displayname, sizeof(dep_buf) - strlen(dep_buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_gtk.c:306:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
				strncat(dep_buf, dep->member ? "(M)" : "(E)", sizeof(dep_buf) - strlen(dep_buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_gtk.c:306:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strncat(dep_buf, dep->member ? "(M)" : "(E)", sizeof(dep_buf) - strlen(dep_buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_gtk.c:308:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
					strncat(dep_buf, ", ", sizeof(dep_buf) - strlen(dep_buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_gtk.c:308:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					strncat(dep_buf, ", ", sizeof(dep_buf) - strlen(dep_buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_gtk.c:311:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
				strncat(use_buf, use->displayname, sizeof(use_buf) - strlen(use_buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_gtk.c:311:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strncat(use_buf, use->displayname, sizeof(use_buf) - strlen(use_buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_gtk.c:313:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
					strncat(use_buf, ", ", sizeof(use_buf) - strlen(use_buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_gtk.c:313:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					strncat(use_buf, ", ", sizeof(use_buf) - strlen(use_buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_gtk.c:316:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
				strncat(cnf_buf, cnf->displayname, sizeof(cnf_buf) - strlen(cnf_buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_gtk.c:316:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strncat(cnf_buf, cnf->displayname, sizeof(cnf_buf) - strlen(cnf_buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_gtk.c:317:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
				strncat(cnf_buf, cnf->member ? "(M)" : "(E)", sizeof(cnf_buf) - strlen(cnf_buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_gtk.c:317:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strncat(cnf_buf, cnf->member ? "(M)" : "(E)", sizeof(cnf_buf) - strlen(cnf_buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_gtk.c:319:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
					strncat(cnf_buf, ", ", sizeof(cnf_buf) - strlen(cnf_buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_gtk.c:319:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					strncat(cnf_buf, ", ", sizeof(cnf_buf) - strlen(cnf_buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_gtk.c:328:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
				strncat(name_buf, " (Failed Deps.)", sizeof(name_buf) - strlen(name_buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_gtk.c:328:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strncat(name_buf, " (Failed Deps.)", sizeof(name_buf) - strlen(name_buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_gtk.c:330:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
				strncat(name_buf, " (In Conflict)", sizeof(name_buf) - strlen(name_buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_gtk.c:330:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strncat(name_buf, " (In Conflict)", sizeof(name_buf) - strlen(name_buf) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_newt.c:131:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
		strcpy(buffer, "");
data/asterisk-16.15.0~dfsg/menuselect/menuselect_newt.c:133:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
			strncat(buffer, dep->displayname, sizeof(buffer) - strlen(buffer) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_newt.c:133:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(buffer, dep->displayname, sizeof(buffer) - strlen(buffer) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_newt.c:134:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
			strncat(buffer, dep->member ? "(M)" : "(E)", sizeof(buffer) - strlen(buffer) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_newt.c:134:66:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(buffer, dep->member ? "(M)" : "(E)", sizeof(buffer) - strlen(buffer) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_newt.c:136:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
				strncat(buffer, ", ", sizeof(buffer) - strlen(buffer) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_newt.c:136:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strncat(buffer, ", ", sizeof(buffer) - strlen(buffer) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_newt.c:148:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
		strcpy(buffer, "");
data/asterisk-16.15.0~dfsg/menuselect/menuselect_newt.c:150:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
			strncat(buffer, uses->displayname, sizeof(buffer) - strlen(buffer) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_newt.c:150:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(buffer, uses->displayname, sizeof(buffer) - strlen(buffer) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_newt.c:151:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
			strncat(buffer, uses->member ? "(M)" : "(E)", sizeof(buffer) - strlen(buffer) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_newt.c:151:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(buffer, uses->member ? "(M)" : "(E)", sizeof(buffer) - strlen(buffer) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_newt.c:153:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
				strncat(buffer, ", ", sizeof(buffer) - strlen(buffer) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_newt.c:153:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strncat(buffer, ", ", sizeof(buffer) - strlen(buffer) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_newt.c:165:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
		strcpy(buffer, "");
data/asterisk-16.15.0~dfsg/menuselect/menuselect_newt.c:167:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
			strncat(buffer, con->displayname, sizeof(buffer) - strlen(buffer) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_newt.c:167:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(buffer, con->displayname, sizeof(buffer) - strlen(buffer) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_newt.c:168:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
			strncat(buffer, con->member ? "(M)" : "(E)", sizeof(buffer) - strlen(buffer) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_newt.c:168:66:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(buffer, con->member ? "(M)" : "(E)", sizeof(buffer) - strlen(buffer) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_newt.c:170:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
				strncat(buffer, ", ", sizeof(buffer) - strlen(buffer) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_newt.c:170:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strncat(buffer, ", ", sizeof(buffer) - strlen(buffer) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_newt.c:180:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
			strncat(buffer, buf2, sizeof(buffer) - strlen(buffer) - 1);
data/asterisk-16.15.0~dfsg/menuselect/menuselect_newt.c:180:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(buffer, buf2, sizeof(buffer) - strlen(buffer) - 1);
data/asterisk-16.15.0~dfsg/menuselect/strcompat.c:68:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	buflen = strlen(name) + strlen(value) + 2;
data/asterisk-16.15.0~dfsg/menuselect/strcompat.c:68:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	buflen = strlen(name) + strlen(value) + 2;
data/asterisk-16.15.0~dfsg/menuselect/strcompat.c:105:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int u1len = strlen(haystack) + 1, u2len = strlen(needle) + 1;
data/asterisk-16.15.0~dfsg/menuselect/strcompat.c:105:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int u1len = strlen(haystack) + 1, u2len = strlen(needle) + 1;
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:113:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(buf, "");
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:116:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
		strncat(buf, "TTLEXPIRED|", bufsiz - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:116:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(buf, "TTLEXPIRED|", bufsiz - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:119:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
		strncat(buf, "DONTASK|", bufsiz - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:119:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(buf, "DONTASK|", bufsiz - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:122:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
		strncat(buf, "UNAFFECTED|", bufsiz - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:122:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(buf, "UNAFFECTED|", bufsiz - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:127:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	buf[strlen(buf)-1] = '\0';
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:228:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
		strncpy(buf, "None", bufsiz - 1);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:231:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
		strncpy(buf, "IAX", bufsiz - 1);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:234:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
		strncpy(buf, "SIP", bufsiz - 1);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:237:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
		strncpy(buf, "H.323", bufsiz - 1);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:248:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(buf, "");
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:251:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
		strncat(buf, "EXISTS|", bufsiz - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:251:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(buf, "EXISTS|", bufsiz - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:254:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
		strncat(buf, "MATCHMORE|", bufsiz - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:254:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(buf, "MATCHMORE|", bufsiz - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:257:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
		strncat(buf, "CANMATCH|", bufsiz - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:257:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(buf, "CANMATCH|", bufsiz - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:260:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
		strncat(buf, "IGNOREPAT|", bufsiz - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:260:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(buf, "IGNOREPAT|", bufsiz - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:263:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
		strncat(buf, "RESIDENCE|", bufsiz - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:263:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(buf, "RESIDENCE|", bufsiz - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:266:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
		strncat(buf, "COMMERCIAL|", bufsiz - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:266:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(buf, "COMMERCIAL|", bufsiz - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:269:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
		strncat(buf, "MOBILE", bufsiz - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:269:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(buf, "MOBILE", bufsiz - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:272:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
		strncat(buf, "NOUNSLCTD|", bufsiz - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:272:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(buf, "NOUNSLCTD|", bufsiz - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:275:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
		strncat(buf, "NOCOMUNSLTD|", bufsiz - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:275:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(buf, "NOCOMUNSLTD|", bufsiz - strlen(buf) - 1);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:280:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	buf[strlen(buf)-1] = '\0';
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:336:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		snprintf(output + strlen(output), maxlen - strlen(output) - 1, "%02hhx ", u[x]);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:336:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		snprintf(output + strlen(output), maxlen - strlen(output) - 1, "%02hhx ", u[x]);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:338:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant character.
	strncat(output + strlen(output), "]", maxlen - strlen(output) - 1);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:338:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	strncat(output + strlen(output), "]", maxlen - strlen(output) - 1);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:338:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	strncat(output + strlen(output), "]", maxlen - strlen(output) - 1);
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:502:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int datalen = data ? strlen(data) + 1 : 1;
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:521:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int datalen = data ? strlen(data) + 2 : 2;
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:562:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int datalen = data ? strlen(data) + 11 : 11;
data/asterisk-16.15.0~dfsg/pbx/dundi-parser.c:607:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return dundi_ie_append_raw(ied, ie, str, strlen(str));
data/asterisk-16.15.0~dfsg/pbx/pbx_ael.c:159:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		rfilename = ast_alloca(strlen(config) + strlen(ast_config_AST_CONFIG_DIR) + 2);
data/asterisk-16.15.0~dfsg/pbx/pbx_ael.c:159:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		rfilename = ast_alloca(strlen(config) + strlen(ast_config_AST_CONFIG_DIR) + 2);
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:293:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int len = strlen(a->word); /* how many bytes to match */
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:472:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((!strlen(exten)) || (!(strlen(context)))) {
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:472:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((!strlen(exten)) || (!(strlen(context)))) {
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:566:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		le = strlen(exten);
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:567:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		lc = strlen(context);
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:568:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		lcid = cid ? strlen(cid) : -1;
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:624:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		le = strlen(exten);
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:625:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		lc = strlen(context);
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:626:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(a->word);
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:749:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int len = strlen(a->word);
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:777:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!strlen(context) || strcmp(into, "into")) {
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:856:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			slash = (*(a->argv[2] + strlen(a->argv[2]) -1) == '/') ? "/" : "";
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:907:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			int escaped_len = 2 * strlen(v->value) + 1;
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:972:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					int escaped_len = (!ast_strlen_zero(appdata)) ? 2 * strlen(appdata) + 1 : 1;
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:982:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					if (el && (snprintf(label, sizeof(label), "(%s)", el) != (strlen(el) + 2))) {
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:1280:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int len = strlen(a->word);
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:1314:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int len = strlen(a->word);
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:1402:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int len = strlen(a->word);
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:1495:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int len = strlen(a->word);
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:1529:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int len = strlen(a->word);
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:1967:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int len = strlen(iface);
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:1968:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(add) + len < maxlen - 2) {
data/asterisk-16.15.0~dfsg/pbx/pbx_config.c:1969:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(iface)) {
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:644:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					if (strlen(tmp) > strlen(hmd->exten)) {
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:644:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					if (strlen(tmp) > strlen(hmd->exten)) {
