Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/bzrtp-4.4.0/include/MSVC/stdint.h
Examining data/bzrtp-4.4.0/include/bzrtp/bzrtp.h
Examining data/bzrtp-4.4.0/include/cryptoUtils.h
Examining data/bzrtp-4.4.0/include/packetParser.h
Examining data/bzrtp-4.4.0/include/stateMachine.h
Examining data/bzrtp-4.4.0/include/typedef.h
Examining data/bzrtp-4.4.0/include/zidCache.h
Examining data/bzrtp-4.4.0/src/bzrtp.c
Examining data/bzrtp-4.4.0/src/cryptoUtils.c
Examining data/bzrtp-4.4.0/src/packetParser.c
Examining data/bzrtp-4.4.0/src/pgpwords.c
Examining data/bzrtp-4.4.0/src/stateMachine.c
Examining data/bzrtp-4.4.0/src/zidCache.c
Examining data/bzrtp-4.4.0/test/bzrtpConfigsTest.c
Examining data/bzrtp-4.4.0/test/bzrtpCryptoTest.c
Examining data/bzrtp-4.4.0/test/bzrtpParserTest.c
Examining data/bzrtp-4.4.0/test/bzrtpTest.c
Examining data/bzrtp-4.4.0/test/bzrtpTest.h
Examining data/bzrtp-4.4.0/test/bzrtpZidCacheTest.c
Examining data/bzrtp-4.4.0/test/testUtils.c
Examining data/bzrtp-4.4.0/test/testUtils.h
FINAL RESULTS:
data/bzrtp-4.4.0/include/typedef.h:57:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/bzrtp-4.4.0/include/typedef.h:57:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/bzrtp-4.4.0/src/bzrtp.c:950:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)output, ZRTP_VERSION);
data/bzrtp-4.4.0/test/bzrtpTest.c:31:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(lev == BCTBX_LOG_ERROR ? stderr : stdout, fmt, args);
data/bzrtp-4.4.0/test/bzrtpTest.c:36:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(lev == BCTBX_LOG_ERROR ? stderr : stdout, fmt, cap);
data/bzrtp-4.4.0/test/bzrtpTest.c:112:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(prefix, "%s%.*s", argv[0][0] == '/' ? "" : "./", prefix_length, argv[0]);
data/bzrtp-4.4.0/test/bzrtpZidCacheTest.c:120:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(patternFilename, "%s/patternZIDAlice.sqlite", resource_dir);
data/bzrtp-4.4.0/test/bzrtpZidCacheTest.c:166:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(patternFilename, "%s/patternZIDAlice.sqlite", resource_dir);
data/bzrtp-4.4.0/test/bzrtpConfigsTest.c:732:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned int)time(NULL));
data/bzrtp-4.4.0/include/bzrtp/bzrtp.h:491:68: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
BZRTP_EXPORT BZRTP_DEPRECATED int bzrtp_getSelfZID(void *db, const char *selfURI, uint8_t selfZID[12], bctbx_rng_context_t *RNGContext);
data/bzrtp-4.4.0/include/bzrtp/bzrtp.h:508:56: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
BZRTP_EXPORT int bzrtp_getSelfZID_lock(void *db, const char *selfURI, uint8_t selfZID[12], bctbx_rng_context_t *RNGContext, bctbx_mutex_t *zidCacheMutex);
data/bzrtp-4.4.0/include/zidCache.h:56:61: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
BZRTP_EXPORT int bzrtp_cache_getZuid(void *dbPointer, const char *selfURI, const char *peerURI, const uint8_t peerZID[12], const uint8_t insertFlag, int *zuid, bctbx_mutex_t *zidCacheMutex);
data/bzrtp-4.4.0/include/zidCache.h:56:82: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
BZRTP_EXPORT int bzrtp_cache_getZuid(void *dbPointer, const char *selfURI, const char *peerURI, const uint8_t peerZID[12], const uint8_t insertFlag, int *zuid, bctbx_mutex_t *zidCacheMutex);
data/bzrtp-4.4.0/src/bzrtp.c:992:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zrtpContext->transientAuxSecret, auxSecret, auxSecretLength);
data/bzrtp-4.4.0/src/cryptoUtils.c:141:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(input+index, label, labelLength);
data/bzrtp-4.4.0/src/cryptoUtils.c:148:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(input+index, context, contextLength);
data/bzrtp-4.4.0/src/cryptoUtils.c:744:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(algoTypeString, "S256", 4);
data/bzrtp-4.4.0/src/cryptoUtils.c:747:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(algoTypeString, "S384", 4);
data/bzrtp-4.4.0/src/cryptoUtils.c:750:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(algoTypeString, "N256", 4);
data/bzrtp-4.4.0/src/cryptoUtils.c:753:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(algoTypeString, "N384", 4);
data/bzrtp-4.4.0/src/cryptoUtils.c:756:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(algoTypeString, "AES1", 4);
data/bzrtp-4.4.0/src/cryptoUtils.c:759:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(algoTypeString, "AES2", 4);
data/bzrtp-4.4.0/src/cryptoUtils.c:762:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(algoTypeString, "AES3", 4);
data/bzrtp-4.4.0/src/cryptoUtils.c:765:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(algoTypeString, "2FS1", 4);
data/bzrtp-4.4.0/src/cryptoUtils.c:768:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(algoTypeString, "2FS2", 4);
data/bzrtp-4.4.0/src/cryptoUtils.c:771:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(algoTypeString, "2FS3", 4);
data/bzrtp-4.4.0/src/cryptoUtils.c:774:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(algoTypeString, "HS32", 4);
data/bzrtp-4.4.0/src/cryptoUtils.c:777:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(algoTypeString, "HS80", 4);
data/bzrtp-4.4.0/src/cryptoUtils.c:780:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(algoTypeString, "SK32", 4);
data/bzrtp-4.4.0/src/cryptoUtils.c:783:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(algoTypeString, "SK64", 4);
data/bzrtp-4.4.0/src/cryptoUtils.c:786:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(algoTypeString, "DH2k", 4);
data/bzrtp-4.4.0/src/cryptoUtils.c:789:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(algoTypeString, "X255", 4);
data/bzrtp-4.4.0/src/cryptoUtils.c:792:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(algoTypeString, "EC25", 4);
data/bzrtp-4.4.0/src/cryptoUtils.c:795:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(algoTypeString, "X448", 4);
data/bzrtp-4.4.0/src/cryptoUtils.c:798:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(algoTypeString, "DH3k", 4);
data/bzrtp-4.4.0/src/cryptoUtils.c:801:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(algoTypeString, "EC38", 4);
data/bzrtp-4.4.0/src/cryptoUtils.c:804:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(algoTypeString, "EC52", 4);
data/bzrtp-4.4.0/src/cryptoUtils.c:807:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(algoTypeString, "Prsh", 4);
data/bzrtp-4.4.0/src/cryptoUtils.c:810:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(algoTypeString, "Mult", 4);
data/bzrtp-4.4.0/src/cryptoUtils.c:813:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(algoTypeString, "B32 ", 4);
data/bzrtp-4.4.0/src/cryptoUtils.c:816:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(algoTypeString, "B256", 4);
