Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/dq-20181021/crypto-tests/crypto_auth_siphash24test.c
Examining data/dq-20181021/crypto-tests/crypto_box_curve25519xsalsa20poly1305test.c
Examining data/dq-20181021/crypto-tests/crypto_core_hsalsa20test.c
Examining data/dq-20181021/crypto-tests/crypto_onetimeauth_poly1305test.c
Examining data/dq-20181021/crypto-tests/crypto_scalarmult_curve25519test.c
Examining data/dq-20181021/crypto-tests/crypto_secretbox_xsalsa20poly1305test.c
Examining data/dq-20181021/crypto-tests/crypto_stream_salsa20test.c
Examining data/dq-20181021/crypto-tests/crypto_stream_xsalsa20test.c
Examining data/dq-20181021/crypto-tests/crypto_verify_16test.c
Examining data/dq-20181021/crypto-tests/crypto_verify_32test.c
Examining data/dq-20181021/crypto-tests/crypto_verify_8test.c
Examining data/dq-20181021/crypto-tests/misc.h
Examining data/dq-20181021/crypto-tests/randombytestest.c
Examining data/dq-20181021/crypto/cleanup.c
Examining data/dq-20181021/crypto/cleanup.h
Examining data/dq-20181021/crypto/crypto_auth_siphash24.c
Examining data/dq-20181021/crypto/crypto_auth_siphash24.h
Examining data/dq-20181021/crypto/crypto_box_curve25519xsalsa20poly1305.c
Examining data/dq-20181021/crypto/crypto_box_curve25519xsalsa20poly1305.h
Examining data/dq-20181021/crypto/crypto_core_hsalsa20.c
Examining data/dq-20181021/crypto/crypto_core_hsalsa20.h
Examining data/dq-20181021/crypto/crypto_onetimeauth_poly1305.c
Examining data/dq-20181021/crypto/crypto_onetimeauth_poly1305.h
Examining data/dq-20181021/crypto/crypto_scalarmult_curve25519.c
Examining data/dq-20181021/crypto/crypto_scalarmult_curve25519.h
Examining data/dq-20181021/crypto/crypto_secretbox_xsalsa20poly1305.c
Examining data/dq-20181021/crypto/crypto_secretbox_xsalsa20poly1305.h
Examining data/dq-20181021/crypto/crypto_stream_salsa20.c
Examining data/dq-20181021/crypto/crypto_stream_salsa20.h
Examining data/dq-20181021/crypto/crypto_stream_xsalsa20.c
Examining data/dq-20181021/crypto/crypto_stream_xsalsa20.h
Examining data/dq-20181021/crypto/crypto_verify_16.c
Examining data/dq-20181021/crypto/crypto_verify_16.h
Examining data/dq-20181021/crypto/crypto_verify_32.c
Examining data/dq-20181021/crypto/crypto_verify_32.h
Examining data/dq-20181021/crypto/crypto_verify_8.c
Examining data/dq-20181021/crypto/crypto_verify_8.h
Examining data/dq-20181021/crypto/randombytes.c
Examining data/dq-20181021/crypto/randombytes.h
Examining data/dq-20181021/crypto/salsa.c
Examining data/dq-20181021/crypto/salsa.h
Examining data/dq-20181021/crypto/siphash.c
Examining data/dq-20181021/crypto/siphash.h
Examining data/dq-20181021/crypto/uint32_pack.c
Examining data/dq-20181021/crypto/uint32_pack.h
Examining data/dq-20181021/crypto/uint32_pack_big.c
Examining data/dq-20181021/crypto/uint32_pack_big.h
Examining data/dq-20181021/crypto/uint32_unpack.c
Examining data/dq-20181021/crypto/uint32_unpack.h
Examining data/dq-20181021/crypto/uint32_unpack_big.c
Examining data/dq-20181021/crypto/uint32_unpack_big.h
Examining data/dq-20181021/crypto/uint64_pack.c
Examining data/dq-20181021/crypto/uint64_pack.h
Examining data/dq-20181021/crypto/uint64_unpack.c
Examining data/dq-20181021/crypto/uint64_unpack.h
Examining data/dq-20181021/crypto/verify.c
Examining data/dq-20181021/crypto/verify.h
Examining data/dq-20181021/dq/alloc.c
Examining data/dq-20181021/dq/alloc.h
Examining data/dq-20181021/dq/base32decode.c
Examining data/dq-20181021/dq/base32decode.h
Examining data/dq-20181021/dq/blocking.c
Examining data/dq-20181021/dq/blocking.h
Examining data/dq-20181021/dq/buffer.c
Examining data/dq-20181021/dq/buffer.h
Examining data/dq-20181021/dq/buffer_2.c
Examining data/dq-20181021/dq/buffer_put.c
Examining data/dq-20181021/dq/buffer_write.c
Examining data/dq-20181021/dq/byte.c
Examining data/dq-20181021/dq/byte.h
Examining data/dq-20181021/dq/cache.c
Examining data/dq-20181021/dq/cache.h
Examining data/dq-20181021/dq/case.c
Examining data/dq-20181021/dq/case.h
Examining data/dq-20181021/dq/die.c
Examining data/dq-20181021/dq/die.h
Examining data/dq-20181021/dq/dns.h
Examining data/dq-20181021/dq/dns_base32.c
Examining data/dq-20181021/dq/dns_data.c
Examining data/dq-20181021/dq/dns_domain.c
Examining data/dq-20181021/dq/dns_dtda.c
Examining data/dq-20181021/dq/dns_ip.c
Examining data/dq-20181021/dq/dns_ipq.c