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:931:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		snprintf(data + strlen(data), sizeof(data) - strlen(data), "%u/%d/%d/%s/%s|",
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:931:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		snprintf(data + strlen(data), sizeof(data) - strlen(data), "%u/%d/%d/%s/%s|",
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:1281:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (strlen(tmp) > strlen(req->hmd->exten)) {
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:1281:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (strlen(tmp) > strlen(req->hmd->exten)) {
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:1566:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!(perm = ast_calloc(1, sizeof(*perm) + strlen(cur->name) + 1)))
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:1576:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!(perm = ast_calloc(1, sizeof(*perm) + strlen(cur->name) + 1)))
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:1644:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(peer->inkey)) {
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:1800:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
							if (strlen((char *)ies.hint->data) > strlen(trans->parent->hmd->exten)) {
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:1800:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
							if (strlen((char *)ies.hint->data) > strlen(trans->parent->hmd->exten)) {
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:2427:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(word);
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:2776:95:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                   } else if (!strcasecmp(a->argv[3],"begin") && !strncasecmp(srch,a->argv[4],strlen(a->argv[4]))) {
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:3248:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						peer->lookups[0] = ast_malloc(strlen(trans->parent->number) + strlen(trans->parent->dcontext) + 2);
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:3248:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						peer->lookups[0] = ast_malloc(strlen(trans->parent->number) + strlen(trans->parent->dcontext) + 2);
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:3881:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
				usleep(1);
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:3951:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int num_len = strlen(number) + 1;
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:3952:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int context_len = strlen(context) + 1;
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:4058:4:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
			usleep(1);
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:4116:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
		usleep(1);
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:4446:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!(perm = ast_calloc(1, sizeof(*perm) + strlen(s) + 1)))
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:4469:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			(!strncasecmp(map->lcontext, value, strlen(map->lcontext)) &&
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:4470:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			  (!value[strlen(map->lcontext)] ||
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:4471:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			   (value[strlen(map->lcontext)] == ','))))
data/asterisk-16.15.0~dfsg/pbx/pbx_dundi.c:4502:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		} else if (!strncmp(fields[1], "${", 2) && fields[1][strlen(fields[1]) - 1] == '}') {
data/asterisk-16.15.0~dfsg/pbx/pbx_lua.c:331:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!ast_strlen_zero(name) && name[strlen(name) - 1] == ')') {
data/asterisk-16.15.0~dfsg/pbx/pbx_lua.c:573:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!ast_strlen_zero(name) && name[strlen(name) - 1] != ')') {
data/asterisk-16.15.0~dfsg/pbx/pbx_lua.c:1096:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char *path = ast_alloca(strlen(config) + strlen(ast_config_AST_CONFIG_DIR) + 2);
data/asterisk-16.15.0~dfsg/pbx/pbx_lua.c:1096:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char *path = ast_alloca(strlen(config) + strlen(ast_config_AST_CONFIG_DIR) + 2);
data/asterisk-16.15.0~dfsg/pbx/pbx_realtime.c:149:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return strlen(extenp) - strlen(extenq);
data/asterisk-16.15.0~dfsg/pbx/pbx_realtime.c:149:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return strlen(extenp) - strlen(extenq);
data/asterisk-16.15.0~dfsg/pbx/pbx_realtime.c:271:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (!(ce = ao2_alloc(sizeof(*ce) + strlen(exten) + strlen(context), free_entry))) {
data/asterisk-16.15.0~dfsg/pbx/pbx_realtime.c:271:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (!(ce = ao2_alloc(sizeof(*ce) + strlen(exten) + strlen(context), free_entry))) {
data/asterisk-16.15.0~dfsg/pbx/pbx_realtime.c:275:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			ce->context = ce->exten + strlen(exten) + 1;
data/asterisk-16.15.0~dfsg/pbx/pbx_spool.c:194:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			memmove(c - 1, c, strlen(c) + 1);
data/asterisk-16.15.0~dfsg/pbx/pbx_spool.c:302:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size_t len = strlen(buf);
data/asterisk-16.15.0~dfsg/pbx/pbx_spool.c:317:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			len = strlen(buf);
data/asterisk-16.15.0~dfsg/pbx/pbx_spool.c:568:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		char *fn = ast_alloca(strlen(qdir) + strlen(filename) + 2);
data/asterisk-16.15.0~dfsg/pbx/pbx_spool.c:568:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		char *fn = ast_alloca(strlen(qdir) + strlen(filename) + 2);
data/asterisk-16.15.0~dfsg/pbx/pbx_spool.c:596:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!(new = ast_calloc(1, sizeof(*new) + strlen(filename) + 1))) {
data/asterisk-16.15.0~dfsg/pbx/pbx_spool.c:634:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!(cur = ast_calloc(1, sizeof(*cur) + strlen(filename) + 1))) {
data/asterisk-16.15.0~dfsg/pbx/pbx_spool.c:767:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
				(res = read(inotify_fd, &buf, sizeof(buf))) >= sizeof(*iev)) {
data/asterisk-16.15.0~dfsg/res/ael/ael.tab.c:1234:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#   define yystrlen strlen
data/asterisk-16.15.0~dfsg/res/ael/ael.tab.c:2651:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		(yyval.pval)->u1.str = malloc(strlen((yyvsp[(1) - (5)].str))+strlen((yyvsp[(3) - (5)].str))+2);
data/asterisk-16.15.0~dfsg/res/ael/ael.tab.c:2651:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		(yyval.pval)->u1.str = malloc(strlen((yyvsp[(1) - (5)].str))+strlen((yyvsp[(3) - (5)].str))+2);
data/asterisk-16.15.0~dfsg/res/ael/ael.tab.c:2653:3:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		strcat((yyval.pval)->u1.str,"@");
data/asterisk-16.15.0~dfsg/res/ael/ael.tab.c:3109:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		tot+=strlen((yyvsp[(1) - (5)].pval)->u1.str);
data/asterisk-16.15.0~dfsg/res/ael/ael.tab.c:3111:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			tot+=strlen(pptr->u1.str);
data/asterisk-16.15.0~dfsg/res/ael/ael.tab.c:3117:3:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		strcat(bufx,"(");
data/asterisk-16.15.0~dfsg/res/ael/ael.tab.c:3121:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
				strcat(bufx,",");
data/asterisk-16.15.0~dfsg/res/ael/ael.tab.c:3124:3:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		strcat(bufx,")");
data/asterisk-16.15.0~dfsg/res/ael/ael.tab.c:3920:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if ( strncmp(p,token_equivs1[i],strlen(token_equivs1[i])) == 0 )
data/asterisk-16.15.0~dfsg/res/ael/ael.tab.c:3922:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				len+=strlen(token_equivs2[i])+2;
data/asterisk-16.15.0~dfsg/res/ael/ael.tab.c:3923:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				p += strlen(token_equivs1[i])-1;
data/asterisk-16.15.0~dfsg/res/ael/ael.tab.c:3935:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if ( strncmp(p,token_equivs1[i],strlen(token_equivs1[i])) == 0 ) {
data/asterisk-16.15.0~dfsg/res/ael/ael.tab.c:3941:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				p += strlen(token_equivs1[i]);
data/asterisk-16.15.0~dfsg/res/ael/ael_lex.c:1140:14:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			     (c = getc( yyin )) != EOF && c != '\n'; ++n ) \
data/asterisk-16.15.0~dfsg/res/ael/ael_lex.c:1643:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(yylval->str, yytext, yyleng);
data/asterisk-16.15.0~dfsg/res/ael/ael_lex.c:1660:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy(yylval->str, yytext, yyleng);
data/asterisk-16.15.0~dfsg/res/ael/ael_lex.c:1697:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy(yylval->str, yytext, yyleng);
data/asterisk-16.15.0~dfsg/res/ael/ael_lex.c:1714:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy(yylval->str, yytext, yyleng);
data/asterisk-16.15.0~dfsg/res/ael/ael_lex.c:1751:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy(yylval->str, yytext, yyleng);
data/asterisk-16.15.0~dfsg/res/ael/ael_lex.c:1775:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy(yylval->str, yytext, yyleng);
data/asterisk-16.15.0~dfsg/res/ael/ael_lex.c:1786:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy(yylval->str, yytext, yyleng);
data/asterisk-16.15.0~dfsg/res/ael/ael_lex.c:1818:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy(yylval->str, yytext, yyleng);
data/asterisk-16.15.0~dfsg/res/ael/ael_lex.c:1855:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy(yylval->str, yytext, yyleng);
data/asterisk-16.15.0~dfsg/res/ael/ael_lex.c:1869:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy(yylval->str, yytext, yyleng);
data/asterisk-16.15.0~dfsg/res/ael/ael_lex.c:1888:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy(yylval->str, yytext, yyleng);
data/asterisk-16.15.0~dfsg/res/ael/ael_lex.c:1906:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy(yylval->str, yytext, yyleng);
data/asterisk-16.15.0~dfsg/res/ael/ael_lex.c:1939:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy(yylval->str, yytext, yyleng);
data/asterisk-16.15.0~dfsg/res/ael/ael_lex.c:1953:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(yylval->str, yytext, yyleng);
data/asterisk-16.15.0~dfsg/res/ael/ael_lex.c:1978:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy(fnamebuf, p1+1, p2-p1-1);
data/asterisk-16.15.0~dfsg/res/ael/ael_lex.c:2826:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return ael_yy_scan_bytes(yystr,strlen(yystr) ,yyscanner);
data/asterisk-16.15.0~dfsg/res/ael/ael_lex.c:3424:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy(fnamebuf, globbuf->gl_pathv[globpos], fnamebuf_siz);
data/asterisk-16.15.0~dfsg/res/ael/ael_lex.c:3448:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy(fnamebuf2, fnamebuf, fnamebuf_siz);
data/asterisk-16.15.0~dfsg/res/ael/pval.c:708:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if ( strlen(pattern)*5 >= 2000 ) /* safety valve */ {
data/asterisk-16.15.0~dfsg/res/ael/pval.c:2018:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(ac->name)>1  && strchr(ac->name,'(') == 0 && strcmp(ac->name,is->u1.str) == 0) /* multichar option, no parens, and a match? */
data/asterisk-16.15.0~dfsg/res/ael/pval.c:2022:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(ac->name)==1  ||  strchr(ac->name,'(')) {
data/asterisk-16.15.0~dfsg/res/ael/pval.c:2067:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (is->u1.str && strlen(is->u1.str) > 0) /* most will match */
data/asterisk-16.15.0~dfsg/res/ael/pval.c:2086:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if( !is->u1.str || strlen(is->u1.str) == 0 )
data/asterisk-16.15.0~dfsg/res/ael/pval.c:2099:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(ac->name)>1  && strchr(ac->name,'(') == 0 && strcmp(ac->name,is->u1.str) == 0) /* multichar option, no parens, and a match? */
data/asterisk-16.15.0~dfsg/res/ael/pval.c:2103:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(ac->name)==1  ||  strchr(ac->name,'(')) {
data/asterisk-16.15.0~dfsg/res/ael/pval.c:2200:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	while (strlen(buff1) > 0 && ( buff1[strlen(buff1)-1] == '}' || buff1[strlen(buff1)-1] == ' ' || buff1[strlen(buff1)-1] == '\t'))
data/asterisk-16.15.0~dfsg/res/ael/pval.c:2200:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	while (strlen(buff1) > 0 && ( buff1[strlen(buff1)-1] == '}' || buff1[strlen(buff1)-1] == ' ' || buff1[strlen(buff1)-1] == '\t'))
data/asterisk-16.15.0~dfsg/res/ael/pval.c:2200:71:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	while (strlen(buff1) > 0 && ( buff1[strlen(buff1)-1] == '}' || buff1[strlen(buff1)-1] == ' ' || buff1[strlen(buff1)-1] == '\t'))
data/asterisk-16.15.0~dfsg/res/ael/pval.c:2200:104:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	while (strlen(buff1) > 0 && ( buff1[strlen(buff1)-1] == '}' || buff1[strlen(buff1)-1] == ' ' || buff1[strlen(buff1)-1] == '\t'))
data/asterisk-16.15.0~dfsg/res/ael/pval.c:2201:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		buff1[strlen(buff1)-1] = 0;
data/asterisk-16.15.0~dfsg/res/ael/pval.c:2679:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if ( strspn(item->u1.str, "0123456789") == strlen(item->u1.str) ) {
data/asterisk-16.15.0~dfsg/res/ael/pval.c:2897:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	rfilename = ast_alloca(10 + strlen(ast_config_AST_VAR_DIR));
data/asterisk-16.15.0~dfsg/res/ael/pval.c:2956:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			p2 = malloc(strlen(prio->appargs)+5);
data/asterisk-16.15.0~dfsg/res/ael/pval.c:2966:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			p2 = malloc(strlen(prio->appargs)+5);
data/asterisk-16.15.0~dfsg/res/ael/pval.c:3524:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
				strncat(buf2,strp2+1, BUF_SIZE-strlen(strp2+1)-2);
data/asterisk-16.15.0~dfsg/res/ael/pval.c:3524:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strncat(buf2,strp2+1, BUF_SIZE-strlen(strp2+1)-2);
data/asterisk-16.15.0~dfsg/res/ael/pval.c:3525:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
				strcat(buf2,"]");
data/asterisk-16.15.0~dfsg/res/ael/pval.c:3569:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
				strncat(buf2,strp2+1, BUF_SIZE-strlen(strp2+1)-2);
data/asterisk-16.15.0~dfsg/res/ael/pval.c:3569:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strncat(buf2,strp2+1, BUF_SIZE-strlen(strp2+1)-2);
data/asterisk-16.15.0~dfsg/res/ael/pval.c:3570:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
				strcat(buf2,"]");
data/asterisk-16.15.0~dfsg/res/ael/pval.c:3971:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
					strcat(buf1,"(");
data/asterisk-16.15.0~dfsg/res/ael/pval.c:3975:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
					strcat(buf1,",");
data/asterisk-16.15.0~dfsg/res/ael/pval.c:3979:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
				strcat(buf1,")");
data/asterisk-16.15.0~dfsg/res/ael/pval.c:3993:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
					strcat(buf1,",");
data/asterisk-16.15.0~dfsg/res/ael/pval.c:5533:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (context && strlen(context)) {
data/asterisk-16.15.0~dfsg/res/ael/pval.c:5545:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	} else if (exten && strlen(exten)) {
data/asterisk-16.15.0~dfsg/res/ari/config.c:135:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncasecmp(user_left->username, key_right, strlen(key_right));
data/asterisk-16.15.0~dfsg/res/ari/resource_bridges.c:474:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	thread_data = ast_malloc(sizeof(*thread_data) + strlen(bridge->uniqueid) + 1);
data/asterisk-16.15.0~dfsg/res/ari/resource_bridges.c:763:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	uri_name_maxlen = strlen(args->name) * 3;
data/asterisk-16.15.0~dfsg/res/ari/resource_channels.c:823:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	uri_name_maxlen = strlen(args->name) * 3;
data/asterisk-16.15.0~dfsg/res/ari/resource_channels.c:1093:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((assignedids.uniqueid && AST_MAX_PUBLIC_UNIQUEID < strlen(assignedids.uniqueid))
data/asterisk-16.15.0~dfsg/res/ari/resource_channels.c:1094:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		|| (assignedids.uniqueid2 && AST_MAX_PUBLIC_UNIQUEID < strlen(assignedids.uniqueid2))) {
data/asterisk-16.15.0~dfsg/res/ari/resource_channels.c:1513:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (args->variable[strlen(args->variable) - 1] == ')') {
data/asterisk-16.15.0~dfsg/res/ari/resource_channels.c:2089:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	endpoint_len = strlen("UnicastRTP/") + strlen(args->external_host) + 1;
data/asterisk-16.15.0~dfsg/res/ari/resource_channels.c:2089:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	endpoint_len = strlen("UnicastRTP/") + strlen(args->external_host) + 1;
data/asterisk-16.15.0~dfsg/res/ari/resource_events.c:168:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncmp(object_left->session_id, right_key, strlen(right_key));
data/asterisk-16.15.0~dfsg/res/ari/resource_events.c:401:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size = sizeof(*session) + strlen(session_id) + 1;
data/asterisk-16.15.0~dfsg/res/ari/resource_events.c:409:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(session->session_id, session_id, size - sizeof(*session));
data/asterisk-16.15.0~dfsg/res/parking/parking_bridge_features.c:197:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	parker_uuid_size = strlen(parker_uuid) + 1;
data/asterisk-16.15.0~dfsg/res/parking/parking_bridge_features.c:198:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	parkee_uuid_size = strlen(parkee_uuid) + 1;
data/asterisk-16.15.0~dfsg/res/res_adsi.c:696:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen((char *) buf) != 2) {