data/bzrtp-4.4.0/src/cryptoUtils.c:819:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(algoTypeString, "NSET", 4);
data/bzrtp-4.4.0/src/packetParser.c:227:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageData->version, messageContent, 4);
data/bzrtp-4.4.0/src/packetParser.c:229:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageData->clientIdentifier, messageContent, 16);
data/bzrtp-4.4.0/src/packetParser.c:232:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageData->H3, messageContent, 32);
data/bzrtp-4.4.0/src/packetParser.c:234:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageData->ZID, messageContent, 12);
data/bzrtp-4.4.0/src/packetParser.c:283:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageData->MAC, messageContent, 8);
data/bzrtp-4.4.0/src/packetParser.c:290:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zrtpPacket->packetString, input, inputLength); /* store the whole packet even if we may use the message only */
data/bzrtp-4.4.0/src/packetParser.c:317:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageData->H2, messageContent, 32);
data/bzrtp-4.4.0/src/packetParser.c:341:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageData->ZID, messageContent, 12);
data/bzrtp-4.4.0/src/packetParser.c:382:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageData->nonce, messageContent, 16);
data/bzrtp-4.4.0/src/packetParser.c:387:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageData->keyID, messageContent, 8);
data/bzrtp-4.4.0/src/packetParser.c:391:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageData->hvi, messageContent, 32);
data/bzrtp-4.4.0/src/packetParser.c:396:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageData->MAC, messageContent, 8);
data/bzrtp-4.4.0/src/packetParser.c:401:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zrtpPacket->packetString, input, inputLength); /* store the whole packet even if we may use the message only */
data/bzrtp-4.4.0/src/packetParser.c:423:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageData->H1, messageContent, 32);
data/bzrtp-4.4.0/src/packetParser.c:463:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(DHPartHelloMessageString, input+ZRTP_PACKET_HEADER_LENGTH, zrtpPacket->messageLength);
data/bzrtp-4.4.0/src/packetParser.c:464:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(DHPartHelloMessageString+zrtpPacket->messageLength, zrtpChannelContext->selfPackets[HELLO_MESSAGE_STORE_ID]->packetString+ZRTP_PACKET_HEADER_LENGTH, HelloMessageLength);
data/bzrtp-4.4.0/src/packetParser.c:509:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageData->rs1ID, messageContent, 8);
data/bzrtp-4.4.0/src/packetParser.c:511:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageData->rs2ID, messageContent, 8);
data/bzrtp-4.4.0/src/packetParser.c:513:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageData->auxsecretID, messageContent, 8);
data/bzrtp-4.4.0/src/packetParser.c:515:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageData->pbxsecretID, messageContent, 8);
data/bzrtp-4.4.0/src/packetParser.c:517:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageData->pv, messageContent, pvLength);
data/bzrtp-4.4.0/src/packetParser.c:519:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageData->MAC, messageContent, 8);
data/bzrtp-4.4.0/src/packetParser.c:526:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zrtpPacket->packetString, input, inputLength); /* store the whole packet even if we may use the message only */
data/bzrtp-4.4.0/src/packetParser.c:561:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageData->confirm_mac, messageContent, 8);
data/bzrtp-4.4.0/src/packetParser.c:563:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageData->CFBIV, messageContent, 16);
data/bzrtp-4.4.0/src/packetParser.c:585:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageData->H0, confirmPlainMessage, 32);
data/bzrtp-4.4.0/src/packetParser.c:688:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageData->signatureBlockType, confirmPlainMessage, 4);
data/bzrtp-4.4.0/src/packetParser.c:692:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageData->signatureBlock, confirmPlainMessage, 4*(messageData->sig_len-1));
data/bzrtp-4.4.0/src/packetParser.c:702:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zrtpPacket->packetString, input, inputLength); /* store the whole packet even if we may use the message only */
data/bzrtp-4.4.0/src/packetParser.c:720:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageData->version, messageContent, 4);
data/bzrtp-4.4.0/src/packetParser.c:722:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageData->endpointHash, messageContent, 8);
data/bzrtp-4.4.0/src/packetParser.c:777:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageString, messageData->version, 4);
data/bzrtp-4.4.0/src/packetParser.c:779:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageString, messageData->clientIdentifier, 16);
data/bzrtp-4.4.0/src/packetParser.c:781:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageString, messageData->H3, 32);
data/bzrtp-4.4.0/src/packetParser.c:783:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageString, messageData->ZID, 12);
data/bzrtp-4.4.0/src/packetParser.c:874:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageString, messageData->H2, 32);
data/bzrtp-4.4.0/src/packetParser.c:876:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageString, messageData->ZID, 12);
data/bzrtp-4.4.0/src/packetParser.c:891:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageString, messageData->nonce, 16);
data/bzrtp-4.4.0/src/packetParser.c:896:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageString, messageData->keyID, 8);
data/bzrtp-4.4.0/src/packetParser.c:900:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageString, messageData->hvi, 32);
data/bzrtp-4.4.0/src/packetParser.c:937:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageString, messageData->H1, 32);
data/bzrtp-4.4.0/src/packetParser.c:939:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageString, messageData->rs1ID, 8);
data/bzrtp-4.4.0/src/packetParser.c:941:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageString, messageData->rs2ID, 8);
data/bzrtp-4.4.0/src/packetParser.c:943:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageString, messageData->auxsecretID, 8);
data/bzrtp-4.4.0/src/packetParser.c:945:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageString, messageData->pbxsecretID, 8);
data/bzrtp-4.4.0/src/packetParser.c:947:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageString, messageData->pv, pvLength);