Examining data/dq-20181021/dq/dns_iptoname.c
Examining data/dq-20181021/dq/dns_keys.c
Examining data/dq-20181021/dq/dns_nonce.c
Examining data/dq-20181021/dq/dns_packet.c
Examining data/dq-20181021/dq/dns_rcip.c
Examining data/dq-20181021/dq/dns_rcrw.c
Examining data/dq-20181021/dq/dns_resolve.c
Examining data/dq-20181021/dq/dns_sortip.c
Examining data/dq-20181021/dq/dns_transmit.c
Examining data/dq-20181021/dq/dns_verbosity.c
Examining data/dq-20181021/dq/dq.c
Examining data/dq-20181021/dq/dqcache-makekey.c
Examining data/dq-20181021/dq/dqcache-start.c
Examining data/dq-20181021/dq/dqcache.c
Examining data/dq-20181021/dq/droproot.c
Examining data/dq-20181021/dq/droproot.h
Examining data/dq-20181021/dq/e.c
Examining data/dq-20181021/dq/e.h
Examining data/dq-20181021/dq/env.c
Examining data/dq-20181021/dq/env.h
Examining data/dq-20181021/dq/hexdecode.c
Examining data/dq-20181021/dq/hexdecode.h
Examining data/dq-20181021/dq/hexparse.c
Examining data/dq-20181021/dq/hexparse.h
Examining data/dq-20181021/dq/iptostr.c
Examining data/dq-20181021/dq/iptostr.h
Examining data/dq-20181021/dq/keyparse.c
Examining data/dq-20181021/dq/keyparse.h
Examining data/dq-20181021/dq/log.c
Examining data/dq-20181021/dq/log.h
Examining data/dq-20181021/dq/milliseconds.c
Examining data/dq-20181021/dq/milliseconds.h
Examining data/dq-20181021/dq/nanoseconds.c
Examining data/dq-20181021/dq/nanoseconds.h
Examining data/dq-20181021/dq/numtostr.c
Examining data/dq-20181021/dq/numtostr.h
Examining data/dq-20181021/dq/okclient.c
Examining data/dq-20181021/dq/okclient.h
Examining data/dq-20181021/dq/open.h
Examining data/dq-20181021/dq/open_read.c
Examining data/dq-20181021/dq/open_trunc.c
Examining data/dq-20181021/dq/openreadclose.c
Examining data/dq-20181021/dq/openreadclose.h
Examining data/dq-20181021/dq/portparse.c
Examining data/dq-20181021/dq/portparse.h
Examining data/dq-20181021/dq/porttostr.c
Examining data/dq-20181021/dq/porttostr.h
Examining data/dq-20181021/dq/printpacket.c
Examining data/dq-20181021/dq/printpacket.h
Examining data/dq-20181021/dq/printrecord.c
Examining data/dq-20181021/dq/printrecord.h
Examining data/dq-20181021/dq/purge.h
Examining data/dq-20181021/dq/query.c
Examining data/dq-20181021/dq/query.h
Examining data/dq-20181021/dq/randommod.c
Examining data/dq-20181021/dq/randommod.h
Examining data/dq-20181021/dq/response.c
Examining data/dq-20181021/dq/response.h
Examining data/dq-20181021/dq/roots.c
Examining data/dq-20181021/dq/roots.h
Examining data/dq-20181021/dq/seconds.c
Examining data/dq-20181021/dq/seconds.h
Examining data/dq-20181021/dq/str.c
Examining data/dq-20181021/dq/str.h
Examining data/dq-20181021/dq/stralloc.c
Examining data/dq-20181021/dq/stralloc.h
Examining data/dq-20181021/dq/strtoip.c
Examining data/dq-20181021/dq/strtoip.h
Examining data/dq-20181021/dq/strtomultiip.c
Examining data/dq-20181021/dq/strtomultiip.h
Examining data/dq-20181021/dq/strtonum.c
Examining data/dq-20181021/dq/strtonum.h
Examining data/dq-20181021/dq/typeparse.c
Examining data/dq-20181021/dq/typeparse.h
Examining data/dq-20181021/dq/uint16_pack_big.c
Examining data/dq-20181021/dq/uint16_pack_big.h
Examining data/dq-20181021/dq/uint16_unpack_big.c
Examining data/dq-20181021/dq/uint16_unpack_big.h
Examining data/dq-20181021/dq/warn.c
Examining data/dq-20181021/dq/warn.h
Examining data/dq-20181021/dq/writeall.c
Examining data/dq-20181021/dq/writeall.h
Examining data/dq-20181021/dq/xsocket.h
Examining data/dq-20181021/dq/xsocket_accept.c
Examining data/dq-20181021/dq/xsocket_bind.c
Examining data/dq-20181021/dq/xsocket_conn.c
Examining data/dq-20181021/dq/xsocket_listen.c
Examining data/dq-20181021/dq/xsocket_recv.c
Examining data/dq-20181021/dq/xsocket_send.c
Examining data/dq-20181021/dq/xsocket_tcp.c
Examining data/dq-20181021/dq/xsocket_type.c
Examining data/dq-20181021/dq/xsocket_udp.c
Examining data/dq-20181021/sysdep/crypto_int16.h-short.c
Examining data/dq-20181021/sysdep/crypto_int32.h-int.c
Examining data/dq-20181021/sysdep/crypto_int32.h-long.c
Examining data/dq-20181021/sysdep/crypto_int64.h-attr.c
Examining data/dq-20181021/sysdep/crypto_int64.h-long.c
Examining data/dq-20181021/sysdep/crypto_int64.h-longlong.c
Examining data/dq-20181021/sysdep/crypto_int8.h-char.c
Examining data/dq-20181021/sysdep/crypto_uint16.h-short.c