data/asterisk-16.15.0~dfsg/res/res_adsi.c:711:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen((char *) buf) != 2) {
data/asterisk-16.15.0~dfsg/res/res_adsi.c:727:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen((char *) buf) != 1) {
data/asterisk-16.15.0~dfsg/res/res_agi.c:1856:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	res = read(fds[0], agi_buffer, AGI_BUF_SIZE);
data/asterisk-16.15.0~dfsg/res/res_agi.c:1897:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			res = read(fds[0], agi_buffer, AGI_BUF_SIZE);
data/asterisk-16.15.0~dfsg/res/res_agi.c:2158:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(agiurl) < 7) { /* Remove hagi:// */
data/asterisk-16.15.0~dfsg/res/res_agi.c:2931:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(silencestr) > 2) {
data/asterisk-16.15.0~dfsg/res/res_agi.c:3225:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!ast_strlen_zero(argv[2]) && (argv[2][strlen(argv[2]) - 1] == ')')) {
data/asterisk-16.15.0~dfsg/res/res_agi.c:3774:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (match && strncasecmp(matchstr, fullcmd, strlen(matchstr)))
data/asterisk-16.15.0~dfsg/res/res_agi.c:4212:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				buflen = strlen(buf);
data/asterisk-16.15.0~dfsg/res/res_agi.c:4237:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			buflen = strlen(buf);
data/asterisk-16.15.0~dfsg/res/res_agi.c:4273:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
				usleep(1);
data/asterisk-16.15.0~dfsg/res/res_agi.c:4339:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				synlen = strlen(S_OR(command->summary, "Not available")) + AST_TERM_MAX_ESCAPE_CHARS;
data/asterisk-16.15.0~dfsg/res/res_agi.c:4342:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				desclen = strlen(S_OR(command->usage, "Not available")) + AST_TERM_MAX_ESCAPE_CHARS;
data/asterisk-16.15.0~dfsg/res/res_agi.c:4345:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				seealsolen = strlen(S_OR(command->seealso, "Not available")) + AST_TERM_MAX_ESCAPE_CHARS;
data/asterisk-16.15.0~dfsg/res/res_agi.c:4357:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			stxlen = strlen(S_OR(command->syntax, "Not available")) + AST_TERM_MAX_ESCAPE_CHARS;
data/asterisk-16.15.0~dfsg/res/res_ari.c:509:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	while ((path_segment = strsep(&path, "/")) && (strlen(path_segment) > 0)) {
data/asterisk-16.15.0~dfsg/res/res_ari.c:704:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (prefix != NULL && strlen(prefix) > 0) {
data/asterisk-16.15.0~dfsg/res/res_ari.c:726:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	slashless[strlen(slashless) - 1] = '\0';
data/asterisk-16.15.0~dfsg/res/res_ari_applications.c:230:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(args.event_source_parse) == 0) {
data/asterisk-16.15.0~dfsg/res/res_ari_applications.c:380:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(args.event_source_parse) == 0) {
data/asterisk-16.15.0~dfsg/res/res_ari_asterisk.c:326:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(args.only_parse) == 0) {
data/asterisk-16.15.0~dfsg/res/res_ari_bridges.c:477:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(args.channel_parse) == 0) {
data/asterisk-16.15.0~dfsg/res/res_ari_bridges.c:637:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(args.channel_parse) == 0) {
data/asterisk-16.15.0~dfsg/res/res_ari_bridges.c:1066:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(args.media_parse) == 0) {
data/asterisk-16.15.0~dfsg/res/res_ari_bridges.c:1239:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(args.media_parse) == 0) {
data/asterisk-16.15.0~dfsg/res/res_ari_channels.c:1878:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(args.media_parse) == 0) {
data/asterisk-16.15.0~dfsg/res/res_ari_channels.c:2052:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(args.media_parse) == 0) {
data/asterisk-16.15.0~dfsg/res/res_ari_events.c:81:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(args.app_parse) == 0) {
data/asterisk-16.15.0~dfsg/res/res_ari_events.c:184:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(args.app_parse) == 0) {
data/asterisk-16.15.0~dfsg/res/res_ari_events.c:235:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				AST_WEBSOCKET_OPCODE_TEXT, msg,	strlen(msg));
data/asterisk-16.15.0~dfsg/res/res_ari_events.c:317:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(args.source_parse) == 0) {
data/asterisk-16.15.0~dfsg/res/res_calendar.c:1628:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (!strncasecmp(a->word, cal->name, strlen(a->word)) && ++which > a->n) {
data/asterisk-16.15.0~dfsg/res/res_calendar_caldav.c:256:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ast_str_set(&subdir, 0, "%s%s.ics", pvt->url[strlen(pvt->url) - 1] == '/' ? "" : "/", event->uid);
data/asterisk-16.15.0~dfsg/res/res_calendar_ews.c:630:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(event->categories) > 0) {
data/asterisk-16.15.0~dfsg/res/res_calendar_exchange.c:142:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	char *read, *write;
data/asterisk-16.15.0~dfsg/res/res_calendar_exchange.c:144:31:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	for (read = write = mstime; *read; read++) {
data/asterisk-16.15.0~dfsg/res/res_calendar_exchange.c:152:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		*write = *read;
data/asterisk-16.15.0~dfsg/res/res_clialiases.c:120:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		line += (strlen(alias->alias));
data/asterisk-16.15.0~dfsg/res/res_clialiases.c:121:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strncasecmp(alias->alias, alias->real_cmd, strlen(alias->alias))) {
data/asterisk-16.15.0~dfsg/res/res_clialiases.c:122:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			struct ast_str *real_cmd = ast_str_alloca(strlen(alias->real_cmd) + strlen(line) + 1);
data/asterisk-16.15.0~dfsg/res/res_clialiases.c:122:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			struct ast_str *real_cmd = ast_str_alloca(strlen(alias->real_cmd) + strlen(line) + 1);
data/asterisk-16.15.0~dfsg/res/res_clialiases.c:223:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (!(alias = ao2_alloc((sizeof(*alias) + strlen(v1->name) + strlen(v1->value) + 2), NULL))) {
data/asterisk-16.15.0~dfsg/res/res_clialiases.c:223:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (!(alias = ao2_alloc((sizeof(*alias) + strlen(v1->name) + strlen(v1->value) + 2), NULL))) {
data/asterisk-16.15.0~dfsg/res/res_clialiases.c:227:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			alias->real_cmd = ((char *) alias->alias) + strlen(v1->name) + 1;
data/asterisk-16.15.0~dfsg/res/res_config_ldap.c:614:6:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
					usleep(500000L * tries);
data/asterisk-16.15.0~dfsg/res/res_config_ldap.c:692:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				int len = strlen(cbasedn);
data/asterisk-16.15.0~dfsg/res/res_config_ldap.c:714:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int search_len = strlen(search);
data/asterisk-16.15.0~dfsg/res/res_config_ldap.c:715:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int by_len = strlen(by);
data/asterisk-16.15.0~dfsg/res/res_config_ldap.c:725:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				memmove(p + by_len, p + search_len, strlen(p + search_len) + 1);
data/asterisk-16.15.0~dfsg/res/res_config_ldap.c:867:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
				usleep(1);
data/asterisk-16.15.0~dfsg/res/res_config_ldap.c:1262:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(new_value)) {
data/asterisk-16.15.0~dfsg/res/res_config_ldap.c:1305:4:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strlen(src->mod_values[0]) + strlen(new_value) + sizeof(";"));
data/asterisk-16.15.0~dfsg/res/res_config_ldap.c:1305:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strlen(src->mod_values[0]) + strlen(new_value) + sizeof(";"));
data/asterisk-16.15.0~dfsg/res/res_config_ldap.c:1312:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(new_buffer, ";");
data/asterisk-16.15.0~dfsg/res/res_config_ldap.c:1559:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
				usleep(500000L * tries);
data/asterisk-16.15.0~dfsg/res/res_config_ldap.c:1937:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cred.bv_len = strlen(pass);
data/asterisk-16.15.0~dfsg/res/res_config_odbc.c:90:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			memmove(chunk + 1, chunk + 3, strlen(chunk + 3) + 1);
data/asterisk-16.15.0~dfsg/res/res_config_odbc.c:140:70:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		SQLBindParameter(stmt, x++, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_CHAR, strlen(newval), 0, (void *)newval, 0, NULL);
data/asterisk-16.15.0~dfsg/res/res_config_odbc.c:151:70:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		SQLBindParameter(stmt, x++, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_CHAR, strlen(newval), 0, (void *)newval, 0, NULL);
data/asterisk-16.15.0~dfsg/res/res_config_odbc.c:627:71:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			SQLBindParameter(stmt, x++, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_CHAR, strlen(field->name), 0, (void *)field->value, 0, NULL);
data/asterisk-16.15.0~dfsg/res/res_config_odbc.c:644:70:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		SQLBindParameter(stmt, x++, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_CHAR, strlen(field->value), 0, (void *)field->value, 0, NULL);
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:100:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int len = strlen(stringname); \
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:290:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		tablename = ast_alloca(strlen(tmp_tablename) * 2 + 1);
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:291:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		PQescapeStringConn(pgsqlConn, tablename, tmp_tablename, strlen(tmp_tablename), NULL);
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:292:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		schemaname = ast_alloca(strlen(tmp_schemaname) * 2 + 1);
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:293:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		PQescapeStringConn(pgsqlConn, schemaname, tmp_schemaname, strlen(tmp_schemaname), NULL);
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:300:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		tablename = ast_alloca(strlen(orig_tablename) * 2 + 1);
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:301:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		PQescapeStringConn(pgsqlConn, tablename, orig_tablename, strlen(orig_tablename), NULL);
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:316:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!(table = ast_calloc(1, sizeof(*table) + strlen(orig_tablename) + 1))) {
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:334:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!(column = ast_calloc(1, sizeof(*column) + strlen(fname) + strlen(ftype) + 2))) {
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:334:66:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!(column = ast_calloc(1, sizeof(*column) + strlen(fname) + strlen(ftype) + 2))) {
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:350:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		column->type = (char *)column + sizeof(*column) + strlen(fname) + 1;
data/asterisk-16.15.0~dfsg/res/res_config_pgsql.c:1634:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		l = strlen(a->word);
data/asterisk-16.15.0~dfsg/res/res_config_sqlite.c:175:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
		usleep(1000);						\
data/asterisk-16.15.0~dfsg/res/res_config_sqlite.c:611:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!(col = ast_calloc(1, sizeof(*col) + strlen(fie.ld[i]) + strlen(type) + 2))) {
data/asterisk-16.15.0~dfsg/res/res_config_sqlite.c:611:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!(col = ast_calloc(1, sizeof(*col) + strlen(fie.ld[i]) + strlen(type) + 2))) {
data/asterisk-16.15.0~dfsg/res/res_config_sqlite.c:615:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		col->type = (char *)col + sizeof(*col) + strlen(fie.ld[i]) + 1;
data/asterisk-16.15.0~dfsg/res/res_config_sqlite.c:656:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!(tblptr = ast_calloc(1, sizeof(*tblptr) + strlen(tablename) + 1))) {
data/asterisk-16.15.0~dfsg/res/res_config_sqlite3.c:132:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t maxlen = strlen(param) * 2 + sizeof("\"\"");
data/asterisk-16.15.0~dfsg/res/res_config_sqlite3.c:175:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t maxlen = strlen(param) * 2 + sizeof("\"\" =");
data/asterisk-16.15.0~dfsg/res/res_config_sqlite3.c:329:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
		usleep(1000 * db->batch);
data/asterisk-16.15.0~dfsg/res/res_config_sqlite3.c:1158:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!(column = ao2_alloc(strlen(values[1]) + 1, NULL))) {
data/asterisk-16.15.0~dfsg/res/res_corosync.c:839:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					name.length = strlen(name.value);
data/asterisk-16.15.0~dfsg/res/res_corosync.c:943:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				name.length = strlen(name.value);
data/asterisk-16.15.0~dfsg/res/res_corosync.c:1394:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		name.length = strlen(name.value);
data/asterisk-16.15.0~dfsg/res/res_crypto.c:119:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (write(key->outfd, prompt, strlen(prompt)) < 0) {
data/asterisk-16.15.0~dfsg/res/res_crypto.c:126:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	res = read(key->infd, buf, size);
data/asterisk-16.15.0~dfsg/res/res_crypto.c:131:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (buf[strlen(buf) -1] == '\n') {
data/asterisk-16.15.0~dfsg/res/res_crypto.c:132:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		buf[strlen(buf) - 1] = '\0';
data/asterisk-16.15.0~dfsg/res/res_crypto.c:134:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return strlen(buf);
data/asterisk-16.15.0~dfsg/res/res_crypto.c:203:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			MD5Update(&md5, (unsigned char *) buf, strlen(buf));
data/asterisk-16.15.0~dfsg/res/res_crypto.c:404:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!(res = ast_sign_bin(key, msg, strlen(msg), dsig))) {
data/asterisk-16.15.0~dfsg/res/res_crypto.c:456:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	res = ast_check_signature_bin(key, msg, strlen(msg), dsig);
data/asterisk-16.15.0~dfsg/res/res_crypto.c:623:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			kn = key->fn + strlen(ast_config_AST_KEY_DIR) + 1;
data/asterisk-16.15.0~dfsg/res/res_fax.c:915:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			strcat(tbuf, ",");
data/asterisk-16.15.0~dfsg/res/res_fax.c:922:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			strcat(tbuf, ",");
data/asterisk-16.15.0~dfsg/res/res_fax.c:929:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			strcat(tbuf, ",");
data/asterisk-16.15.0~dfsg/res/res_fax.c:1384:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size += strlen(separator) + strlen(prefix) + strlen(doc->filename);
data/asterisk-16.15.0~dfsg/res/res_fax.c:1384:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size += strlen(separator) + strlen(prefix) + strlen(doc->filename);
data/asterisk-16.15.0~dfsg/res/res_fax.c:1384:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size += strlen(separator) + strlen(prefix) + strlen(doc->filename);
data/asterisk-16.15.0~dfsg/res/res_fax.c:1792:29:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			if (!(frame = fax->tech->read(fax))) {
data/asterisk-16.15.0~dfsg/res/res_fax.c:2191:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!(doc = ast_calloc(1, sizeof(*doc) + strlen(args.filename) + 1))) {
data/asterisk-16.15.0~dfsg/res/res_fax.c:2708:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!(doc = ast_calloc(1, sizeof(*doc) + strlen(c) + 1))) {
data/asterisk-16.15.0~dfsg/res/res_fax.c:3956:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	tklen = strlen(a->word);
data/asterisk-16.15.0~dfsg/res/res_format_attr_opus.c:119:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!strncmp(kvp, name, strlen(name)) && kvp[strlen(name)] == '=') {
data/asterisk-16.15.0~dfsg/res/res_format_attr_opus.c:119:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!strncmp(kvp, name, strlen(name)) && kvp[strlen(name)] == '=') {
data/asterisk-16.15.0~dfsg/res/res_hep.c:512:66:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		INITIALIZE_GENERIC_HEP_IDS_VAR(&auth_key, CHUNK_TYPE_AUTH_KEY, strlen(config->general->capture_password));
data/asterisk-16.15.0~dfsg/res/res_hep.c:513:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		packet_len += (sizeof(auth_key) + strlen(config->general->capture_password));
data/asterisk-16.15.0~dfsg/res/res_hep.c:515:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	INITIALIZE_GENERIC_HEP_IDS_VAR(&uuid, CHUNK_TYPE_UUID, strlen(capture_info->uuid));
data/asterisk-16.15.0~dfsg/res/res_hep.c:516:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	packet_len += (sizeof(uuid) + strlen(capture_info->uuid));
data/asterisk-16.15.0~dfsg/res/res_hep.c:549:76:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		memcpy(sock_buffer + sock_buffer_len, config->general->capture_password, strlen(config->general->capture_password));
data/asterisk-16.15.0~dfsg/res/res_hep.c:550:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		sock_buffer_len += strlen(config->general->capture_password);
data/asterisk-16.15.0~dfsg/res/res_hep.c:556:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	memcpy(sock_buffer + sock_buffer_len, capture_info->uuid, strlen(capture_info->uuid));
data/asterisk-16.15.0~dfsg/res/res_hep.c:557:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	sock_buffer_len += strlen(capture_info->uuid);
data/asterisk-16.15.0~dfsg/res/res_hep_rtcp.c:129:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	capture_info = hepv3_create_capture_info(payload, strlen(payload));