data/bzrtp-4.4.0/src/packetParser.c:1004:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(plainMessageString, messageData->H0, 32);
data/bzrtp-4.4.0/src/packetParser.c:1017:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(plainMessageString+plainMessageStringIndex, messageData->signatureBlockType, 4);
data/bzrtp-4.4.0/src/packetParser.c:1020:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(plainMessageString+plainMessageStringIndex, messageData->signatureBlock, (messageData->sig_len-1)*4);
data/bzrtp-4.4.0/src/packetParser.c:1031:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageString, messageData->CFBIV, 16);
data/bzrtp-4.4.0/src/packetParser.c:1059:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageString, messageData->version, 4);
data/bzrtp-4.4.0/src/packetParser.c:1061:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageString, messageData->endpointHash, 8);
data/bzrtp-4.4.0/src/packetParser.c:1063:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(messageString, messageData->endpointHashReceived, 8);
data/bzrtp-4.4.0/src/packetParser.c:1138:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zrtpHelloMessage->version, ZRTP_VERSION, 4);
data/bzrtp-4.4.0/src/packetParser.c:1141:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zrtpHelloMessage->H3, zrtpChannelContext->selfH[3], 32);
data/bzrtp-4.4.0/src/packetParser.c:1142:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zrtpHelloMessage->ZID, zrtpContext->selfZID, 12);
data/bzrtp-4.4.0/src/packetParser.c:1188:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zrtpCommitMessage->H2, zrtpChannelContext->selfH[2], 32);
data/bzrtp-4.4.0/src/packetParser.c:1189:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zrtpCommitMessage->ZID, zrtpContext->selfZID, 12);
data/bzrtp-4.4.0/src/packetParser.c:1216:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(DHPartHelloMessageString, zrtpChannelContext->selfPackets[DHPART_MESSAGE_STORE_ID]->packetString+ZRTP_PACKET_HEADER_LENGTH, DHPartMessageLength);
data/bzrtp-4.4.0/src/packetParser.c:1217:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(DHPartHelloMessageString+DHPartMessageLength, zrtpChannelContext->peerPackets[HELLO_MESSAGE_STORE_ID]->packetString+ZRTP_PACKET_HEADER_LENGTH, HelloMessageLength);
data/bzrtp-4.4.0/src/packetParser.c:1238:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zrtpDHPartMessage->H1, zrtpChannelContext->selfH[1], 32);
data/bzrtp-4.4.0/src/packetParser.c:1241:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zrtpDHPartMessage->rs1ID, zrtpContext->initiatorCachedSecretHash.rs1ID, 8);
data/bzrtp-4.4.0/src/packetParser.c:1242:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zrtpDHPartMessage->rs2ID, zrtpContext->initiatorCachedSecretHash.rs2ID, 8);
data/bzrtp-4.4.0/src/packetParser.c:1243:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zrtpDHPartMessage->auxsecretID, zrtpChannelContext->initiatorAuxsecretID, 8);
data/bzrtp-4.4.0/src/packetParser.c:1244:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zrtpDHPartMessage->pbxsecretID, zrtpContext->initiatorCachedSecretHash.pbxsecretID, 8);
data/bzrtp-4.4.0/src/packetParser.c:1286:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zrtpDHPartMessage->pv, DHMContext->self, zrtpChannelContext->keyAgreementLength);
data/bzrtp-4.4.0/src/packetParser.c:1313:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zrtpDHPartMessage->pv, ECDHContext->selfPublic, zrtpChannelContext->keyAgreementLength);
data/bzrtp-4.4.0/src/packetParser.c:1337:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zrtpConfirmMessage->H0, zrtpChannelContext->selfH[0], 32);
data/bzrtp-4.4.0/src/packetParser.c:1376:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zrtpPingAckMessage->version,ZRTP_VERSION , 4); /* we support version 1.10 only, so no need to even check what was sent in the ping */
data/bzrtp-4.4.0/src/packetParser.c:1377:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zrtpPingAckMessage->endpointHash, zrtpContext->selfZID, 8); /* as suggested in rfc section 5.16, use the truncated ZID as endPoint hash */
data/bzrtp-4.4.0/src/packetParser.c:1378:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zrtpPingAckMessage->endpointHashReceived, pingMessage->endpointHash, 8);
data/bzrtp-4.4.0/src/packetParser.c:1599:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outputBuffer+4, messageType, 8);
data/bzrtp-4.4.0/src/stateMachine.c:566:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zrtpChannelContext->peerH[1], dhPart1Message->H1, 32);
data/bzrtp-4.4.0/src/stateMachine.c:573:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (DHMContext->peer, dhPart1Message->pv, zrtpChannelContext->keyAgreementLength);
data/bzrtp-4.4.0/src/stateMachine.c:579:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ECDHContext->peerPublic, dhPart1Message->pv, zrtpChannelContext->keyAgreementLength);
data/bzrtp-4.4.0/src/stateMachine.c:602:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zrtpChannelContext->peerH[0], confirm1Message->H0, 32);
data/bzrtp-4.4.0/src/stateMachine.c:874:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zrtpChannelContext->peerH[1], dhPart2Message->H1, 32);
data/bzrtp-4.4.0/src/stateMachine.c:881:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (DHMContext->peer, dhPart2Message->pv, zrtpChannelContext->keyAgreementLength);
data/bzrtp-4.4.0/src/stateMachine.c:887:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ECDHContext->peerPublic, dhPart2Message->pv, zrtpChannelContext->keyAgreementLength);
data/bzrtp-4.4.0/src/stateMachine.c:1005:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zrtpChannelContext->peerH[0], confirm1Packet->H0, 32);
data/bzrtp-4.4.0/src/stateMachine.c:1218:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zrtpChannelContext->peerH[0], confirm2Packet->H0, 32);
data/bzrtp-4.4.0/src/stateMachine.c:1572:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zrtpChannelContext->peerH[2], commitMessage->H2, 32); /* H2 */
data/bzrtp-4.4.0/src/stateMachine.c:1590:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpBuffer, zrtpChannelContext->initiatorAuxsecretID, 8);
data/bzrtp-4.4.0/src/stateMachine.c:1591:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zrtpChannelContext->initiatorAuxsecretID, zrtpChannelContext->responderAuxsecretID, 8);
data/bzrtp-4.4.0/src/stateMachine.c:1592:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zrtpChannelContext->responderAuxsecretID, tmpBuffer, 8);
data/bzrtp-4.4.0/src/stateMachine.c:1599:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(selfDHPart1Packet->rs1ID, zrtpContext->responderCachedSecretHash.rs1ID, 8);