Examining data/dq-20181021/sysdep/crypto_uint32.h-int.c
Examining data/dq-20181021/sysdep/crypto_uint32.h-long.c
Examining data/dq-20181021/sysdep/crypto_uint64.h-attr.c
Examining data/dq-20181021/sysdep/crypto_uint64.h-long.c
Examining data/dq-20181021/sysdep/crypto_uint64.h-longlong.c
Examining data/dq-20181021/sysdep/crypto_uint8.h-char.c
Examining data/dq-20181021/sysdep/default.h-no.c
Examining data/dq-20181021/sysdep/direntry.h-direct.c
Examining data/dq-20181021/sysdep/direntry.h-dirent.c
Examining data/dq-20181021/sysdep/hasasmvolatilememory.h-yes.c
Examining data/dq-20181021/sysdep/hasipv6.h-yes.c
Examining data/dq-20181021/sysdep/trynum.h
FINAL RESULTS:
data/dq-20181021/dq/cache.c:285:9: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(fntmp, 0600) == -1) return -1;
data/dq-20181021/dq/dqcache-start.c:42:9: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (chown("dump", uid, gid) == -1) die_6(111, FATAL, "unable to change owner on ", root, "/dump: ", e_str(errno), "\n");
data/dq-20181021/dq/dqcache-start.c:51:5: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(*argv, argv);
data/dq-20181021/dq/droproot.c:32:9: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
if (chroot(".") == -1) die_fatal(fatal, "unable to chroot to", x);
data/dq-20181021/crypto-tests/crypto_auth_siphash24test.c:13:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char space[SPACESIZE + 16];
data/dq-20181021/crypto-tests/crypto_auth_siphash24test.c:14:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char key[crypto_auth_siphash24_KEYBYTES + 16];
data/dq-20181021/crypto-tests/crypto_auth_siphash24test.c:15:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char buf[crypto_auth_siphash24_BYTES + 16];
data/dq-20181021/crypto-tests/crypto_auth_siphash24test.c:17:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char test_pseudorandom_checksum[32] = {
data/dq-20181021/crypto-tests/crypto_auth_siphash24test.c:52:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char vectors[64][8] = {
data/dq-20181021/crypto-tests/crypto_auth_siphash24test.c:123:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[MAXLEN], out[8], k[16];
data/dq-20181021/crypto-tests/crypto_box_curve25519xsalsa20poly1305test.c:12:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char m[SPACESIZE + 16];
data/dq-20181021/crypto-tests/crypto_box_curve25519xsalsa20poly1305test.c:13:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char n[crypto_box_curve25519xsalsa20poly1305_NONCEBYTES + 16];
data/dq-20181021/crypto-tests/crypto_box_curve25519xsalsa20poly1305test.c:14:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char c[SPACESIZE + 16 + crypto_box_curve25519xsalsa20poly1305_ZEROBYTES];
data/dq-20181021/crypto-tests/crypto_box_curve25519xsalsa20poly1305test.c:15:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char pk[crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES + 16];
data/dq-20181021/crypto-tests/crypto_box_curve25519xsalsa20poly1305test.c:16:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char sk[crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES + 16];
data/dq-20181021/crypto-tests/crypto_box_curve25519xsalsa20poly1305test.c:18:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char test_pseudorandom_checksum[32] = {
data/dq-20181021/crypto-tests/crypto_box_curve25519xsalsa20poly1305test.c:45:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char skdata[1080][32] = {
data/dq-20181021/crypto-tests/crypto_box_curve25519xsalsa20poly1305test.c:49:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char pkdata[1080][32] = {
data/dq-20181021/crypto-tests/crypto_core_hsalsa20test.c:10:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char key[crypto_core_hsalsa20_KEYBYTES + 16];
data/dq-20181021/crypto-tests/crypto_core_hsalsa20test.c:11:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char out[crypto_core_hsalsa20_OUTPUTBYTES + 16];
data/dq-20181021/crypto-tests/crypto_core_hsalsa20test.c:12:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char in[crypto_core_hsalsa20_INPUTBYTES + 16];
data/dq-20181021/crypto-tests/crypto_core_hsalsa20test.c:13:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char c[crypto_core_hsalsa20_CONSTBYTES + 16];