data/asterisk-16.15.0~dfsg/res/res_http_media_cache.c:134:8:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
			if (equal && (sscanf(equal + 1, "%30u", &max_age) == 1)) {
data/asterisk-16.15.0~dfsg/res/res_http_post.c:240:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	boundary_len = strlen(boundary);
data/asterisk-16.15.0~dfsg/res/res_http_post.c:260:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			x = strlen("filename=\"");
data/asterisk-16.15.0~dfsg/res/res_http_post.c:377:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				boundary_marker += strlen("boundary=");
data/asterisk-16.15.0~dfsg/res/res_http_post.c:447:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (prefix[strlen(prefix)] == '/') {
data/asterisk-16.15.0~dfsg/res/res_http_post.c:448:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				prefix[strlen(prefix)] = '\0';
data/asterisk-16.15.0~dfsg/res/res_http_websocket.c:767:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	unsigned combined_length = strlen(key) + strlen(WEBSOCKET_GUID) + 1;
data/asterisk-16.15.0~dfsg/res/res_http_websocket.c:767:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	unsigned combined_length = strlen(key) + strlen(WEBSOCKET_GUID) + 1;
data/asterisk-16.15.0~dfsg/res/res_http_websocket.c:876:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!key || strlen(key) + strlen(WEBSOCKET_GUID) + 1 > 8192) { /* no stack overflows please */
data/asterisk-16.15.0~dfsg/res/res_http_websocket.c:876:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!key || strlen(key) + strlen(WEBSOCKET_GUID) + 1 > 8192) { /* no stack overflows please */
data/asterisk-16.15.0~dfsg/res/res_http_websocket.c:1486:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	uint64_t len = strlen(buf);
data/asterisk-16.15.0~dfsg/res/res_limit.c:89:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int wordlen = strlen(a->word);
data/asterisk-16.15.0~dfsg/res/res_musiconhold.c:650:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if ((strlen(de->d_name) > 3) &&
data/asterisk-16.15.0~dfsg/res/res_musiconhold.c:652:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			      (!strcasecmp(de->d_name + strlen(de->d_name) - 4, ".raw") ||
data/asterisk-16.15.0~dfsg/res/res_musiconhold.c:653:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			       !strcasecmp(de->d_name + strlen(de->d_name) - 4, ".sln"))) ||
data/asterisk-16.15.0~dfsg/res/res_musiconhold.c:654:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			     !strcasecmp(de->d_name + strlen(de->d_name) - 4, ".mp3"))) {
data/asterisk-16.15.0~dfsg/res/res_musiconhold.c:748:2:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
	usleep(delay);
data/asterisk-16.15.0~dfsg/res/res_musiconhold.c:758:2:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
	usleep(delay);
data/asterisk-16.15.0~dfsg/res/res_musiconhold.c:822:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
				usleep(1000 * (MOH_MS_INTERVAL - delta));
data/asterisk-16.15.0~dfsg/res/res_musiconhold.c:839:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		if ((res2 = read(class->srcfd, sbuf, len)) != len) {
data/asterisk-16.15.0~dfsg/res/res_musiconhold.c:1069:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	res = read(moh->pipe[0], buf + AST_FRIENDLY_OFFSET/2, len);
data/asterisk-16.15.0~dfsg/res/res_musiconhold.c:1239:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(extension) < 3) {
data/asterisk-16.15.0~dfsg/res/res_musiconhold.c:1513:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/res/res_musiconhold.c:1555:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(a->argv[3]);
data/asterisk-16.15.0~dfsg/res/res_musiconhold.c:1559:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (cur->realtime && len == strlen(cur->name) && !strncasecmp(cur->name, a->argv[3], len)) {
data/asterisk-16.15.0~dfsg/res/res_musiconhold.c:1923:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
				(bytes = read(class->srcfd, buff, 8192)) && time(NULL) < stime) {
data/asterisk-16.15.0~dfsg/res/res_mwi_external.c:543:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/res/res_mwi_external_ami.c:165:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		regex_string = ast_str_create(strlen(mailbox_id) + 1);
data/asterisk-16.15.0~dfsg/res/res_mwi_external_ami.c:256:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		regex_string = ast_str_create(strlen(mailbox_id) + 1);
data/asterisk-16.15.0~dfsg/res/res_odbc.c:284:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!(tableptr = ast_calloc(sizeof(char), sizeof(*tableptr) + strlen(database) + 1 + strlen(tablename) + 1))) {
data/asterisk-16.15.0~dfsg/res/res_odbc.c:284:88:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!(tableptr = ast_calloc(sizeof(char), sizeof(*tableptr) + strlen(database) + 1 + strlen(tablename) + 1))) {
data/asterisk-16.15.0~dfsg/res/res_odbc.c:290:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		tableptr->table = (char *)tableptr + sizeof(*tableptr) + strlen(database) + 1;
data/asterisk-16.15.0~dfsg/res/res_odbc.c:298:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (!(entry = ast_calloc(sizeof(char), sizeof(*entry) + strlen(columnname) + 1))) {
data/asterisk-16.15.0~dfsg/res/res_odbc.c:735:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		length = strlen(a->word);
data/asterisk-16.15.0~dfsg/res/res_odbc.c:1056:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	SQLSetConnectAttr(con, SQL_ATTR_TRACEFILE, tracefile, strlen(tracefile));
data/asterisk-16.15.0~dfsg/res/res_odbc_transaction.c:166:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	txn = ast_calloc(1, sizeof(*txn) + strlen(name) + 1);
data/asterisk-16.15.0~dfsg/res/res_parking.c:263:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncmp(left->name, right_key, strlen(right_key));
data/asterisk-16.15.0~dfsg/res/res_parking.c:355:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		key_size = strlen(key);
data/asterisk-16.15.0~dfsg/res/res_phoneprov.c:170:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncmp(object_left->field, right_key, strlen(right_key)); \
data/asterisk-16.15.0~dfsg/res/res_phoneprov.c:610:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			char value_copy[strlen(v->value) + 1];
data/asterisk-16.15.0~dfsg/res/res_phoneprov.c:633:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			char value_copy[strlen(v->value) + 1];
data/asterisk-16.15.0~dfsg/res/res_pjproject.c:251:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	format_temp = ast_alloca(strlen(option) + strlen(" : ") + strlen(format_string) + 1);
data/asterisk-16.15.0~dfsg/res/res_pjproject.c:251:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	format_temp = ast_alloca(strlen(option) + strlen(" : ") + strlen(format_string) + 1);
data/asterisk-16.15.0~dfsg/res/res_pjproject.c:251:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	format_temp = ast_alloca(strlen(option) + strlen(" : ") + strlen(format_string) + 1);
data/asterisk-16.15.0~dfsg/res/res_pjproject.c:626:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		pj_strset(&t, *candidate, strlen(*candidate));
data/asterisk-16.15.0~dfsg/res/res_pjsip.c:3047:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			&& strlen(name) == current - prev) {
data/asterisk-16.15.0~dfsg/res/res_pjsip.c:3823:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	pjsip_parse_rdata(packet, strlen(packet), rdata);
data/asterisk-16.15.0~dfsg/res/res_pjsip.c:3834:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strlen(contact), PJSIP_PARSE_URI_AS_NAMEADDR);
data/asterisk-16.15.0~dfsg/res/res_pjsip.c:4638:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t combined_size = strlen(body_text) + tdata->msg->body->len;
data/asterisk-16.15.0~dfsg/res/res_pjsip.c:5069:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			int name_buf_len = strlen(id->name.str) * 2 + 1;
data/asterisk-16.15.0~dfsg/res/res_pjsip/config_auth.c:102:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		} else if (strlen(auth->md5_creds) != PJSIP_MD5STRLEN) {
data/asterisk-16.15.0~dfsg/res/res_pjsip/config_auth.c:104:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				"digest is '%d' in size for auth '%s'\n", PJSIP_MD5STRLEN, (int)strlen(auth->md5_creds),
data/asterisk-16.15.0~dfsg/res/res_pjsip/config_transport.c:567:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
				usleep(BIND_DELAY_US);
data/asterisk-16.15.0~dfsg/res/res_pjsip/config_transport.c:583:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				(AST_SIP_X_AST_TXP_LEN + strlen(transport_id) + 2));
data/asterisk-16.15.0~dfsg/res/res_pjsip/config_transport.c:615:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
				usleep(BIND_DELAY_US);
data/asterisk-16.15.0~dfsg/res/res_pjsip/config_transport.c:645:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
				usleep(BIND_DELAY_US);
data/asterisk-16.15.0~dfsg/res/res_pjsip/location.c:86:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t prefix_len = strlen(aor_id) + sizeof(";@") - 1;
data/asterisk-16.15.0~dfsg/res/res_pjsip/location.c:223:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t prefix_len = strlen(ast_sorcery_object_get_id(aor)) + sizeof(";@") - 1;
data/asterisk-16.15.0~dfsg/res/res_pjsip/location.c:514:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncmp(ast_sorcery_object_get_id(object_left), right_key, strlen(right_key));
data/asterisk-16.15.0~dfsg/res/res_pjsip/location.c:533:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(contact_uri) > pjsip_max_url_size - 1) {
data/asterisk-16.15.0~dfsg/res/res_pjsip/location.c:578:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		max_length -= strlen("_sips.tcp.");
data/asterisk-16.15.0~dfsg/res/res_pjsip/location.c:581:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(host) > max_length) {
data/asterisk-16.15.0~dfsg/res/res_pjsip/location.c:605:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		char contact_id[strlen(aor_id) + sizeof(hash) + 2];
data/asterisk-16.15.0~dfsg/res/res_pjsip/location.c:744:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		wrapper->contact_id = ast_malloc(strlen(aor_id) + strlen(contact->uri) + 2);
data/asterisk-16.15.0~dfsg/res/res_pjsip/location.c:744:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		wrapper->contact_id = ast_malloc(strlen(aor_id) + strlen(contact->uri) + 2);
data/asterisk-16.15.0~dfsg/res/res_pjsip/location.c:937:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncmp(left_wrapper->contact_id, right_key, strlen(right_key));
data/asterisk-16.15.0~dfsg/res/res_pjsip/location.c:964:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strncmp(left_wrapper->contact_id, right_key, strlen(right_key)) == 0) {
data/asterisk-16.15.0~dfsg/res/res_pjsip/location.c:1008:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	wrapper->contact_id = ast_malloc(strlen(contact->aor) + strlen(contact->uri) + 2);
data/asterisk-16.15.0~dfsg/res/res_pjsip/location.c:1008:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	wrapper->contact_id = ast_malloc(strlen(contact->aor) + strlen(contact->uri) + 2);
data/asterisk-16.15.0~dfsg/res/res_pjsip/location.c:1114:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	const char *hash_start = contact_id + strlen(contact->aor) + 2;
data/asterisk-16.15.0~dfsg/res/res_pjsip/location.c:1123:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	flexwidth = CLI_LAST_TABSTOP - indent - 9 - strlen(contact->aor) + 1;
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_cli.c:57:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			width = strlen(i->name);
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_cli.c:61:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			width = strlen(i->value);
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_cli.c:89:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_cli.c:141:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int l = strlen(cmd2);
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_cli.c:146:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ast_copy_string(formatter_type, cmd2, strlen(cmd2));
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_cli.c:254:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncmp(left_obj->name, right_key, strlen(right_key));
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_cli.c:281:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strncmp(left_obj->name, right_key, strlen(right_key)) == 0) {
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_configuration.c:635:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size += name ? strlen(name) : 0;
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_configuration.c:636:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size += number ? strlen(number) : 0;
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_configuration.c:820:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int size = strlen(front);
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_configuration.c:1721:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		print_name_len = strlen(id) + strlen(number) + 2;
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_configuration.c:1721:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		print_name_len = strlen(id) + strlen(number) + 2;
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_distributor.c:92:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			tdata_name = pj_pool_alloc(tdata->pool, strlen(name) + 1);
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_distributor.c:783:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				unid = ao2_alloc_options(sizeof(*unid) + strlen(rdata->pkt_info.src_name) + 1,
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_distributor.c:993:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncmp(object_left->src_name, right_key, strlen(right_key));
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_distributor.c:1019:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strncmp(object_left->src_name, right_key, strlen(right_key)) == 0) {
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_options.c:359:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t size = sizeof(*contact_status) + strlen(name) + 1;
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_options.c:595:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		aor_status = ao2_alloc_options(sizeof(*aor_status) + strlen(name) + 1, NULL,
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_options.c:968:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	aor_options = ao2_alloc_options(sizeof(*aor_options) + strlen(ast_sorcery_object_get_id(aor)) + 1,
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_options.c:1285:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size_t prefix_len = strlen(ast_sorcery_object_get_id(aor)) + sizeof(";@") - 1;
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_options.c:1485:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		+ strlen(ast_sorcery_object_get_id(endpoint)) + 1,
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_scheduler.c:427:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	schtd = ao2_alloc((sizeof(*schtd) + (!ast_strlen_zero(name) ? strlen(name) : ID_LEN) + 1),
data/asterisk-16.15.0~dfsg/res/res_pjsip/pjsip_transport_management.c:303:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncmp(object_left->transport->obj_name, right_key, strlen(right_key));
data/asterisk-16.15.0~dfsg/res/res_pjsip/presence_xml.c:41:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(output, copy, remaining);
data/asterisk-16.15.0~dfsg/res/res_pjsip/presence_xml.c:48:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		remaining = len - strlen(output) - 1;
data/asterisk-16.15.0~dfsg/res/res_pjsip/presence_xml.c:52:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
			strncat(output, "&lt;", remaining);
data/asterisk-16.15.0~dfsg/res/res_pjsip/presence_xml.c:55:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
			strncat(output, "&gt;", remaining);
data/asterisk-16.15.0~dfsg/res/res_pjsip/presence_xml.c:58:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
			strncat(output, "&quot;", remaining);
data/asterisk-16.15.0~dfsg/res/res_pjsip/presence_xml.c:61:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
			strncat(output, "&amp;", remaining);
data/asterisk-16.15.0~dfsg/res/res_pjsip/presence_xml.c:64:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
			strncat(output, "&apos;", remaining);
data/asterisk-16.15.0~dfsg/res/res_pjsip/presence_xml.c:67:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
			strncat(output, "&#13;", remaining);
data/asterisk-16.15.0~dfsg/res/res_pjsip/presence_xml.c:70:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
			strncat(output, "&#10;", remaining);
data/asterisk-16.15.0~dfsg/res/res_pjsip/presence_xml.c:75:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		remaining = len - strlen(output) - 1;
data/asterisk-16.15.0~dfsg/res/res_pjsip/presence_xml.c:80:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(output, copy, remaining);
data/asterisk-16.15.0~dfsg/res/res_pjsip_caller_id.c:440:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int name_buf_len = strlen(id->name.str) * 2 + 1;
data/asterisk-16.15.0~dfsg/res/res_pjsip_config_wizard.c:392:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int plen = strlen(prefix);
data/asterisk-16.15.0~dfsg/res/res_pjsip_config_wizard.c:395:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (ast_begins_with(v->name, prefix) && strlen(v->name) > plen) {
data/asterisk-16.15.0~dfsg/res/res_pjsip_config_wizard.c:453:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		data[strlen(data) - 1] = '\0';
data/asterisk-16.15.0~dfsg/res/res_pjsip_config_wizard.c:489:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	hint_device = ast_alloca(strlen("PJSIP/") + strlen(id) + 1);
data/asterisk-16.15.0~dfsg/res/res_pjsip_config_wizard.c:489:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	hint_device = ast_alloca(strlen("PJSIP/") + strlen(id) + 1);
data/asterisk-16.15.0~dfsg/res/res_pjsip_config_wizard.c:539:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char new_id[strlen(id) + MAX_ID_SUFFIX];