data/bzrtp-4.4.0/src/stateMachine.c:1600:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(selfDHPart1Packet->rs2ID, zrtpContext->responderCachedSecretHash.rs2ID, 8);
data/bzrtp-4.4.0/src/stateMachine.c:1601:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(selfDHPart1Packet->auxsecretID, zrtpChannelContext->responderAuxsecretID, 8);
data/bzrtp-4.4.0/src/stateMachine.c:1602:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(selfDHPart1Packet->pbxsecretID, zrtpContext->responderCachedSecretHash.pbxsecretID, 8);
data/bzrtp-4.4.0/src/stateMachine.c:1683:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zrtpContext->peerZID, helloMessage->ZID, 12); /* peer ZID */
data/bzrtp-4.4.0/src/stateMachine.c:1684:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zrtpChannelContext->peerH[3], helloMessage->H3, 32); /* H3 */
data/bzrtp-4.4.0/src/stateMachine.c:1749:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zrtpContext->cachedSecret.auxsecret + zrtpContext->cachedSecret.auxsecretLength, zrtpContext->transientAuxSecret, zrtpContext->transientAuxSecretLength);
data/bzrtp-4.4.0/src/stateMachine.c:1841:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash+hashDataIndex, zrtpChannelContext->selfPackets[HELLO_MESSAGE_STORE_ID]->packetString+ZRTP_PACKET_HEADER_LENGTH, zrtpChannelContext->selfPackets[HELLO_MESSAGE_STORE_ID]->messageLength);
data/bzrtp-4.4.0/src/stateMachine.c:1843:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash+hashDataIndex, zrtpChannelContext->peerPackets[COMMIT_MESSAGE_STORE_ID]->packetString+ZRTP_PACKET_HEADER_LENGTH, zrtpChannelContext->peerPackets[COMMIT_MESSAGE_STORE_ID]->messageLength);
data/bzrtp-4.4.0/src/stateMachine.c:1845:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash+hashDataIndex, zrtpChannelContext->selfPackets[DHPART_MESSAGE_STORE_ID]->packetString+ZRTP_PACKET_HEADER_LENGTH, zrtpChannelContext->selfPackets[DHPART_MESSAGE_STORE_ID]->messageLength);
data/bzrtp-4.4.0/src/stateMachine.c:1847:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash+hashDataIndex, zrtpChannelContext->peerPackets[DHPART_MESSAGE_STORE_ID]->packetString+ZRTP_PACKET_HEADER_LENGTH, zrtpChannelContext->peerPackets[DHPART_MESSAGE_STORE_ID]->messageLength);
data/bzrtp-4.4.0/src/stateMachine.c:1862:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash+hashDataIndex, zrtpChannelContext->peerPackets[HELLO_MESSAGE_STORE_ID]->packetString+ZRTP_PACKET_HEADER_LENGTH, zrtpChannelContext->peerPackets[HELLO_MESSAGE_STORE_ID]->messageLength);
data/bzrtp-4.4.0/src/stateMachine.c:1864:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash+hashDataIndex, zrtpChannelContext->selfPackets[COMMIT_MESSAGE_STORE_ID]->packetString+ZRTP_PACKET_HEADER_LENGTH, zrtpChannelContext->selfPackets[COMMIT_MESSAGE_STORE_ID]->messageLength);
data/bzrtp-4.4.0/src/stateMachine.c:1866:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash+hashDataIndex, zrtpChannelContext->peerPackets[DHPART_MESSAGE_STORE_ID]->packetString+ZRTP_PACKET_HEADER_LENGTH, zrtpChannelContext->peerPackets[DHPART_MESSAGE_STORE_ID]->messageLength);
data/bzrtp-4.4.0/src/stateMachine.c:1868:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash+hashDataIndex, zrtpChannelContext->selfPackets[DHPART_MESSAGE_STORE_ID]->packetString+ZRTP_PACKET_HEADER_LENGTH, zrtpChannelContext->selfPackets[DHPART_MESSAGE_STORE_ID]->messageLength);
data/bzrtp-4.4.0/src/stateMachine.c:1882:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zrtpChannelContext->KDFContext, ZIDi, 12); /* ZIDi*/
data/bzrtp-4.4.0/src/stateMachine.c:1883:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zrtpChannelContext->KDFContext+12, ZIDr, 12); /* ZIDr */
data/bzrtp-4.4.0/src/stateMachine.c:1884:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zrtpChannelContext->KDFContext+24, totalHash, zrtpChannelContext->hashLength); /* total Hash*/
data/bzrtp-4.4.0/src/stateMachine.c:1921:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash+hashDataIndex, DHMContext->key, zrtpChannelContext->keyAgreementLength);
data/bzrtp-4.4.0/src/stateMachine.c:1925:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash+hashDataIndex, ECDHContext->sharedSecret, zrtpChannelContext->keyAgreementLength);
data/bzrtp-4.4.0/src/stateMachine.c:1929:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash+hashDataIndex, "ZRTP-HMAC-KDF", 13);
data/bzrtp-4.4.0/src/stateMachine.c:1932:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash+hashDataIndex, zrtpChannelContext->KDFContext, zrtpChannelContext->KDFContextLength);
data/bzrtp-4.4.0/src/stateMachine.c:1940:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash+hashDataIndex, s1, s1Length);
data/bzrtp-4.4.0/src/stateMachine.c:1949:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash+hashDataIndex, s2, s2Length);
data/bzrtp-4.4.0/src/stateMachine.c:1958:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash+hashDataIndex, s3, s3Length);
data/bzrtp-4.4.0/src/stateMachine.c:2024:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash, zrtpChannelContext->selfPackets[HELLO_MESSAGE_STORE_ID]->packetString+ZRTP_PACKET_HEADER_LENGTH, zrtpChannelContext->selfPackets[HELLO_MESSAGE_STORE_ID]->messageLength);
data/bzrtp-4.4.0/src/stateMachine.c:2026:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash+hashDataIndex, zrtpChannelContext->peerPackets[COMMIT_MESSAGE_STORE_ID]->packetString+ZRTP_PACKET_HEADER_LENGTH, zrtpChannelContext->peerPackets[COMMIT_MESSAGE_STORE_ID]->messageLength);
data/bzrtp-4.4.0/src/stateMachine.c:2035:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash, zrtpChannelContext->peerPackets[HELLO_MESSAGE_STORE_ID]->packetString+ZRTP_PACKET_HEADER_LENGTH, zrtpChannelContext->peerPackets[HELLO_MESSAGE_STORE_ID]->messageLength);
data/bzrtp-4.4.0/src/stateMachine.c:2037:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash+hashDataIndex, zrtpChannelContext->selfPackets[COMMIT_MESSAGE_STORE_ID]->packetString+ZRTP_PACKET_HEADER_LENGTH, zrtpChannelContext->selfPackets[COMMIT_MESSAGE_STORE_ID]->messageLength);
data/bzrtp-4.4.0/src/stateMachine.c:2051:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zrtpChannelContext->KDFContext, ZIDi, 12); /* ZIDi*/
data/bzrtp-4.4.0/src/stateMachine.c:2052:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zrtpChannelContext->KDFContext+12, ZIDr, 12); /* ZIDr */
data/bzrtp-4.4.0/src/stateMachine.c:2053:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zrtpChannelContext->KDFContext+24, totalHash, zrtpChannelContext->hashLength); /* total Hash*/
data/bzrtp-4.4.0/src/zidCache.c:53:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*selfZID, argv[0], 12);
data/bzrtp-4.4.0/src/zidCache.c:63:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*userVersion = atoi(argv[0]);