data/dq-20181021/crypto-tests/crypto_core_hsalsa20test.c:15:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char o[32] = {
data/dq-20181021/crypto-tests/crypto_onetimeauth_poly1305test.c:12:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char space[SPACESIZE + 16];
data/dq-20181021/crypto-tests/crypto_onetimeauth_poly1305test.c:13:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char key[crypto_onetimeauth_poly1305_KEYBYTES + 16];
data/dq-20181021/crypto-tests/crypto_onetimeauth_poly1305test.c:14:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char buf[crypto_onetimeauth_poly1305_BYTES + 16];
data/dq-20181021/crypto-tests/crypto_onetimeauth_poly1305test.c:16:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char test_pseudorandom_checksum[32] = {
data/dq-20181021/crypto-tests/crypto_scalarmult_curve25519test.c:13:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char pk[BYTES];
data/dq-20181021/crypto-tests/crypto_scalarmult_curve25519test.c:14:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char sk1[SCALARBYTES + 16];
data/dq-20181021/crypto-tests/crypto_scalarmult_curve25519test.c:15:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char pk1[BYTES + 16];
data/dq-20181021/crypto-tests/crypto_scalarmult_curve25519test.c:16:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char k1[BYTES + 16];
data/dq-20181021/crypto-tests/crypto_scalarmult_curve25519test.c:17:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char sk2[SCALARBYTES + 16];
data/dq-20181021/crypto-tests/crypto_scalarmult_curve25519test.c:18:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char pk2[BYTES + 16];
data/dq-20181021/crypto-tests/crypto_scalarmult_curve25519test.c:19:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char k2[BYTES + 16];
data/dq-20181021/crypto-tests/crypto_scalarmult_curve25519test.c:22:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char S[BYTES] = { 9 };
data/dq-20181021/crypto-tests/crypto_scalarmult_curve25519test.c:24:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char R[BYTES] = {
data/dq-20181021/crypto-tests/crypto_scalarmult_curve25519test.c:31:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char d[SCALARBYTES] = {
data/dq-20181021/crypto-tests/crypto_scalarmult_curve25519test.c:41:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char r[BYTES];
data/dq-20181021/crypto-tests/crypto_scalarmult_curve25519test.c:47:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char skdata[1080][32] = {
data/dq-20181021/crypto-tests/crypto_scalarmult_curve25519test.c:51:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char pkdata[1080][32] = {
data/dq-20181021/crypto-tests/crypto_scalarmult_curve25519test.c:74:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char basepoint[BYTES] = { 9 };
data/dq-20181021/crypto-tests/crypto_scalarmult_curve25519test.c:76:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char test_scalarmult_checksum[32] = {
data/dq-20181021/crypto-tests/crypto_scalarmult_curve25519test.c:86:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char outpk[BYTES];
data/dq-20181021/crypto-tests/crypto_secretbox_xsalsa20poly1305test.c:12:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char m[SPACESIZE + 16];
data/dq-20181021/crypto-tests/crypto_secretbox_xsalsa20poly1305test.c:13:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char k[crypto_secretbox_xsalsa20poly1305_KEYBYTES + 16];
data/dq-20181021/crypto-tests/crypto_secretbox_xsalsa20poly1305test.c:14:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char n[crypto_secretbox_xsalsa20poly1305_NONCEBYTES + 16];
data/dq-20181021/crypto-tests/crypto_secretbox_xsalsa20poly1305test.c:15:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char c[SPACESIZE + 16 + crypto_secretbox_xsalsa20poly1305_ZEROBYTES];
data/dq-20181021/crypto-tests/crypto_secretbox_xsalsa20poly1305test.c:17:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char test_pseudorandom_checksum[32] = {
data/dq-20181021/crypto-tests/crypto_stream_salsa20test.c:11:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char space[5232];
data/dq-20181021/crypto-tests/crypto_stream_salsa20test.c:12:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char k[crypto_stream_salsa20_KEYBYTES + 16];
data/dq-20181021/crypto-tests/crypto_stream_salsa20test.c:13:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char n[crypto_stream_salsa20_NONCEBYTES + 16];