data/asterisk-16.15.0~dfsg/res/res_pjsip_config_wizard.c:540:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char prefix[strlen(direction) + strlen("_auth/") + 1];
data/asterisk-16.15.0~dfsg/res/res_pjsip_config_wizard.c:540:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char prefix[strlen(direction) + strlen("_auth/") + 1];
data/asterisk-16.15.0~dfsg/res/res_pjsip_config_wizard.c:672:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char new_id[strlen(id) + MAX_ID_SUFFIX];
data/asterisk-16.15.0~dfsg/res/res_pjsip_config_wizard.c:737:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char new_id[strlen(id) + MAX_ID_SUFFIX];
data/asterisk-16.15.0~dfsg/res/res_pjsip_config_wizard.c:768:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			char host[strlen(rhost) + 1];
data/asterisk-16.15.0~dfsg/res/res_pjsip_config_wizard.c:801:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char new_id[strlen(id) + MAX_ID_SUFFIX];
data/asterisk-16.15.0~dfsg/res/res_pjsip_config_wizard.c:865:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char new_id[strlen(id) + MAX_ID_SUFFIX];
data/asterisk-16.15.0~dfsg/res/res_pjsip_config_wizard.c:1175:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		otw = ast_malloc(sizeof(*otw) + strlen(object_type) + 1);
data/asterisk-16.15.0~dfsg/res/res_pjsip_diversion.c:529:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	reason_buf = pj_pool_alloc(tdata->pool, strlen(reason_str) + 3);
data/asterisk-16.15.0~dfsg/res/res_pjsip_endpoint_identifier_ip.c:498:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(c_value);
data/asterisk-16.15.0~dfsg/res/res_pjsip_exten_state.c:873:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	name_size = strlen(name) + 1;
data/asterisk-16.15.0~dfsg/res/res_pjsip_exten_state.c:874:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	body_type_size = strlen(body_type) + 1;
data/asterisk-16.15.0~dfsg/res/res_pjsip_exten_state.c:875:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	body_subtype_size = strlen(body_subtype) + 1;
data/asterisk-16.15.0~dfsg/res/res_pjsip_header_funcs.c:292:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	plen = strlen(p);
data/asterisk-16.15.0~dfsg/res/res_pjsip_header_funcs.c:401:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t len = strlen(data->header_name);
data/asterisk-16.15.0~dfsg/res/res_pjsip_history.c:557:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		token = ast_calloc(1, sizeof(*token) + strlen((const char *)value) + 1);
data/asterisk-16.15.0~dfsg/res/res_pjsip_history.c:875:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (token[0] == ')' || token[strlen(token) - 1] == ')') {
data/asterisk-16.15.0~dfsg/res/res_pjsip_history.c:877:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (token[strlen(token) - 1] == ')') {
data/asterisk-16.15.0~dfsg/res/res_pjsip_history.c:878:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				token[strlen(token) - 1] = '\0';
data/asterisk-16.15.0~dfsg/res/res_pjsip_messaging.c:231:74:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	parsed_name_addr = (pjsip_name_addr *) pjsip_parse_uri(tdata->pool, to, strlen(to),
data/asterisk-16.15.0~dfsg/res/res_pjsip_messaging.c:269:3:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strlen(from), PJSIP_PARSE_URI_AS_NAMEADDR);
data/asterisk-16.15.0~dfsg/res/res_pjsip_messaging.c:467:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	count = strlen(scheme);
data/asterisk-16.15.0~dfsg/res/res_pjsip_messaging.c:649:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			ast_strdupa(content_type), strlen(content_type),
data/asterisk-16.15.0~dfsg/res/res_pjsip_mwi.c:149:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	mwi_stasis_sub = ao2_alloc(sizeof(*mwi_stasis_sub) + strlen(mailbox), NULL);
data/asterisk-16.15.0~dfsg/res/res_pjsip_mwi.c:211:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncmp(sub_left->mailbox, right_key, strlen(right_key));
data/asterisk-16.15.0~dfsg/res/res_pjsip_mwi.c:241:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	sub = ao2_alloc(sizeof(*sub) + strlen(endpoint_id),
data/asterisk-16.15.0~dfsg/res/res_pjsip_mwi.c:318:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncmp(sub_left->id, right_key, strlen(right_key));
data/asterisk-16.15.0~dfsg/res/res_pjsip_nat.c:350:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy(host_port, x_orig_host->value.ptr, x_orig_host->value.slen);
data/asterisk-16.15.0~dfsg/res/res_pjsip_notify.c:160:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int category_size = strlen(category) + 1;
data/asterisk-16.15.0~dfsg/res/res_pjsip_notify.c:191:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int name_size = strlen(var->name) + 1;
data/asterisk-16.15.0~dfsg/res/res_pjsip_notify.c:192:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int value_size = strlen(var->value) + 1;
data/asterisk-16.15.0~dfsg/res/res_pjsip_notify.c:915:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/res/res_pjsip_notify.c:950:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/res/res_pjsip_notify.c:973:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/res/res_pjsip_outbound_publish.c:810:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		type_len = strlen(body->type) + 1;
data/asterisk-16.15.0~dfsg/res/res_pjsip_outbound_publish.c:811:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		subtype_len = strlen(body->subtype) + 1;
data/asterisk-16.15.0~dfsg/res/res_pjsip_outbound_publish.c:812:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		body_text_len = strlen(body->body_text) + 1;
data/asterisk-16.15.0~dfsg/res/res_pjsip_outbound_publish.c:963:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			(char*)publish->outbound_proxy, strlen(publish->outbound_proxy), NULL))) {
data/asterisk-16.15.0~dfsg/res/res_pjsip_outbound_publish.c:1037:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	publisher = ao2_alloc(sizeof(*publisher) + (user ? strlen(user) : 0) + 1,
data/asterisk-16.15.0~dfsg/res/res_pjsip_outbound_publish.c:1400:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        cmp = strncmp(object_left->uid, right_key, strlen(right_key));
data/asterisk-16.15.0~dfsg/res/res_pjsip_outbound_publish.c:1426:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ao2_alloc(sizeof(*state) + strlen(id) + 1, sip_outbound_publish_state_destroy);
data/asterisk-16.15.0~dfsg/res/res_pjsip_outbound_registration.c:894:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	monitor = ao2_alloc_options(strlen(registration_name) + 1, NULL,
data/asterisk-16.15.0~dfsg/res/res_pjsip_outbound_registration.c:1693:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/res/res_pjsip_outbound_registration.c:2066:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		(int) (REGISTRATION_URI_FIELD_LEN - strlen(id)),
data/asterisk-16.15.0~dfsg/res/res_pjsip_outbound_registration.c:2067:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		(int) (REGISTRATION_URI_FIELD_LEN - strlen(id)),
data/asterisk-16.15.0~dfsg/res/res_pjsip_path.c:77:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!id && !(id = ast_str_create(strlen(username) + sip_uri->host.slen + 2))) {
data/asterisk-16.15.0~dfsg/res/res_pjsip_pidf_eyebeam_body_supplement.c:59:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size_t str_size = sizeof("rpid:") + strlen(pidfstate);
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:938:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	node = ast_calloc(1, sizeof(*node) + strlen(resource) + 1);
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:1239:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	sub = ast_calloc(1, sizeof(*sub) + strlen(resource) + 1);
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:2943:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		char *name = ast_alloca(strlen("->/ ") +
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:2944:4:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strlen(ind->sub_tree->persistence->endpoint) +
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:2945:4:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strlen(ind->sub_tree->root->resource) +
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:2946:4:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strlen(ind->sub_tree->root->handler->event_name) +
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:3150:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t resource_len = strlen(resource) + 1, event_configuration_name_len = strlen(event_configuration_name) + 1;
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:3150:77:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t resource_len = strlen(resource) + 1, event_configuration_name_len = strlen(event_configuration_name) + 1;
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:3458:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	accept_len = strlen(generator->type) + strlen(generator->subtype) + 1;
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:3458:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	accept_len = strlen(generator->type) + strlen(generator->subtype) + 1;
data/asterisk-16.15.0~dfsg/res/res_pjsip_pubsub.c:4214:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	cli.wordlen = strlen(a->word);
data/asterisk-16.15.0~dfsg/res/res_pjsip_registrar.c:131:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	contact_uri = pjsip_parse_uri(details->pool, (char*)contact->uri, strlen(contact->uri), 0);
data/asterisk-16.15.0~dfsg/res/res_pjsip_registrar.c:426:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	aor_size = aor_name ? strlen(aor_name) : 0;
data/asterisk-16.15.0~dfsg/res/res_pjsip_registrar.c:429:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size_t contact_name_len = strlen(contact_name) + 1;
data/asterisk-16.15.0~dfsg/res/res_pjsip_registrar.c:791:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				contact_name_len = strlen(contact_name) + 1;
data/asterisk-16.15.0~dfsg/res/res_pjsip_registrar.c:792:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				monitor = ao2_alloc(sizeof(*monitor) + 1 + strlen(aor_name)
data/asterisk-16.15.0~dfsg/res/res_pjsip_registrar.c:796:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					monitor->contact_name = monitor->aor_name + strlen(aor_name) + 1;
data/asterisk-16.15.0~dfsg/res/res_pjsip_registrar.c:974:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	id_domain = ast_alloca(strlen(username) + strlen(domain) + 2);
data/asterisk-16.15.0~dfsg/res/res_pjsip_registrar.c:974:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	id_domain = ast_alloca(strlen(username) + strlen(domain) + 2);
data/asterisk-16.15.0~dfsg/res/res_pjsip_registrar.c:990:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		char *id_domain_alias = ast_alloca(strlen(username) + strlen(alias->domain) + 2);
data/asterisk-16.15.0~dfsg/res/res_pjsip_registrar.c:990:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		char *id_domain_alias = ast_alloca(strlen(username) + strlen(alias->domain) + 2);
data/asterisk-16.15.0~dfsg/res/res_pjsip_sdp_rtp.c:766:7:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
		if (sscanf(attr_value, "%32s %30u %31s %30u %46s %30u typ %5s %*s %23s %*s %30u", foundation, &candidate.id, transport,
data/asterisk-16.15.0~dfsg/res/res_pjsip_sdp_rtp.c:980:8:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
			if (sscanf(fingerprint_text, "%31s %255s", hash, hash_value) == 2) {
data/asterisk-16.15.0~dfsg/res/res_pjsip_sdp_rtp.c:1332:8:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
		if ((sscanf(attr_value, "%30d%9s", &id, direction_str) < 1) || (id < 1)) {
data/asterisk-16.15.0~dfsg/res/res_pjsip_session.c:159:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	handler_list = ao2_alloc(sizeof(*handler_list) + strlen(stream_type), NULL);
data/asterisk-16.15.0~dfsg/res/res_pjsip_session.c:3746:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		!strncmp(session->exten, pickupexten, strlen(session->exten)) ||
data/asterisk-16.15.0~dfsg/res/res_pjsip_session.c:5338:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		char forward[8 + strlen(ast_sorcery_object_get_id(session->endpoint)) + PJSIP_MAX_URL_SIZE];
data/asterisk-16.15.0~dfsg/res/res_pjsip_stir_shaken.c:195:2:  [1] (buffer) mismatch:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
	mismatch |= compare_caller_id(caller_id, payload);
data/asterisk-16.15.0~dfsg/res/res_pjsip_stir_shaken.c:196:2:  [1] (buffer) mismatch:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
	mismatch |= compare_timestamp(payload);
data/asterisk-16.15.0~dfsg/res/res_pjsip_stir_shaken.c:198:6:  [1] (buffer) mismatch:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
	if (mismatch) {
data/asterisk-16.15.0~dfsg/res/res_pjsip_stir_shaken.c:269:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	combined_size = strlen(encoded_header) + 1 + strlen(encoded_payload) + 1
data/asterisk-16.15.0~dfsg/res/res_pjsip_stir_shaken.c:269:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	combined_size = strlen(encoded_header) + 1 + strlen(encoded_payload) + 1
data/asterisk-16.15.0~dfsg/res/res_pjsip_stir_shaken.c:270:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		+ strlen(signature) + strlen(";info=<>alg=;ppt=") + strlen(public_key_url)
data/asterisk-16.15.0~dfsg/res/res_pjsip_stir_shaken.c:270:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		+ strlen(signature) + strlen(";info=<>alg=;ppt=") + strlen(public_key_url)
data/asterisk-16.15.0~dfsg/res/res_pjsip_stir_shaken.c:270:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		+ strlen(signature) + strlen(";info=<>alg=;ppt=") + strlen(public_key_url)
data/asterisk-16.15.0~dfsg/res/res_pjsip_stir_shaken.c:271:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		+ strlen(STIR_SHAKEN_ENCRYPTION_ALGORITHM) + strlen(STIR_SHAKEN_PPT) + 1;
data/asterisk-16.15.0~dfsg/res/res_pjsip_stir_shaken.c:271:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		+ strlen(STIR_SHAKEN_ENCRYPTION_ALGORITHM) + strlen(STIR_SHAKEN_PPT) + 1;
data/asterisk-16.15.0~dfsg/res/res_pjsip_transport_websocket.c:212:3:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strlen(newtransport->transport.type_name) + strlen(ws_addr_str) + sizeof(" to "));
data/asterisk-16.15.0~dfsg/res/res_pjsip_transport_websocket.c:212:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strlen(newtransport->transport.type_name) + strlen(ws_addr_str) + sizeof(" to "));
data/asterisk-16.15.0~dfsg/res/res_pjsip_xpidf_body_generator.c:77:4:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strlen(sanitized) + STR_ADDR_PARAM.slen);
data/asterisk-16.15.0~dfsg/res/res_rtp_multicast.c:147:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			+ strlen(type)
data/asterisk-16.15.0~dfsg/res/res_rtp_multicast.c:148:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			+ strlen(S_OR(options, "")) + 2);
data/asterisk-16.15.0~dfsg/res/res_rtp_multicast.c:158:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	pos += strlen(type) + 1;
data/asterisk-16.15.0~dfsg/res/res_smdi.c:451:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy(md_msg.mesg_desk_term, search_key, SMDI_MESG_DESK_TERM_LEN);
data/asterisk-16.15.0~dfsg/res/res_smdi.c:456:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy(md_msg.mesg_desk_num, search_key, SMDI_MESG_DESK_NUM_LEN);
data/asterisk-16.15.0~dfsg/res/res_smdi.c:596:14:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	while ((c = fgetc(iface->file))) {
data/asterisk-16.15.0~dfsg/res/res_smdi.c:619:9:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
				c = fgetc(iface->file);
data/asterisk-16.15.0~dfsg/res/res_smdi.c:635:9:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
				c = fgetc(iface->file);
data/asterisk-16.15.0~dfsg/res/res_smdi.c:650:8:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			c = fgetc(iface->file);
data/asterisk-16.15.0~dfsg/res/res_smdi.c:663:14:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
				if ((c = fgetc(iface->file)) == ' ') {
data/asterisk-16.15.0~dfsg/res/res_smdi.c:691:23:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
				if (!isdigit((c = fgetc(iface->file)))) {
data/asterisk-16.15.0~dfsg/res/res_smdi.c:736:4:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			fgetc(iface->file);
data/asterisk-16.15.0~dfsg/res/res_smdi.c:741:14:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
				if ((c = fgetc(iface->file)) == ' ') {
data/asterisk-16.15.0~dfsg/res/res_smdi.c:761:9:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
				c = fgetc(iface->file);
data/asterisk-16.15.0~dfsg/res/res_sorcery_astdb.c:71:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char family[strlen(prefix) + strlen(ast_sorcery_object_get_type(object)) + 2];
data/asterisk-16.15.0~dfsg/res/res_sorcery_astdb.c:71:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char family[strlen(prefix) + strlen(ast_sorcery_object_get_type(object)) + 2];
data/asterisk-16.15.0~dfsg/res/res_sorcery_astdb.c:138:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char family[strlen(prefix) + strlen(type) + 2];
data/asterisk-16.15.0~dfsg/res/res_sorcery_astdb.c:138:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char family[strlen(prefix) + strlen(type) + 2];
data/asterisk-16.15.0~dfsg/res/res_sorcery_astdb.c:149:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		const char *key = entry->key + strlen(family) + 2;
data/asterisk-16.15.0~dfsg/res/res_sorcery_astdb.c:194:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char family[strlen(prefix) + strlen(type) + 2];
data/asterisk-16.15.0~dfsg/res/res_sorcery_astdb.c:194:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char family[strlen(prefix) + strlen(type) + 2];
data/asterisk-16.15.0~dfsg/res/res_sorcery_astdb.c:281:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char family[strlen(prefix) + strlen(type) + 2];
data/asterisk-16.15.0~dfsg/res/res_sorcery_astdb.c:281:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char family[strlen(prefix) + strlen(type) + 2];
data/asterisk-16.15.0~dfsg/res/res_sorcery_astdb.c:282:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char tree[strlen(regex) + 1];
data/asterisk-16.15.0~dfsg/res/res_sorcery_astdb.c:309:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		const char *key = entry->key + strlen(family) + 2;