data/bzrtp-4.4.0/src/zidCache.c:260:57: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int bzrtp_getSelfZID_impl(void *dbPointer, const char *selfURI, uint8_t selfZID[12], bctbx_rng_context_t *RNGContext) {
data/bzrtp-4.4.0/src/zidCache.c:313:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(selfZID, generatedZID,12);
data/bzrtp-4.4.0/src/zidCache.c:315:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(selfZID, localZID, 12);
data/bzrtp-4.4.0/src/zidCache.c:322:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int bzrtp_getSelfZID(void *dbPointer, const char *selfURI, uint8_t selfZID[12], bctbx_rng_context_t *RNGContext) {
data/bzrtp-4.4.0/src/zidCache.c:326:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int bzrtp_getSelfZID_lock(void *dbPointer, const char *selfURI, uint8_t selfZID[12], bctbx_rng_context_t *RNGContext, bctbx_mutex_t *zidCacheMutex) {
data/bzrtp-4.4.0/src/zidCache.c:427:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context->cachedSecret.rs1, sqlite3_column_blob(sqlStmt, 1), length);
data/bzrtp-4.4.0/src/zidCache.c:434:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context->cachedSecret.rs2, sqlite3_column_blob(sqlStmt, 2), length);
data/bzrtp-4.4.0/src/zidCache.c:441:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context->cachedSecret.auxsecret, sqlite3_column_blob(sqlStmt, 3), length);
data/bzrtp-4.4.0/src/zidCache.c:448:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context->cachedSecret.pbxsecret, sqlite3_column_blob(sqlStmt, 4), length);
data/bzrtp-4.4.0/src/zidCache.c:491:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int bzrtp_cache_getZuid(void *dbPointer, const char *selfURI, const char *peerURI, const uint8_t peerZID[12], const uint8_t insertFlag, int *zuid, bctbx_mutex_t *zidCacheMutex) {
data/bzrtp-4.4.0/src/zidCache.c:491:69: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int bzrtp_cache_getZuid(void *dbPointer, const char *selfURI, const char *peerURI, const uint8_t peerZID[12], const uint8_t insertFlag, int *zuid, bctbx_mutex_t *zidCacheMutex) {
data/bzrtp-4.4.0/src/zidCache.c:684:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(valuesBindingString+2*i+1,",?"); /*2 char (,?) for each column plus the initial ? for the zuid column */
data/bzrtp-4.4.0/src/zidCache.c:931:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(values[i], sqlite3_column_blob(sqlStmt, i), length);
data/bzrtp-4.4.0/src/zidCache.c:1106:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sqlite3_bind_text(sqlStmt, 3, (const char *)(peerUri[i]), -1, SQLITE_TRANSIENT);
data/bzrtp-4.4.0/src/zidCache.c:1240:57: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int bzrtp_getSelfZID_impl(void *dbPointer, const char *selfURI, uint8_t selfZID[12], bctbx_rng_context_t *RNGContext) {
data/bzrtp-4.4.0/src/zidCache.c:1249:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int bzrtp_getSelfZID(void *dbPointer, const char *selfURI, uint8_t selfZID[12], bctbx_rng_context_t *RNGContext) {
data/bzrtp-4.4.0/src/zidCache.c:1252:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int bzrtp_getSelfZID_lock(void *dbPointer, const char *selfURI, uint8_t selfZID[12], bctbx_rng_context_t *RNGContext, bctbx_mutex_t *zidCacheMutex) {
data/bzrtp-4.4.0/src/zidCache.c:1307:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int bzrtp_cache_getZuid(void *dbPointer, const char *selfURI, const char *peerURI, const uint8_t peerZID[12], const uint8_t insertFlag, int *zuid, bctbx_mutex_t *zidCacheMutex) {
data/bzrtp-4.4.0/src/zidCache.c:1307:69: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int bzrtp_cache_getZuid(void *dbPointer, const char *selfURI, const char *peerURI, const uint8_t peerZID[12], const uint8_t insertFlag, int *zuid, bctbx_mutex_t *zidCacheMutex) {
data/bzrtp-4.4.0/test/bzrtpConfigsTest.c:157:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bobQueue[bobQueueIndex].packetString, packetString, packetLength);
data/bzrtp-4.4.0/test/bzrtpConfigsTest.c:161:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bobQueue[bobQueueIndex].packetString, packetString, packetLength);
data/bzrtp-4.4.0/test/bzrtpConfigsTest.c:162:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aliceQueue[aliceQueueIndex].packetString, packetString, packetLength);
data/bzrtp-4.4.0/test/bzrtpCryptoTest.c:72:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
patternKDFLabel[i], strlen((char *)patternKDFLabel[i]),
data/bzrtp-4.4.0/test/bzrtpCryptoTest.c:116:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(helloMessage->supportedHash, types, typesCount);
data/bzrtp-4.4.0/test/bzrtpCryptoTest.c:120:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(helloMessage->supportedCipher, types, typesCount);
data/bzrtp-4.4.0/test/bzrtpCryptoTest.c:124:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(helloMessage->supportedAuthTag, types, typesCount);
data/bzrtp-4.4.0/test/bzrtpCryptoTest.c:128:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(helloMessage->supportedKeyAgreement, types, typesCount);
data/bzrtp-4.4.0/test/bzrtpCryptoTest.c:132:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(helloMessage->supportedSas, types, typesCount);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:124:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (context12345678->channelContext[0]->selfH[0], H12345678[0], 32);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:125:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (context12345678->channelContext[0]->selfH[1], H12345678[1], 32);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:126:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (context12345678->channelContext[0]->selfH[2], H12345678[2], 32);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:127:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (context12345678->channelContext[0]->selfH[3], H12345678[3], 32);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:128:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (context87654321->channelContext[0]->selfH[0], H87654321[0], 32);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:129:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (context87654321->channelContext[0]->selfH[1], H87654321[1], 32);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:130:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (context87654321->channelContext[0]->selfH[2], H87654321[2], 32);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:131:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (context87654321->channelContext[0]->selfH[3], H87654321[3], 32);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:155:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context12345678->channelContext[0]->mackeyi, mackeyi, 