data/dq-20181021/crypto-tests/crypto_stream_salsa20test.c:15:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char o[32] = {
data/dq-20181021/crypto-tests/crypto_stream_xsalsa20test.c:11:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char space[5232];
data/dq-20181021/crypto-tests/crypto_stream_xsalsa20test.c:12:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char k[crypto_stream_xsalsa20_KEYBYTES + 16];
data/dq-20181021/crypto-tests/crypto_stream_xsalsa20test.c:13:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char n[crypto_stream_xsalsa20_NONCEBYTES + 16];
data/dq-20181021/crypto-tests/crypto_stream_xsalsa20test.c:15:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char o[32] = {
data/dq-20181021/crypto-tests/crypto_verify_16test.c:10:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char b1[crypto_verify_16_BYTES + 16];
data/dq-20181021/crypto-tests/crypto_verify_16test.c:11:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char b2[crypto_verify_16_BYTES + 16];
data/dq-20181021/crypto-tests/crypto_verify_32test.c:10:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char b1[crypto_verify_32_BYTES + 16];
data/dq-20181021/crypto-tests/crypto_verify_32test.c:11:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char b2[crypto_verify_32_BYTES + 16];
data/dq-20181021/crypto-tests/crypto_verify_8test.c:10:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char b1[crypto_verify_8_BYTES + 16];
data/dq-20181021/crypto-tests/crypto_verify_8test.c:11:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char b2[crypto_verify_8_BYTES + 16];
data/dq-20181021/crypto-tests/misc.h:66:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char checksum_state[64] = {0};
data/dq-20181021/crypto-tests/misc.h:135:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const static unsigned char randombytes_k[33] = "answer randombytes from crypto_*";
data/dq-20181021/crypto-tests/misc.h:136:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char randombytes_n[8];
data/dq-20181021/crypto-tests/misc.h:143:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char randombytes_k[32];
data/dq-20181021/crypto-tests/misc.h:144:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char randombytes_n[8];
data/dq-20181021/crypto-tests/randombytestest.c:52:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/dq-20181021/crypto-tests/randombytestest.c:74:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf1[16];
data/dq-20181021/crypto-tests/randombytestest.c:75:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf2[16];
data/dq-20181021/crypto/crypto_auth_siphash24.c:11:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char x[8];
data/dq-20181021/crypto/crypto_box_curve25519xsalsa20poly1305.c:7:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char zero[16] = {0};
data/dq-20181021/crypto/crypto_box_curve25519xsalsa20poly1305.c:8:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char sigma[16] = "expand 32-byte k";
data/dq-20181021/crypto/crypto_box_curve25519xsalsa20poly1305.c:16:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char s[32];
data/dq-20181021/crypto/crypto_box_curve25519xsalsa20poly1305.c:49:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char k[32];
data/dq-20181021/crypto/crypto_box_curve25519xsalsa20poly1305.c:62:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char k[32];
data/dq-20181021/crypto/crypto_onetimeauth_poly1305.c:62:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mm[16];
data/dq-20181021/crypto/crypto_onetimeauth_poly1305.c:145:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char correct[16];
data/dq-20181021/crypto/crypto_scalarmult_curve25519.c:274:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char e[32];
data/dq-20181021/crypto/crypto_scalarmult_curve25519.c:330:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char basepoint[32] = {9};
data/dq-20181021/crypto/crypto_secretbox_xsalsa20poly1305.c:19:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char subkey[32];
data/dq-20181021/crypto/crypto_stream_xsalsa20.c:12:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char sigma[16] = "expand 32-byte k";
data/dq-20181021/crypto/crypto_stream_xsalsa20.c:16:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char subkey[32];