data/asterisk-16.15.0~dfsg/res/res_sorcery_astdb.c:335:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t family_len = strlen(family_prefix) + strlen(type) + 1; /* +1 for slash delimiter */
data/asterisk-16.15.0~dfsg/res/res_sorcery_astdb.c:335:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t family_len = strlen(family_prefix) + strlen(type) + 1; /* +1 for slash delimiter */
data/asterisk-16.15.0~dfsg/res/res_sorcery_astdb.c:371:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char family[strlen(prefix) + strlen(ast_sorcery_object_get_type(object)) + 2], value[2];
data/asterisk-16.15.0~dfsg/res/res_sorcery_astdb.c:371:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char family[strlen(prefix) + strlen(ast_sorcery_object_get_type(object)) + 2], value[2];
data/asterisk-16.15.0~dfsg/res/res_sorcery_astdb.c:387:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char family[strlen(prefix) + strlen(ast_sorcery_object_get_type(object)) + 2];
data/asterisk-16.15.0~dfsg/res/res_sorcery_astdb.c:387:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char family[strlen(prefix) + strlen(ast_sorcery_object_get_type(object)) + 2];
data/asterisk-16.15.0~dfsg/res/res_sorcery_config.c:464:82:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (ast_strlen_zero(filename) || !(config = ao2_alloc_options(sizeof(*config) + strlen(filename) + 1, sorcery_config_destructor, AO2_ALLOC_OPT_LOCK_NOLOCK))) {
data/asterisk-16.15.0~dfsg/res/res_sorcery_memory_cache.c:345:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncmp(left->name, right_name, strlen(right_name));
data/asterisk-16.15.0~dfsg/res/res_sorcery_memory_cache.c:410:70:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncmp(ast_sorcery_object_get_id(left->object), right_name, strlen(right_name));
data/asterisk-16.15.0~dfsg/res/res_sorcery_memory_cache.c:1656:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/res/res_sorcery_memory_cache.c:1830:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/res/res_sorcery_memory_cache.c:2827:2:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
	usleep(1000);
data/asterisk-16.15.0~dfsg/res/res_sorcery_memory_cache.c:2838:2:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
	usleep(1000);
data/asterisk-16.15.0~dfsg/res/res_sorcery_memory_cache.c:2848:2:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
	usleep(1000);
data/asterisk-16.15.0~dfsg/res/res_sorcery_memory_cache.c:2858:2:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
	usleep(1000);
data/asterisk-16.15.0~dfsg/res/res_sorcery_realtime.c:201:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		char field[strlen(UUID_FIELD) + 6], value[2];
data/asterisk-16.15.0~dfsg/res/res_sorcery_realtime.c:248:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char field[strlen(UUID_FIELD) + 6], value[strlen(regex) + 3];
data/asterisk-16.15.0~dfsg/res/res_sorcery_realtime.c:248:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char field[strlen(UUID_FIELD) + 6], value[strlen(regex) + 3];
data/asterisk-16.15.0~dfsg/res/res_sorcery_realtime.c:271:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char field[strlen(UUID_FIELD) + 6], value[prefix_len + 2];
data/asterisk-16.15.0~dfsg/res/res_sorcery_realtime.c:323:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	config = ast_calloc(1, sizeof(*config) + strlen(family) + 1);
data/asterisk-16.15.0~dfsg/res/res_srtp.c:673:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ast_debug(1 , "local_key64 %s len %zu\n", p->local_key64, strlen(p->local_key64));
data/asterisk-16.15.0~dfsg/res/res_stasis.c:227:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncmp(stasis_app_name(object_left), right_key, strlen(right_key));
data/asterisk-16.15.0~dfsg/res/res_stasis.c:289:76:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncmp(stasis_app_control_get_channel_id(object_left), right_key, strlen(right_key));
data/asterisk-16.15.0~dfsg/res/res_stasis.c:397:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncmp(object_left->uniqueid, right_key, strlen(right_key));
data/asterisk-16.15.0~dfsg/res/res_stasis.c:443:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			cmp = strncmp(object_left->bridge_id, right_key, strlen(right_key));
data/asterisk-16.15.0~dfsg/res/res_stasis.c:498:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncmp(left->bridge_id, right_key, strlen(right_key));
data/asterisk-16.15.0~dfsg/res/res_stasis.c:2028:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!ast_strlen_zero(uri + strlen(event_source->scheme)) &&
data/asterisk-16.15.0~dfsg/res/res_stasis.c:2029:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    (!event_source->find || (!(obj = event_source->find(app, uri + strlen(event_source->scheme)))))) {
data/asterisk-16.15.0~dfsg/res/res_stasis.c:2069:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	const char *id = uri + strlen(event_source->scheme);
data/asterisk-16.15.0~dfsg/res/res_stasis_device_state.c:123:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size = strlen(device_name) + strlen(app_name) + 2;
data/asterisk-16.15.0~dfsg/res/res_stasis_device_state.c:123:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size = strlen(device_name) + strlen(app_name) + 2;
data/asterisk-16.15.0~dfsg/res/res_stasis_device_state.c:214:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t size = strlen(DEVICE_STATE_SCHEME_STASIS);
data/asterisk-16.15.0~dfsg/res/res_stasis_device_state.c:247:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t size = strlen(DEVICE_STATE_SCHEME_STASIS);
data/asterisk-16.15.0~dfsg/res/res_stasis_playback.c:324:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			res = ast_control_streamfile_lang(chan, playback->media + strlen(SOUND_URI_SCHEME),
data/asterisk-16.15.0~dfsg/res/res_stasis_playback.c:332:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				playback->media + strlen(RECORDING_URI_SCHEME);
data/asterisk-16.15.0~dfsg/res/res_stasis_playback.c:349:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (sscanf(playback->media + strlen(NUMBER_URI_SCHEME), "%30d", &number) != 1) {
data/asterisk-16.15.0~dfsg/res/res_stasis_playback.c:351:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					playback->media + strlen(NUMBER_URI_SCHEME), ast_channel_name(chan));
data/asterisk-16.15.0~dfsg/res/res_stasis_playback.c:357:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			res = ast_say_digit_str(chan, playback->media + strlen(DIGITS_URI_SCHEME),
data/asterisk-16.15.0~dfsg/res/res_stasis_playback.c:360:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			res = ast_say_character_str(chan, playback->media + strlen(CHARACTERS_URI_SCHEME),
data/asterisk-16.15.0~dfsg/res/res_stasis_playback.c:364:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			res = ast_control_tone(chan, playback->media + strlen(TONE_URI_SCHEME));
data/asterisk-16.15.0~dfsg/res/res_stasis_playback.c:492:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		media_uri = ast_malloc(strlen(media[i]) + 1);
data/asterisk-16.15.0~dfsg/res/res_stir_shaken.c:376:8:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
			if (equal && !ast_str_to_uint(equal + 1, &max_age)) {
data/asterisk-16.15.0~dfsg/res/res_stir_shaken.c:521:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ret = EVP_DigestVerifyUpdate(mdctx, (unsigned char *)msg, strlen(msg));
data/asterisk-16.15.0~dfsg/res/res_stir_shaken.c:530:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	signature_length = strlen(signature);
data/asterisk-16.15.0~dfsg/res/res_stir_shaken.c:733:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	combined_size = strlen(header) + strlen(payload) + 2;
data/asterisk-16.15.0~dfsg/res/res_stir_shaken.c:733:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	combined_size = strlen(header) + strlen(payload) + 2;
data/asterisk-16.15.0~dfsg/res/res_stir_shaken.c:911:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ret = EVP_DigestSignUpdate(mdctx, json_str, strlen(json_str));
data/asterisk-16.15.0~dfsg/res/res_stir_shaken.c:1103:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	msg_len = strlen(header) + strlen(payload) + 2;
data/asterisk-16.15.0~dfsg/res/res_stir_shaken.c:1103:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	msg_len = strlen(header) + strlen(payload) + 2;
data/asterisk-16.15.0~dfsg/res/res_stir_shaken/stir_shaken.c:70:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int wordlen = strlen(word);
data/asterisk-16.15.0~dfsg/res/res_timing_dahdi.c:206:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
		usleep(100);
data/asterisk-16.15.0~dfsg/res/res_timing_pthread.c:368:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	res = read(timer->pipe[PIPE_READ], &buffer, sizeof(buffer));
data/asterisk-16.15.0~dfsg/res/res_timing_timerfd.c:152:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		read_result = read(timer->fd, &expirations, sizeof(expirations));
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:1047:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	for (i = strlen(mid) - 1; i >= 0; i--) {
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:1149:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		iks_insert_cdata(iks_insert(field_node_type, "value"), node_type, strlen(node_type));
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:1169:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				 strlen(collection_name));
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:1309:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	iks_insert_cdata(iks_insert(mailbox_node, "NEWMSGS"), newmsgs, strlen(newmsgs));
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:1310:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	iks_insert_cdata(iks_insert(mailbox_node, "OLDMSGS"), oldmsgs, strlen(oldmsgs));
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:1349:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	iks_insert_cdata(state, device_state, strlen(device_state));
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:2052:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (jid.argc < 1 || jid.argc > 2 || strlen(args.jid) > XMPP_MAX_JIDLEN) {
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:2067:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	jidlen = strlen(jid.screenname);
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:2068:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	resourcelen = ast_strlen_zero(jid.resource) ? 0 : strlen(jid.resource);
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:2116:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (!resource || strlen(resource) == 0) {
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:2191:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (!from || !strncasecmp(from, message->from, strlen(from))) {
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:2198:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (!from || !strncasecmp(from, message->from, strlen(from))) {
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:2412:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	iks_insert_cdata(priority, priorityS, strlen(priorityS));
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:2585:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int len = strlen(message);
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:2610:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char msg[91 + strlen(namespace) + 6 + strlen(to) + 16 + 1];
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:2610:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char msg[91 + strlen(namespace) + 6 + strlen(to) + 16 + 1];
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:2779:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int features, len = strlen(client->jid->user) + strlen(cfg->password) + 3;
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:2779:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int features, len = strlen(client->jid->user) + strlen(cfg->password) + 3;
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:3572:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		snprintf(attr, strlen("xmlns:") + (strlen(node_name) - strlen(aux)), "xmlns:%s", node_name);
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:3572:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		snprintf(attr, strlen("xmlns:") + (strlen(node_name) - strlen(aux)), "xmlns:%s", node_name);
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:3572:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		snprintf(attr, strlen("xmlns:") + (strlen(node_name) - strlen(aux)), "xmlns:%s", node_name);
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:3973:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			char resource[strlen(cfg->user) + strlen("/asterisk-xmpp") + 1];
data/asterisk-16.15.0~dfsg/res/res_xmpp.c:3973:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			char resource[strlen(cfg->user) + strlen("/asterisk-xmpp") + 1];
data/asterisk-16.15.0~dfsg/res/snmp/agent.c:281:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			*var_len = strlen(string_ret);
data/asterisk-16.15.0~dfsg/res/snmp/agent.c:288:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			*var_len = strlen(string_ret);
data/asterisk-16.15.0~dfsg/res/snmp/agent.c:294:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		*var_len = strlen(string_ret);
data/asterisk-16.15.0~dfsg/res/snmp/agent.c:300:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			*var_len = strlen(string_ret);
data/asterisk-16.15.0~dfsg/res/snmp/agent.c:313:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			*var_len = strlen(string_ret);
data/asterisk-16.15.0~dfsg/res/snmp/agent.c:321:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			*var_len = strlen(string_ret);
data/asterisk-16.15.0~dfsg/res/snmp/agent.c:328:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			*var_len = strlen(string_ret);
data/asterisk-16.15.0~dfsg/res/snmp/agent.c:342:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			*var_len = strlen(string_ret);
data/asterisk-16.15.0~dfsg/res/snmp/agent.c:349:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			*var_len = strlen(string_ret);
data/asterisk-16.15.0~dfsg/res/snmp/agent.c:355:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		*var_len = strlen(string_ret);
data/asterisk-16.15.0~dfsg/res/snmp/agent.c:360:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		*var_len = strlen(string_ret);
data/asterisk-16.15.0~dfsg/res/snmp/agent.c:365:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		*var_len = strlen(string_ret);
data/asterisk-16.15.0~dfsg/res/snmp/agent.c:374:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		*var_len = strlen(string_ret);
data/asterisk-16.15.0~dfsg/res/snmp/agent.c:384:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			*var_len = strlen(string_ret);
data/asterisk-16.15.0~dfsg/res/snmp/agent.c:391:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			*var_len = strlen(string_ret);
data/asterisk-16.15.0~dfsg/res/snmp/agent.c:397:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		*var_len = strlen(string_ret);
data/asterisk-16.15.0~dfsg/res/snmp/agent.c:423:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			*var_len = strlen(string_ret);
data/asterisk-16.15.0~dfsg/res/snmp/agent.c:430:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			*var_len = strlen(string_ret);
data/asterisk-16.15.0~dfsg/res/snmp/agent.c:437:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			*var_len = strlen(string_ret);
data/asterisk-16.15.0~dfsg/res/snmp/agent.c:444:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			*var_len = strlen(string_ret);
data/asterisk-16.15.0~dfsg/res/snmp/agent.c:451:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			*var_len = strlen(string_ret);
data/asterisk-16.15.0~dfsg/res/snmp/agent.c:482:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			*var_len = strlen(string_ret);
data/asterisk-16.15.0~dfsg/res/snmp/agent.c:564:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		*var_len = strlen(tech->type);
data/asterisk-16.15.0~dfsg/res/snmp/agent.c:567:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		*var_len = strlen(tech->description);
data/asterisk-16.15.0~dfsg/res/snmp/agent.c:663:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		*var_len = strlen(ast_config_AST_SOCKET);
data/asterisk-16.15.0~dfsg/res/snmp/agent.c:707:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			*var_len = strlen(ret_buf);
data/asterisk-16.15.0~dfsg/res/snmp/agent.c:754:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		*var_len = strlen(ret_buf);
data/asterisk-16.15.0~dfsg/res/snmp/agent.c:765:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		*var_len = strlen(ret_buf);
data/asterisk-16.15.0~dfsg/res/snmp/agent.c:808:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		*var_len = strlen(version);
data/asterisk-16.15.0~dfsg/res/stasis/app.c:125:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	forwards = ao2_t_alloc(sizeof(*forwards) + strlen(id) + 1, forwards_dtor, id);
data/asterisk-16.15.0~dfsg/res/stasis/app.c:289:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncmp(object_left->id, right_key, strlen(right_key));
data/asterisk-16.15.0~dfsg/res/stasis/app.c:303:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t size = strlen("stasis-") + strlen(app->name) + 1;
data/asterisk-16.15.0~dfsg/res/stasis/app.c:303:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t size = strlen("stasis-") + strlen(app->name) + 1;
data/asterisk-16.15.0~dfsg/res/stasis/app.c:960:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t context_size = strlen("stasis-") + strlen(name) + 1;
data/asterisk-16.15.0~dfsg/res/stasis/app.c:960:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t context_size = strlen("stasis-") + strlen(name) + 1;
data/asterisk-16.15.0~dfsg/res/stasis/app.c:970:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size = sizeof(*app) + strlen(name) + 1;
data/asterisk-16.15.0~dfsg/res/stasis/app.c:1044:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(app->name, name, size - sizeof(*app));
data/asterisk-16.15.0~dfsg/res/stasis/control.c:456:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size = sizeof(*move_data) + strlen(app_name) + 1;