32);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:156:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context12345678->channelContext[0]->mackeyr, mackeyr, 32);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:157:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context12345678->channelContext[0]->zrtpkeyi, zrtpkeyi, 16);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:158:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context12345678->channelContext[0]->zrtpkeyr, zrtpkeyr, 16);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:159:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context87654321->channelContext[0]->mackeyi, mackeyi, 32);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:160:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context87654321->channelContext[0]->mackeyr, mackeyr, 32);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:161:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context87654321->channelContext[0]->zrtpkeyi, zrtpkeyi, 16);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:162:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context87654321->channelContext[0]->zrtpkeyr, zrtpkeyr, 16);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:281:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nom[30]; /* nom du contexte */
data/bzrtp-4.4.0/test/bzrtpParserTest.c:326:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sas[32];
data/bzrtp-4.4.0/test/bzrtpParserTest.c:374:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(contextAlice->peerZID, alice_HelloFromBob_message->ZID, 12);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:401:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(contextBob->peerZID, bob_HelloFromAlice_message->ZID, 12);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:414:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(contextAlice->channelContext[0]->peerH[3], alice_HelloFromBob_message->H3, 32);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:416:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(contextBob->channelContext[0]->peerH[3], bob_HelloFromAlice_message->H3, 32);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:610:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(contextBob->channelContext[0]->peerH[2], bob_CommitFromAlice_message->H2, 32);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:639:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpBuffer, contextBob->channelContext[0]->initiatorAuxsecretID, 8);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:640:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(contextBob->channelContext[0]->initiatorAuxsecretID, contextBob->channelContext[0]->responderAuxsecretID, 8);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:641:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(contextBob->channelContext[0]->responderAuxsecretID, tmpBuffer, 8);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:646:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bob_DHPart1->rs1ID, contextBob->responderCachedSecretHash.rs1ID, 8);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:647:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bob_DHPart1->rs2ID, contextBob->responderCachedSecretHash.rs2ID, 8);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:648:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bob_DHPart1->auxsecretID, contextBob->channelContext[0]->responderAuxsecretID, 8);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:649:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bob_DHPart1->pbxsecretID, contextBob->responderCachedSecretHash.pbxsecretID, 8);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:667:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(contextAlice->channelContext[0]->peerH[1], alice_DHPart1FromBob_message->H1, 32);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:707:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (DHMContext->peer, alice_DHPart1FromBob_message->pv, contextAlice->channelContext[0]->keyAgreementLength);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:713:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ECDHContext->peerPublic, alice_DHPart1FromBob_message->pv, contextAlice->channelContext[0]->keyAgreementLength);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:731:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(contextBob->channelContext[0]->peerH[1], bob_DHPart2FromAlice_message->H1, 32);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:771:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (DHMContext->peer, bob_DHPart2FromAlice_message->pv, contextBob->channelContext[0]->keyAgreementLength);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:777:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ECDHContext->peerPublic, bob_DHPart2FromAlice_message->pv, contextBob->channelContext[0]->keyAgreementLength);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:814:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash, contextAlice->channelContext[0]->peerPackets[HELLO_MESSAGE_STORE_ID]->packetString+ZRTP_PACKET_HEADER_LENGTH, contextAlice->channelContext[0]->peerPackets[HELLO_MESSAGE_STORE_ID]->messageLength);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:816:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash+hashDataIndex, contextAlice->channelContext[0]->selfPackets[COMMIT_MESSAGE_STORE_ID]->packetString+ZRTP_PACKET_HEADER_LENGTH, contextAlice->channelContext[0]->selfPackets[COMMIT_MESSAGE_STORE_ID]->messageLength);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:818:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash+hashDataIndex, contextAlice->channelContext[0]->peerPackets[DHPART_MESSAGE_STORE_ID]->packetString+ZRTP_PACKET_HEADER_LENGTH, contextAlice->channelContext[0]->peerPackets[DHPART_MESSAGE_STORE_ID]->messageLength);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:820:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash+hashDataIndex, contextAlice->channelContext[0]->selfPackets[DHPART_MESSAGE_STORE_ID]->packetString+ZRTP_PACKET_HEADER_LENGTH, contextAlice->channelContext[0]->selfPackets[DHPART_MESSAGE_STORE_ID]->messageLength);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:826:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash, contextBob->channelContext[0]->selfPackets[HELLO_MESSAGE_STORE_ID]->packetString+ZRTP_PACKET_HEADER_LENGTH, contextBob->channelContext[0]->selfPackets[HELLO_MESSAGE_STORE_ID]->messageLength);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:828:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash+hashDataIndex, contextBob->channelContext[0]->peerPackets[COMMIT_MESSAGE_STORE_ID]->packetString+ZRTP_PACKET_HEADER_LENGTH, contextBob->channelContext[0]->peerPackets[COMMIT_MESSAGE_STORE_ID]->messageLength);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:830:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash+hashDataIndex, contextBob->channelContext[0]->selfPackets[DHPART_MESSAGE_STORE_ID]->packetString+ZRTP_PACKET_HEADER_LENGTH, contextBob->channelContext[0]->selfPackets[DHPART_MESSAGE_STORE_ID]->messageLength);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:832:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash+hashDataIndex, contextBob->channelContext[0]->peerPackets[DHPART_MESSAGE_STORE_ID]->packetString+ZRTP_PACKET_HEADER_LENGTH, contextBob->channelContext[0]->peerPackets[DHPART_MESSAGE_STORE_ID]->messageLength);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:850:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(contextAlice->channelContext[0]->KDFContext, contextAlice->selfZID, 12); /* ZIDi*/
data/bzrtp-4.4.0/test/bzrtpParserTest.c:851:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(contextAlice->channelContext[0]->KDFContext+12, contextAlice->peerZID, 12); /* ZIDr */
data/bzrtp-4.4.0/test/bzrtpParserTest.c:852:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(contextAlice->channelContext[0]->KDFContext+24, alice_totalHash, 32); /* total Hash*/
data/bzrtp-4.4.0/test/bzrtpParserTest.c:882:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash+hashDataIndex, DHMContext->key, secretLength);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:886:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash+hashDataIndex, ECDHContext->sharedSecret, secretLength);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:889:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash+hashDataIndex, "ZRTP-HMAC-KDF", 13);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:891:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash+hashDataIndex, contextAlice->channelContext[0]->KDFContext, contextAlice->channelContext[0]->KDFContextLength);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:899:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash+hashDataIndex, s1, s1Length);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:908:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash+hashDataIndex, s2, s2Length);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:917:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash+hashDataIndex, s3, s3Length);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:953:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(contextBob->channelContext[0]->KDFContext, contextBob->peerZID, 12); /* ZIDi*/
data/bzrtp-4.4.0/test/bzrtpParserTest.c:954:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(contextBob->channelContext[0]->KDFContext+12, contextBob->selfZID, 12); /* ZIDr */
data/bzrtp-4.4.0/test/bzrtpParserTest.c:955:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(contextBob->channelContext[0]->KDFContext+24, bob_totalHash, 32); /* total Hash*/
data/bzrtp-4.4.0/test/bzrtpParserTest.c:983:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash+hashDataIndex, DHMContext->key, secretLength);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:987:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash+hashDataIndex, ECDHContext->sharedSecret, secretLength);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:991:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash+hashDataIndex, "ZRTP-HMAC-KDF", 13);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:993:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash+hashDataIndex, contextBob->channelContext[0]->KDFContext, contextBob->channelContext[0]->KDFContextLength);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:1001:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash+hashDataIndex, s1, s1Length);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:1010:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash+hashDataIndex, s2, s2Length);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:1019:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash+hashDataIndex, s3, s3Length);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:1173:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(contextAlice->channelContext[0]->peerH[0], alice_Confirm1FromBob_message->H0, 32);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:1197:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(contextBob->channelContext[0]->peerH[0], bob_Confirm2FromAlice_message->H0, 32);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:1335:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(contextAlice->channelContext[1]->peerH[3], alice_HelloFromBob_message->H3, 32);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:1337:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(contextBob->channelContext[1]->peerH[3], bob_HelloFromAlice_message->H3, 32);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:1363:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(contextAlice->channelContext[1]->peerH[2], alice_CommitFromBob_message->H2, 32);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:1377:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash, contextAlice->channelContext[1]->selfPackets[HELLO_MESSAGE_STORE_ID]->packetString+ZRTP_PACKET_HEADER_LENGTH, contextAlice->channelContext[1]->selfPackets[HELLO_MESSAGE_STORE_ID]->messageLength);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:1379:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash+hashDataIndex, contextAlice->channelContext[1]->peerPackets[COMMIT_MESSAGE_STORE_ID]->packetString+ZRTP_PACKET_HEADER_LENGTH, contextAlice->channelContext[1]->peerPackets[COMMIT_MESSAGE_STORE_ID]->messageLength);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:1384:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash, contextBob->channelContext[1]->peerPackets[HELLO_MESSAGE_STORE_ID]->packetString+ZRTP_PACKET_HEADER_LENGTH, contextBob->channelContext[1]->peerPackets[HELLO_MESSAGE_STORE_ID]->messageLength);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:1386:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataToHash+hashDataIndex, contextBob->channelContext[1]->selfPackets[COMMIT_MESSAGE_STORE_ID]->packetString+ZRTP_PACKET_HEADER_LENGTH, contextBob->channelContext[1]->selfPackets[COMMIT_MESSAGE_STORE_ID]->messageLength);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:1403:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(contextAlice->channelContext[1]->KDFContext, contextAlice->peerZID, 