data/dq-20181021/crypto/randombytes.c:19:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/urandom",O_RDONLY | O_CLOEXEC);
data/dq-20181021/crypto/randombytes.c:21:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/urandom",O_RDONLY);
data/dq-20181021/crypto/salsa.c:66:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char x[64];
data/dq-20181021/crypto/siphash.c:26:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[8];
data/dq-20181021/dq/alloc.c:21:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef union { unsigned char irrelevant[ALLOC_ALIGNMENT]; double d; } aligned;
data/dq-20181021/dq/base32decode.c:3:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char base32values[128] = {
data/dq-20181021/dq/buffer_2.c:3:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer_2_space[BUFFER_ERRSIZE];
data/dq-20181021/dq/cache.c:31:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char hashkey[crypto_auth_siphash24_KEYBYTES];
data/dq-20181021/dq/cache.c:98:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char a[crypto_auth_siphash24_BYTES];
data/dq-20181021/dq/cache.c:115:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char expirestr[8];
data/dq-20181021/dq/cache.c:240:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bspace[8096];
data/dq-20181021/dq/cache.c:303:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char expirestr[8];
data/dq-20181021/dq/die.c:18:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *s[9];
data/dq-20181021/dq/die.c:20:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/dq-20181021/dq/dns.h:38:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char localip[32];
data/dq-20181021/dq/dns.h:39:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char qtype[2];
data/dq-20181021/dq/dns.h:40:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char port[2];
data/dq-20181021/dq/dns.h:44:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char id[2];
data/dq-20181021/dq/dns.h:45:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce[12];
data/dq-20181021/dq/dns.h:76:70: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern int dns_transmit_start(struct dns_transmit *d, const unsigned char servers[256], int flagrecursive, const unsigned char *q, const unsigned char qtype[2], const unsigned char localip[32]);
data/dq-20181021/dq/dns.h:76:123: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern int dns_transmit_start(struct dns_transmit *d, const unsigned char servers[256], int flagrecursive, const unsigned char *q, const unsigned char qtype[2], const unsigned char localip[32]);
data/dq-20181021/dq/dns.h:76:147: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern int dns_transmit_start(struct dns_transmit *d, const unsigned char servers[256], int flagrecursive, const unsigned char *q, const unsigned char qtype[2], const unsigned char localip[32]);
data/dq-20181021/dq/dns.h:76:177: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern int dns_transmit_start(struct dns_transmit *d, const unsigned char servers[256], int flagrecursive, const unsigned char *q, const unsigned char qtype[2], const unsigned char localip[32]);
data/dq-20181021/dq/dns.h:77:73: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern int dns_transmit_startext(struct dns_transmit *d, const unsigned char servers[256], int flagrecursive, int flagtcp, int flagipv4only, const unsigned char *q, const unsigned char qtype[2], const unsigned char localip[32], const unsigned char port[2], const unsigned char keys[528], const unsigned char pk[32], const unsigned char *suffix);
data/dq-20181021/dq/dns.h:77:157: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern int dns_transmit_startext(struct dns_transmit *d, const unsigned char servers[256], int flagrecursive, int flagtcp, int flagipv4only, const unsigned char *q, const unsigned char qtype[2], const unsigned char localip[32], const unsigned char port[2], const unsigned char keys[528], const unsigned char pk[32], const unsigned char *suffix);
data/dq-20181021/dq/dns.h:77:181: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern int dns_transmit_startext(struct dns_transmit *d, const unsigned char servers[256], int flagrecursive, int flagtcp, int flagipv4only, const unsigned char *q, const unsigned char qtype[2], const unsigned char localip[32], const unsigned char port[2], const unsigned char keys[528], const unsigned char pk[32], const unsigned char *suffix);