data/asterisk-16.15.0~dfsg/res/stasis/control.c:459:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size += strlen(app_args) + 1;
data/asterisk-16.15.0~dfsg/res/stasis/control.c:470:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		move_data->app_args = move_data->app_name + strlen(app_name) + 1;
data/asterisk-16.15.0~dfsg/res/stasis/control.c:524:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
		usleep(dtmf_data->before * 1000);
data/asterisk-16.15.0~dfsg/res/stasis/control.c:530:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
		usleep(dtmf_data->after * 1000);
data/asterisk-16.15.0~dfsg/res/stasis/control.c:569:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!(dtmf_data = ast_calloc(1, sizeof(*dtmf_data) + strlen(dtmf) + 1))) {
data/asterisk-16.15.0~dfsg/res/stasis/control.c:1583:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	args = ast_malloc(sizeof(*args) + strlen(dialstring) + 1);
data/asterisk-16.15.0~dfsg/res/stasis/messaging.c:92:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t size = sizeof(*tuple) + strlen(app_name) + 1;
data/asterisk-16.15.0~dfsg/res/stasis/messaging.c:126:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t size = sizeof(*sub) + strlen(token) + 1;
data/asterisk-16.15.0~dfsg/res/stasis/messaging.c:179:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncmp(object_left->token, right_key, strlen(right_key));
data/asterisk-16.15.0~dfsg/res/stasis/messaging.c:230:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    || !strncasecmp(sub->token, buf, strlen(sub->token))
data/asterisk-16.15.0~dfsg/res/stasis/messaging.c:231:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    || !strncasecmp(sub->token, buf, strlen(sub->token))) {
data/asterisk-16.15.0~dfsg/res/stasis/messaging.c:311:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    || !strncasecmp(sub->token, buf, strlen(sub->token))) {
data/asterisk-16.15.0~dfsg/res/stasis_recording/stored.c:240:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cmp = strncmp(object_left->name, right_key, strlen(right_key));
data/asterisk-16.15.0~dfsg/res/stasis_recording/stored.c:284:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		recording->file + strlen(ast_config_AST_RECORDING_DIR) + 1);
data/asterisk-16.15.0~dfsg/res/stasis_recording/stored.c:324:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int prefix_len = strlen(ast_config_AST_RECORDING_DIR);
data/asterisk-16.15.0~dfsg/res/stasis_recording/stored.c:359:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		prefix_len = strlen(real_basedir);
data/asterisk-16.15.0~dfsg/tests/test_aoc.c:95:3:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strlen(ast_str_buffer(msg)))) {
data/asterisk-16.15.0~dfsg/tests/test_aoc.c:190:3:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strlen(ast_str_buffer(msg)))) {
data/asterisk-16.15.0~dfsg/tests/test_aoc.c:231:3:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strlen(ast_str_buffer(msg)))) {
data/asterisk-16.15.0~dfsg/tests/test_aoc.c:263:3:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strlen(ast_str_buffer(msg)))) {
data/asterisk-16.15.0~dfsg/tests/test_aoc.c:294:3:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strlen(ast_str_buffer(msg)))) {
data/asterisk-16.15.0~dfsg/tests/test_astobj2_thrash.c:216:4:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
			usleep(COUNT_SLEEP_US);
data/asterisk-16.15.0~dfsg/tests/test_astobj2_weaken.c:277:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	struct weakproxy_str *weak = ao2_weakproxy_alloc(sizeof(*weak) + strlen(value) + 1, NULL);
data/asterisk-16.15.0~dfsg/tests/test_dns.c:295:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define DNS_ANSWER_SIZE strlen(DNS_ANSWER)
data/asterisk-16.15.0~dfsg/tests/test_dns_query_set.c:76:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define DNS_ANSWER_SIZE strlen(DNS_ANSWER)
data/asterisk-16.15.0~dfsg/tests/test_dns_recurring.c:81:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define DNS_ANSWER_SIZE strlen(DNS_ANSWER)
data/asterisk-16.15.0~dfsg/tests/test_file.c:122:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char *full_path = ast_alloca(strlen(dir_name) + strlen(filename) + 2);
data/asterisk-16.15.0~dfsg/tests/test_file.c:122:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char *full_path = ast_alloca(strlen(dir_name) + strlen(filename) + 2);
data/asterisk-16.15.0~dfsg/tests/test_func_file.c:298:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (fwrite(read_tests[i].contents, 1, strlen(read_tests[i].contents), fh) < strlen(read_tests[i].contents)) {
data/asterisk-16.15.0~dfsg/tests/test_func_file.c:298:79:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (fwrite(read_tests[i].contents, 1, strlen(read_tests[i].contents), fh) < strlen(read_tests[i].contents)) {
data/asterisk-16.15.0~dfsg/tests/test_func_file.c:333:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (fwrite(write_tests[i].contents, 1, strlen(write_tests[i].contents), fh) < strlen(write_tests[i].contents)) {
data/asterisk-16.15.0~dfsg/tests/test_func_file.c:333:81:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (fwrite(write_tests[i].contents, 1, strlen(write_tests[i].contents), fh) < strlen(write_tests[i].contents)) {
data/asterisk-16.15.0~dfsg/tests/test_hashtab_thrash.c:212:4:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
			usleep(1);
data/asterisk-16.15.0~dfsg/tests/test_json.c:1199:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	uut = ast_json_load_buf(str, strlen("{ \"one\": 1 }"), NULL);
data/asterisk-16.15.0~dfsg/tests/test_linkedlists.c:82:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int len = strlen(expect);
data/asterisk-16.15.0~dfsg/tests/test_linkedlists.c:92:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (len != strlen(str)) {
data/asterisk-16.15.0~dfsg/tests/test_locale.c:111:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		locallen = strlen(localformat) + 1;
data/asterisk-16.15.0~dfsg/tests/test_locale.c:112:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		namelen = strlen(dent->d_name) + 1;
data/asterisk-16.15.0~dfsg/tests/test_named_lock.c:50:2:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
	usleep(3000000);
data/asterisk-16.15.0~dfsg/tests/test_named_lock.c:92:2:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
	usleep(1000000);
data/asterisk-16.15.0~dfsg/tests/test_res_pjsip_scheduler.c:73:2:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
	usleep(M2U(test->sleep));
data/asterisk-16.15.0~dfsg/tests/test_res_pjsip_scheduler.c:214:2:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
	usleep(M2U(*sleep));
data/asterisk-16.15.0~dfsg/tests/test_res_pjsip_scheduler.c:256:2:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
	usleep(M2U(interval * 0.5));
data/asterisk-16.15.0~dfsg/tests/test_res_pjsip_scheduler.c:259:2:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
	usleep(M2U(interval * 0.6));
data/asterisk-16.15.0~dfsg/tests/test_res_pjsip_scheduler.c:262:2:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
	usleep(M2U(*sleep));
data/asterisk-16.15.0~dfsg/tests/test_res_pjsip_scheduler.c:307:2:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
	usleep(M2U(interval * 0.5));
data/asterisk-16.15.0~dfsg/tests/test_res_pjsip_scheduler.c:318:2:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
	usleep(M2U(interval));
data/asterisk-16.15.0~dfsg/tests/test_res_pjsip_scheduler.c:377:2:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
	usleep(M2U(test_data1->interval));
data/asterisk-16.15.0~dfsg/tests/test_res_pjsip_scheduler.c:389:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
		usleep(M2U(test_data1->interval * 2));
data/asterisk-16.15.0~dfsg/tests/test_sched.c:239:2:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
	usleep(50 * 1000);/* Ensure that all the immediate entries are ready to expire */
data/asterisk-16.15.0~dfsg/tests/test_sched.c:246:2:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
	usleep((DELAYED_SAME_EXPIRE + 50) * 1000);/* Ensure that all the delayed entries are ready to expire */
data/asterisk-16.15.0~dfsg/tests/test_stasis.c:129:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	data = ao2_alloc(strlen(expected) + 1, NULL);
data/asterisk-16.15.0~dfsg/tests/test_stasis.c:1847:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	data = ao2_alloc(strlen(expected) + 1, NULL);
data/asterisk-16.15.0~dfsg/tests/test_stasis.c:1880:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	data = ao2_alloc(strlen(expected_text) + 1, NULL);
data/asterisk-16.15.0~dfsg/tests/test_stasis.c:1918:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	data = ao2_alloc(strlen(expected) + 1, NULL);
data/asterisk-16.15.0~dfsg/tests/test_stasis.c:1951:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	data = ao2_alloc(strlen(expected_text) + 1, NULL);
data/asterisk-16.15.0~dfsg/tests/test_stasis.c:2213:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ao2_alloc(sizeof(*test_data) + (data ? strlen(data) : strlen("no data")) + 1, NULL);
data/asterisk-16.15.0~dfsg/tests/test_stasis.c:2213:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ao2_alloc(sizeof(*test_data) + (data ? strlen(data) : strlen("no data")) + 1, NULL);
data/asterisk-16.15.0~dfsg/tests/test_stringfields.c:112:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (AST_STRING_FIELD_ALLOCATION(test_struct.string1) != strlen("elephant") + 1) {
data/asterisk-16.15.0~dfsg/tests/test_stringfields.c:114:71:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				AST_STRING_FIELD_ALLOCATION(test_struct.string1), (unsigned long) strlen("elephant") + 1);
data/asterisk-16.15.0~dfsg/tests/test_stringfields.c:120:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (AST_STRING_FIELD_ALLOCATION(test_struct.string2) != strlen("hippopotamus") + 1) {
data/asterisk-16.15.0~dfsg/tests/test_stringfields.c:122:71:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				AST_STRING_FIELD_ALLOCATION(test_struct.string2), (unsigned long) strlen("hippopotamus") + 1);
data/asterisk-16.15.0~dfsg/tests/test_stringfields.c:147:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (AST_STRING_FIELD_ALLOCATION(test_struct.string1) != strlen("elephant") + 1) {
data/asterisk-16.15.0~dfsg/tests/test_stringfields.c:173:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (AST_STRING_FIELD_ALLOCATION(test_struct.string1) != strlen("elephant") + 1) {
data/asterisk-16.15.0~dfsg/tests/test_stringfields.c:198:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (AST_STRING_FIELD_ALLOCATION(test_struct.string1) != strlen("elephant") + 1) {
data/asterisk-16.15.0~dfsg/tests/test_stringfields.c:217:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (AST_STRING_FIELD_ALLOCATION(test_struct.string2) != strlen("hippopotamus face") + 1) {
data/asterisk-16.15.0~dfsg/tests/test_stringfields.c:219:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				(unsigned long) strlen("hippopotamus face"), AST_STRING_FIELD_ALLOCATION(test_struct.string2) + 1);
data/asterisk-16.15.0~dfsg/tests/test_stringfields.c:251:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (AST_STRING_FIELD_ALLOCATION(test_struct.string1) != strlen(LONG_STRING) + 1) {
data/asterisk-16.15.0~dfsg/tests/test_stringfields.c:253:71:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				AST_STRING_FIELD_ALLOCATION(test_struct.string1), (unsigned long) strlen(LONG_STRING) + 1);
data/asterisk-16.15.0~dfsg/tests/test_strings.c:70:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(string_limit_cat, long_string2, string_limit);
data/asterisk-16.15.0~dfsg/tests/test_substitution.c:319:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			if (acf->read && acf->read2) {
data/asterisk-16.15.0~dfsg/tests/test_taskprocessor.c:94:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
		usleep(task_data->wait_time * 1000);
data/asterisk-16.15.0~dfsg/tests/test_time.c:101:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
				usleep(1100000);
data/asterisk-16.15.0~dfsg/tests/test_utils.c:294:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ast_base64encode(tmp, (unsigned char *)tests[i].input, strlen(tests[i].input), sizeof(tmp));
data/asterisk-16.15.0~dfsg/tests/test_utils.c:473:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
	strncpy(path, "/tmp/nor_should_this", sizeof(path));
data/asterisk-16.15.0~dfsg/tests/test_utils.c:483:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
	strncpy(path, "/tmp/work", sizeof(path));
data/asterisk-16.15.0~dfsg/tests/test_uuid.c:55:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(uuid_str) != (AST_UUID_STR_LEN - 1)) {
data/asterisk-16.15.0~dfsg/tests/test_uuid.c:85:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(uuid_str) != (AST_UUID_STR_LEN - 1)) {
data/asterisk-16.15.0~dfsg/utils/ael_main.c:84:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(x->name, name, sizeof(x->name) - 1);
data/asterisk-16.15.0~dfsg/utils/ael_main.c:214:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(cp2,cp1,AST_MAX_EXTENSION); /* Right now, this routine is ONLY being called for
data/asterisk-16.15.0~dfsg/utils/ael_main.c:328:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(x->name, name, sizeof(x->name) - 1);
data/asterisk-16.15.0~dfsg/utils/ael_main.c:329:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(x->registrar, registrar, sizeof(x->registrar) - 1);
data/asterisk-16.15.0~dfsg/utils/ael_main.c:343:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(x->name, name, sizeof(x->name) - 1);
data/asterisk-16.15.0~dfsg/utils/ael_main.c:344:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(x->registrar, registrar, sizeof(x->registrar) - 1);
data/asterisk-16.15.0~dfsg/utils/ael_main.c:377:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(x->name2, data, 99);
data/asterisk-16.15.0~dfsg/utils/ael_main.c:521:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
		strcpy(config_dir, ".");
data/asterisk-16.15.0~dfsg/utils/astcanary.c:118:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (write(fd, explanation, strlen(explanation)) < 0) {
data/asterisk-16.15.0~dfsg/utils/astdb2bdb.c:54:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	key.size = strlen(values[0]) + 1;
data/asterisk-16.15.0~dfsg/utils/astdb2bdb.c:56:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	value.size = strlen(values[1]) + 1;
data/asterisk-16.15.0~dfsg/utils/astdb2sqlite3.c:209:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!(dbname = alloca(strlen(argv[1]) + sizeof(".sqlite3")))) {
data/asterisk-16.15.0~dfsg/utils/astman.c:120:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(chan->name, name, sizeof(chan->name) - 1);
data/asterisk-16.15.0~dfsg/utils/astman.c:149:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (write(fd, stuff, strlen(stuff)) < 0) {
data/asterisk-16.15.0~dfsg/utils/astman.c:160:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!strncasecmp(cmp, m->headers[x], strlen(cmp)))
data/asterisk-16.15.0~dfsg/utils/astman.c:161:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			return m->headers[x] + strlen(cmp);
data/asterisk-16.15.0~dfsg/utils/astman.c:169:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(chan->state, get_header(m, "State"), sizeof(chan->state) - 1);
data/asterisk-16.15.0~dfsg/utils/astman.c:177:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(chan->exten, get_header(m, "Extension"), sizeof(chan->exten) - 1);
data/asterisk-16.15.0~dfsg/utils/astman.c:178:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(chan->context, get_header(m, "Context"), sizeof(chan->context) - 1);
data/asterisk-16.15.0~dfsg/utils/astman.c:179:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(chan->priority, get_header(m, "Priority"), sizeof(chan->priority) - 1);
data/asterisk-16.15.0~dfsg/utils/astman.c:187:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(chan->state, get_header(m, "State"), sizeof(chan->state) - 1);
data/asterisk-16.15.0~dfsg/utils/astman.c:188:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(chan->callerid, get_header(m, "Callerid"), sizeof(chan->callerid) - 1);
data/asterisk-16.15.0~dfsg/utils/astman.c:196:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(chan->state, get_header(m, "State"), sizeof(chan->state) - 1);
data/asterisk-16.15.0~dfsg/utils/astman.c:197:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(chan->callerid, get_header(m, "Callerid"), sizeof(chan->callerid) - 1);
data/asterisk-16.15.0~dfsg/utils/astman.c:198:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(chan->exten, get_header(m, "Extension"), sizeof(chan->exten) - 1);
data/asterisk-16.15.0~dfsg/utils/astman.c:199:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(chan->context, get_header(m, "Context"), sizeof(chan->context) - 1);
data/asterisk-16.15.0~dfsg/utils/astman.c:200:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(chan->priority, get_header(m, "Priority"), sizeof(chan->priority) - 1);
data/asterisk-16.15.0~dfsg/utils/astman.c:219:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(chan->name, get_header(m, "Newname"), sizeof(chan->name) - 1);
data/asterisk-16.15.0~dfsg/utils/astman.c:253:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(event, get_header(m, "Event"), sizeof(event) - 1);
data/asterisk-16.15.0~dfsg/utils/astman.c:254:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!strlen(event)) {
data/asterisk-16.15.0~dfsg/utils/astman.c:286:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(chan->exten))
data/asterisk-16.15.0~dfsg/utils/astman.c:339:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		res = read(s->fd, s->inbuf + s->inlen, sizeof(s->inbuf) - 1 - s->inlen);
data/asterisk-16.15.0~dfsg/utils/astman.c:363:4:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			fgetc(stdin);
data/asterisk-16.15.0~dfsg/utils/astman.c:366:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(m.headers[m.hdrcount]) < 2)
data/asterisk-16.15.0~dfsg/utils/astman.c:368:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			m.headers[m.hdrcount][strlen(m.headers[m.hdrcount]) - 2] = '\0';
data/asterisk-16.15.0~dfsg/utils/astman.c:369:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (!strlen(m.headers[m.hdrcount])) {
data/asterisk-16.15.0~dfsg/utils/astman.c:370:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (mout && strlen(get_header(&m, "Response"))) {