12);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:1404:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(contextAlice->channelContext[1]->KDFContext+12, contextAlice->selfZID, 12);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:1405:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(contextAlice->channelContext[1]->KDFContext+24, alice_totalHash, contextAlice->channelContext[1]->hashLength);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:1409:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(contextBob->channelContext[1]->KDFContext, contextBob->selfZID, 12);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:1410:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(contextBob->channelContext[1]->KDFContext+12, contextBob->peerZID, 12);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:1411:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(contextBob->channelContext[1]->KDFContext+24, bob_totalHash, contextBob->channelContext[1]->hashLength);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:1494:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(contextBob->channelContext[1]->peerH[0], bob_Confirm1FromAlice_message->H0, 32);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:1515:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(contextAlice->channelContext[1]->peerH[0], alice_Confirm2FromBob_message->H0, 32);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:1600:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bobQueue[bobQueueIndex].packetString, packetString, packetLength);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:1604:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aliceQueue[aliceQueueIndex].packetString, packetString, packetLength);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:1655:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aliceClientData.nom, "Alice", 6);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:1656:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bobClientData.nom, "Bob", 4);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:1746:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pingPacketString+16, "Ping ",8);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:1749:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pingPacketString+24, "1.10", 4);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:1752:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pingPacketString+28, contextBob->selfZID, 8);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:1777:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aliceSecondChannelClientData.nom, "Alice", 6);
data/bzrtp-4.4.0/test/bzrtpParserTest.c:1778:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bobSecondChannelClientData.nom, "Bob", 4);
data/bzrtp-4.4.0/test/bzrtpTest.c:111:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[200];
data/bzrtp-4.4.0/test/bzrtpZidCacheTest.c:45:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char patternFilename[1024];
data/bzrtp-4.4.0/test/bzrtpZidCacheTest.c:158:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char patternFilename[1024];
data/bzrtp-4.4.0/src/bzrtp.c:939:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (outputLength < strlen(ZRTP_VERSION)+1+64+1) {
data/bzrtp-4.4.0/src/bzrtp.c:951:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
output[strlen(ZRTP_VERSION)]=' ';
data/bzrtp-4.4.0/src/bzrtp.c:954:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bzrtp_int8ToStr(output+strlen(ZRTP_VERSION)+1, helloHash, 32);
data/bzrtp-4.4.0/src/bzrtp.c:957:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
output[strlen(ZRTP_VERSION)+1+64]='\0';
data/bzrtp-4.4.0/src/packetParser.c:1139:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*)zrtpHelloMessage->clientIdentifier, ZRTP_CLIENT_IDENTIFIER, 16);
data/bzrtp-4.4.0/src/zidCache.c:642:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
insertColumnsStringLength += strlen(columns[i])+5; /* +5 for =?, */
data/bzrtp-4.4.0/src/zidCache.c:646:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j=strlen(insertColumnsString);
data/bzrtp-4.4.0/src/zidCache.c:649:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j=strlen(insertColumnsString);
data/bzrtp-4.4.0/src/zidCache.c:678:3: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(valuesBindingString,"?");
data/bzrtp-4.4.0/src/zidCache.c:680:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j=strlen(insertColumnsString);
data/bzrtp-4.4.0/src/zidCache.c:683:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j=strlen(insertColumnsString);
data/bzrtp-4.4.0/src/zidCache.c:898:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
readColumnsStringLength += strlen(columns[i])+5; /* +2 for ', '*/
data/bzrtp-4.4.0/src/zidCache.c:902:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j=strlen(readColumnsString);
data/bzrtp-4.4.0/src/zidCache.c:905:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j=strlen(readColumnsString);
data/bzrtp-4.4.0/test/bzrtpCryptoTest.c:72:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
patternKDFLabel[i], strlen((char *)patternKDFLabel[i]),
data/bzrtp-4.4.0/test/bzrtpParserTest.c:168:95: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bzrtp_setPeerHelloHash(context12345678, 0x12345678, (uint8_t *)patternZRTPHelloHash87654321, strlen((const char *)patternZRTPHelloHash87654321));
data/bzrtp-4.4.0/test/bzrtpParserTest.c:206:107: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
retval = bzrtp_setPeerHelloHash(context87654321, 0x87654321, (uint8_t *)patternZRTPHelloHash12345678, strlen((const char *)patternZRTPHelloHash12345678));
data/bzrtp-4.4.0/test/bzrtpParserTest.c:1862:91: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
retval = bzrtp_setPeerHelloHash(context12345678, 0x12345678, (uint8_t *)ZRTPHASHPATTERN, strlen((const char *)ZRTPHASHPATTERN));
data/bzrtp-4.4.0/test/bzrtpParserTest.c:1866:97: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
retval = bzrtp_setPeerHelloHash(context12345678, 0x12345678, (uint8_t *)ZRTPHASHPATTERN_WRONG, strlen((const char *)ZRTPHASHPATTERN));
data/bzrtp-4.4.0/test/bzrtpParserTest.c:1877:91: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
retval = bzrtp_setPeerHelloHash(context12345678, 0x12345678, (uint8_t *)ZRTPHASHPATTERN, strlen((const char *)ZRTPHASHPATTERN));
ANALYSIS SUMMARY:
Hits = 302
Lines analyzed = 14862 in approximately 0.66 seconds (22383 lines/second)
Physical Source Lines of Code (SLOC) = 9509
Hits@level = [0] 50 [1] 20 [2] 273 [3] 1 [4] 8 [5] 0
Hits@level+ = [0+] 352 [1+] 302 [2+] 282 [3+] 9 [4+] 8 [5+] 0
Hits/KSLOC@level+ = [0+] 37.0176 [1+] 31.7594 [2+] 29.6561 [3+] 0.946472 [4+] 0.841308 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.