data/asterisk-16.15.0~dfsg/utils/astman.c:422:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((res = write(s->fd, tmp, strlen(tmp))) < 0) {
data/asterisk-16.15.0~dfsg/utils/astman.c:518:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(buf, input, buflen - 1);
data/asterisk-16.15.0~dfsg/utils/astman.c:710:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				MD5Update(&md5, (unsigned char *)challenge, strlen(challenge));
data/asterisk-16.15.0~dfsg/utils/astman.c:711:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				MD5Update(&md5, (unsigned char *)pass, strlen(pass));
data/asterisk-16.15.0~dfsg/utils/check_expr.c:271:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
				strncpy(varname,cp+2, xp-cp-2);
data/asterisk-16.15.0~dfsg/utils/check_expr.c:334:15:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	while ((c1 = fgetc(f)) != EOF) {
data/asterisk-16.15.0~dfsg/utils/check_expr.c:345:18:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
				while ((c1 = fgetc(f)) != EOF) {
data/asterisk-16.15.0~dfsg/utils/conf2ael.c:381:8:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
							strcpy(timerange, "*");
data/asterisk-16.15.0~dfsg/utils/conf2ael.c:393:8:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
							strcat(timerange,"-");
data/asterisk-16.15.0~dfsg/utils/conf2ael.c:398:8:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
							strcpy(dowrange, "*");
data/asterisk-16.15.0~dfsg/utils/conf2ael.c:402:8:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
							strcat(dowrange,"-");
data/asterisk-16.15.0~dfsg/utils/conf2ael.c:407:8:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
							strcpy(monrange, "*");
data/asterisk-16.15.0~dfsg/utils/conf2ael.c:411:8:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
							strcat(monrange,"-");
data/asterisk-16.15.0~dfsg/utils/conf2ael.c:416:8:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
							strcpy(domrange, "*");
data/asterisk-16.15.0~dfsg/utils/conf2ael.c:422:8:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
							strcat(domrange,"-");
data/asterisk-16.15.0~dfsg/utils/conf2ael.c:555:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(cp2,cp1,AST_MAX_EXTENSION); /* Right now, this routine is ONLY being called for
data/asterisk-16.15.0~dfsg/utils/db1-ast/btree/bt_open.c:221:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		if ((nr = read(t->bt_fd, &m, sizeof(BTMETA))) < 0)
data/asterisk-16.15.0~dfsg/utils/db1-ast/btree/bt_open.c:401:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen (envtmp) + sizeof fmt;
data/asterisk-16.15.0~dfsg/utils/db1-ast/hash/hash.c:145:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		hdrsize = read(hashp->fp, &hashp->hdr, sizeof(HASHHDR));
data/asterisk-16.15.0~dfsg/utils/db1-ast/hash/hash_page.c:540:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	    ((rsize = read(fd, p, size)) == -1))
data/asterisk-16.15.0~dfsg/utils/db1-ast/hash/hsearch.c:79:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	key.size = strlen(item.key) + 1;
data/asterisk-16.15.0~dfsg/utils/db1-ast/hash/hsearch.c:83:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		val.size = strlen(item.data) + 1;
data/asterisk-16.15.0~dfsg/utils/db1-ast/hash/ndbm.c:67:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	const size_t len = strlen(file) + sizeof (DBM_SUFFIX);
data/asterisk-16.15.0~dfsg/utils/db1-ast/mpool/mpool.c:220:21:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	if ((u_long) (nr = read(mp->fd, bp->page, mp->pagesize))
data/asterisk-16.15.0~dfsg/utils/db1-ast/recno/rec_get.c:146:14:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			if ((ch = getc(t->bt_rfp)) == EOF || !--len) {
data/asterisk-16.15.0~dfsg/utils/db1-ast/recno/rec_get.c:193:14:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			if ((ch = getc(t->bt_rfp)) == EOF || ch == bval) {
data/asterisk-16.15.0~dfsg/utils/extconf.c:352:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
				usleep(200);
data/asterisk-16.15.0~dfsg/utils/extconf.c:739:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int rem = comment_buffer_size - strlen(comment_buffer) - 1;
data/asterisk-16.15.0~dfsg/utils/extconf.c:740:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int siz = strlen(str);
data/asterisk-16.15.0~dfsg/utils/extconf.c:752:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int cbl = strlen(comment_buffer) + 1;
data/asterisk-16.15.0~dfsg/utils/extconf.c:760:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(comment_buffer,str,len); /* safe */
data/asterisk-16.15.0~dfsg/utils/extconf.c:766:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int rem = lline_buffer_size - strlen(lline_buffer) - 1;
data/asterisk-16.15.0~dfsg/utils/extconf.c:767:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int siz = strlen(str);
data/asterisk-16.15.0~dfsg/utils/extconf.c:879:66:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	struct ast_comment *x = ast_calloc(1,sizeof(struct ast_comment)+strlen(buffer)+1);
data/asterisk-16.15.0~dfsg/utils/extconf.c:993:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		work += strlen(work) - 1;
data/asterisk-16.15.0~dfsg/utils/extconf.c:1059:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int name_len = strlen(name) + 1;
data/asterisk-16.15.0~dfsg/utils/extconf.c:1060:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t value_len = strlen(value) + 1;
data/asterisk-16.15.0~dfsg/utils/extconf.c:1061:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t filename_len = strlen(filename) + 1;
data/asterisk-16.15.0~dfsg/utils/extconf.c:1117:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int from_len = strlen(from_file);
data/asterisk-16.15.0~dfsg/utils/extconf.c:1118:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int to_len = strlen(to_file);
data/asterisk-16.15.0~dfsg/utils/extconf.c:2101:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	int (*read)(struct ast_channel *, const char *, char *, char *, size_t);	/*!< Read function, if read is supported */
data/asterisk-16.15.0~dfsg/utils/extconf.c:2459:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int name_len = strlen(name) + 1;
data/asterisk-16.15.0~dfsg/utils/extconf.c:2460:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int value_len = strlen(value) + 1;
data/asterisk-16.15.0~dfsg/utils/extconf.c:2512:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				memmove(scan, scan + 1, strlen(scan));
data/asterisk-16.15.0~dfsg/utils/extconf.c:2516:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				memmove(scan, scan + 1, strlen(scan));
data/asterisk-16.15.0~dfsg/utils/extconf.c:2537:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (name[strlen(name)-1] == ')') {
data/asterisk-16.15.0~dfsg/utils/extconf.c:3018:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					c = cur + strlen(cur) - 1;
data/asterisk-16.15.0~dfsg/utils/extconf.c:3189:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						memmove(comment_p - 1, comment_p, strlen(comment_p) + 1);
data/asterisk-16.15.0~dfsg/utils/extconf.c:3212:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
								oldptr = process_buf + strlen(process_buf);
data/asterisk-16.15.0~dfsg/utils/extconf.c:3218:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
								memmove(oldptr, new_buf, strlen(new_buf) + 1);
data/asterisk-16.15.0~dfsg/utils/extconf.c:4201:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int ld = strlen(data), lp = strlen(pattern);
data/asterisk-16.15.0~dfsg/utils/extconf.c:4201:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int ld = strlen(data), lp = strlen(pattern);
data/asterisk-16.15.0~dfsg/utils/extconf.c:4513:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	length += 2 * (strlen(value) + 1);
data/asterisk-16.15.0~dfsg/utils/extconf.c:4524:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	p += strlen(value) + 1;
data/asterisk-16.15.0~dfsg/utils/extconf.c:4574:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	length += strlen(value) + 1;
data/asterisk-16.15.0~dfsg/utils/extconf.c:4650:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	length += strlen(value) + 1;
data/asterisk-16.15.0~dfsg/utils/extconf.c:4652:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		length += strlen(data);
data/asterisk-16.15.0~dfsg/utils/extconf.c:4667:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	p += strlen(value) + 1;
data/asterisk-16.15.0~dfsg/utils/extconf.c:4671:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		p += strlen(data) + 1;
data/asterisk-16.15.0~dfsg/utils/extconf.c:4673:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
		strcpy(new_sw->data, "");
data/asterisk-16.15.0~dfsg/utils/extconf.c:4711:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int length = sizeof(struct ast_context) + strlen(name) + 1;
data/asterisk-16.15.0~dfsg/utils/extconf.c:4797:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	length += strlen(extension) + 1;
data/asterisk-16.15.0~dfsg/utils/extconf.c:4798:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	length += strlen(application) + 1;
data/asterisk-16.15.0~dfsg/utils/extconf.c:4800:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		length += strlen(label) + 1;
data/asterisk-16.15.0~dfsg/utils/extconf.c:4802:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		length += strlen(callerid) + 1;
data/asterisk-16.15.0~dfsg/utils/extconf.c:4817:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		p += strlen(label) + 1;
data/asterisk-16.15.0~dfsg/utils/extconf.c:4820:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	p += ext_strncpy(p, extension, strlen(extension) + 1) + 1;
data/asterisk-16.15.0~dfsg/utils/extconf.c:4824:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		p += ext_strncpy(p, callerid, strlen(callerid) + 1) + 1;
data/asterisk-16.15.0~dfsg/utils/extconf.c:5048:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	lr = strlen(ret); /* compute length after copy, so we never go out of the workspace */
data/asterisk-16.15.0~dfsg/utils/extconf.c:5166:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		pos = strlen(whereweare);
data/asterisk-16.15.0~dfsg/utils/extconf.c:5260:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				length = strlen(cp4);
data/asterisk-16.15.0~dfsg/utils/frame.c:338:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (parsetime(args[i] + 1 + strlen( string), result))
data/asterisk-16.15.0~dfsg/utils/frame.c:434:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	result = malloc( strlen( args[i]) + 1);
data/asterisk-16.15.0~dfsg/utils/frame.c:447:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strncmp( found, wanted, strlen( wanted)) == 0)
data/asterisk-16.15.0~dfsg/utils/frame.c:449:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (found[strlen( wanted)] == '\0')
data/asterisk-16.15.0~dfsg/utils/frame.c:463:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (args[i][strlen( string) + 1] == '\0')
data/asterisk-16.15.0~dfsg/utils/frame.c:478:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      switch (sscanf(args[i] + 1 + strlen( string),
data/asterisk-16.15.0~dfsg/utils/frame.c:513:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      switch (sscanf(args[i] + 1 + strlen( string), "%30lf%1c", &temp, &end))
data/asterisk-16.15.0~dfsg/utils/frame.c:547:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      switch (sscanf(args[i] + 1 + strlen( string),
data/asterisk-16.15.0~dfsg/utils/frame.c:910:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	 strncmp( args[i] + 1, s, strlen( s)) == 0)
data/asterisk-16.15.0~dfsg/utils/frame.c:1042:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    result = malloc( strlen( string) + 1);
data/asterisk-16.15.0~dfsg/utils/frame.c:1053:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    result = malloc( strlen( one) + strlen( two) + 1);
data/asterisk-16.15.0~dfsg/utils/frame.c:1053:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    result = malloc( strlen( one) + strlen( two) + 1);
data/asterisk-16.15.0~dfsg/utils/muted.c:144:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			while(strlen(buf) && (buf[strlen(buf) - 1] < 33))
data/asterisk-16.15.0~dfsg/utils/muted.c:144:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			while(strlen(buf) && (buf[strlen(buf) - 1] < 33))
data/asterisk-16.15.0~dfsg/utils/muted.c:145:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				buf[strlen(buf) - 1] = '\0';
data/asterisk-16.15.0~dfsg/utils/muted.c:146:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (!strlen(buf))
data/asterisk-16.15.0~dfsg/utils/muted.c:160:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (val && strlen(val))
data/asterisk-16.15.0~dfsg/utils/muted.c:161:6:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
					strncpy(host, val, sizeof(host) - 1);
data/asterisk-16.15.0~dfsg/utils/muted.c:165:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (val && strlen(val))
data/asterisk-16.15.0~dfsg/utils/muted.c:170:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (val && strlen(val))
data/asterisk-16.15.0~dfsg/utils/muted.c:182:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (val && strlen(val)) {
data/asterisk-16.15.0~dfsg/utils/muted.c:198:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!strlen(host))
data/asterisk-16.15.0~dfsg/utils/muted.c:200:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	else if (!strlen(user))
data/asterisk-16.15.0~dfsg/utils/muted.c:273:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		while(strlen(buf) && (buf[strlen(buf) - 1] < 33))
data/asterisk-16.15.0~dfsg/utils/muted.c:273:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		while(strlen(buf) && (buf[strlen(buf) - 1] < 33))
data/asterisk-16.15.0~dfsg/utils/muted.c:274:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			buf[strlen(buf) - 1] = '\0';
data/asterisk-16.15.0~dfsg/utils/muted.c:302:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	while((resp = get_line()) && strlen(resp));
data/asterisk-16.15.0~dfsg/utils/muted.c:318:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	while((resp = get_line()) && strlen(resp));
data/asterisk-16.15.0~dfsg/utils/muted.c:331:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(tmp, channel, sizeof(tmp) - 1);
data/asterisk-16.15.0~dfsg/utils/muted.c:493:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
		usleep(10000);
data/asterisk-16.15.0~dfsg/utils/muted.c:539:4:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
			usleep(10000);
data/asterisk-16.15.0~dfsg/utils/muted.c:641:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!strncasecmp(resp, "Event: ", strlen("Event: "))) {
data/asterisk-16.15.0~dfsg/utils/muted.c:647:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		event_len = snprintf(event, sizeof(event), "%s", resp + strlen("Event: "));
data/asterisk-16.15.0~dfsg/utils/muted.c:649:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		while((resp = get_line()) && strlen(resp)) {
data/asterisk-16.15.0~dfsg/utils/muted.c:650:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (!strncasecmp(resp, "Channel: ", strlen("Channel: ")))
data/asterisk-16.15.0~dfsg/utils/muted.c:651:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				channel_len = snprintf(channel, sizeof(channel), "%s", resp + strlen("Channel: "));
data/asterisk-16.15.0~dfsg/utils/muted.c:652:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (!strncasecmp(resp, "Newname: ", strlen("Newname: ")))
data/asterisk-16.15.0~dfsg/utils/muted.c:653:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				newname_len = snprintf(newname, sizeof(newname), "%s", resp + strlen("Newname: "));
data/asterisk-16.15.0~dfsg/utils/muted.c:654:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (!strncasecmp(resp, "Oldname: ", strlen("Oldname: ")))
data/asterisk-16.15.0~dfsg/utils/muted.c:655:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				oldname_len = snprintf(oldname, sizeof(oldname), "%s", resp + strlen("Oldname: "));
data/asterisk-16.15.0~dfsg/utils/muted.c:657:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (channel_len == strlen(channel)) {
data/asterisk-16.15.0~dfsg/utils/muted.c:658:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (event_len == strlen(event) && !strcasecmp(event, "Hangup"))
data/asterisk-16.15.0~dfsg/utils/muted.c:663:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (newname_len == strlen(newname) && oldname_len == strlen(oldname)) {
data/asterisk-16.15.0~dfsg/utils/muted.c:663:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (newname_len == strlen(newname) && oldname_len == strlen(oldname)) {
data/asterisk-16.15.0~dfsg/utils/muted.c:664:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (event_len == strlen(event) && !strcasecmp(event, "Rename")) {
data/asterisk-16.15.0~dfsg/utils/muted.c:671:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		while((resp = get_line()) && strlen(resp));
data/asterisk-16.15.0~dfsg/utils/smsq.c:107:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   int ql = strlen (queue), qfl = ql;
data/asterisk-16.15.0~dfsg/utils/smsq.c:204:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   int ql = strlen (queue);
data/asterisk-16.15.0~dfsg/utils/smsq.c:564:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   if (da && strlen (da) > 20)
data/asterisk-16.15.0~dfsg/utils/smsq.c:569:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   if (oa && strlen (oa) > 20)
data/asterisk-16.15.0~dfsg/utils/smsq.c:574:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   if (queue && strlen (queue) > 20)
data/asterisk-16.15.0~dfsg/utils/smsq.c:637:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      n = read (f, dat, sizeof (dat));
data/asterisk-16.15.0~dfsg/utils/streamplayer.c:108:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		res = read(s, buf, sizeof(buf));

ANALYSIS SUMMARY:

Hits = 9882
Lines analyzed = 1162395 in approximately 32.25 seconds (36043 lines/second)
Physical Source Lines of Code (SLOC) = 770135
Hits@level = [0] 4298 [1] 3058 [2] 5816 [3]  57 [4] 937 [5]  14
Hits@level+ = [0+] 14180 [1+] 9882 [2+] 6824 [3+] 1008 [4+] 951 [5+]  14
Hits/KSLOC@level+ = [0+] 18.4124 [1+] 12.8315 [2+] 8.86078 [3+] 1.30886 [4+] 1.23485 [5+] 0.0181786
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.