data/dq-20181021/dq/dns.h:77:211: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern int dns_transmit_startext(struct dns_transmit *d, const unsigned char servers[256], int flagrecursive, int flagtcp, int flagipv4only, const unsigned char *q, const unsigned char qtype[2], const unsigned char localip[32], const unsigned char port[2], const unsigned char keys[528], const unsigned char pk[32], const unsigned char *suffix);
data/dq-20181021/dq/dns.h:77:244: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern int dns_transmit_startext(struct dns_transmit *d, const unsigned char servers[256], int flagrecursive, int flagtcp, int flagipv4only, const unsigned char *q, const unsigned char qtype[2], const unsigned char localip[32], const unsigned char port[2], const unsigned char keys[528], const unsigned char pk[32], const unsigned char *suffix);
data/dq-20181021/dq/dns.h:77:273: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern int dns_transmit_startext(struct dns_transmit *d, const unsigned char servers[256], int flagrecursive, int flagtcp, int flagipv4only, const unsigned char *q, const unsigned char qtype[2], const unsigned char localip[32], const unsigned char port[2], const unsigned char keys[528], const unsigned char pk[32], const unsigned char *suffix);
data/dq-20181021/dq/dns.h:77:304: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern int dns_transmit_startext(struct dns_transmit *d, const unsigned char servers[256], int flagrecursive, int flagtcp, int flagipv4only, const unsigned char *q, const unsigned char qtype[2], const unsigned char localip[32], const unsigned char port[2], const unsigned char keys[528], const unsigned char pk[32], const unsigned char *suffix);
data/dq-20181021/dq/dns.h:111:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern int dns_resolve(const unsigned char *q, const unsigned char qtype[2]);
data/dq-20181021/dq/dns.h:111:63: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern int dns_resolve(const unsigned char *q, const unsigned char qtype[2]);
data/dq-20181021/dq/dns_base32.c:4:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char base32_digits[32] = "0123456789bcdfghjklmnpqrstuvwxyz";
data/dq-20181021/dq/dns_base32.c:58:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char val[128] = {
data/dq-20181021/dq/dns_domain.c:78:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char label[63];
data/dq-20181021/dq/dns_domain.c:80:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char name[255];
data/dq-20181021/dq/dns_domain.c:145:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char label[63];
data/dq-20181021/dq/dns_dtda.c:9:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/dq-20181021/dq/dns_ip.c:19:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[32];
data/dq-20181021/dq/dns_ip.c:20:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ext[16];
data/dq-20181021/dq/dns_ip.c:61:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[32];
data/dq-20181021/dq/dns_ip.c:86:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[16];
data/dq-20181021/dq/dns_ip.c:87:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char d[256];
data/dq-20181021/dq/dns_ip.c:155:56: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int resolve2(struct dns_data *d, const unsigned char *q, const unsigned char qtype0[2], const unsigned char qtype1[2]) {
data/dq-20181021/dq/dns_ip.c:155:80: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int resolve2(struct dns_data *d, const unsigned char *q, const unsigned char qtype0[2], const unsigned char qtype1[2]) {
data/dq-20181021/dq/dns_ip.c:155:111: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int resolve2(struct dns_data *d, const unsigned char *q, const unsigned char qtype0[2], const unsigned char qtype1[2]) {
data/dq-20181021/dq/dns_ip.c:158:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char servers[256];
data/dq-20181021/dq/dns_ip.c:218:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ip[16];
data/dq-20181021/dq/dns_ip.c:243:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ip[16];
data/dq-20181021/dq/dns_ip.c:269:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ip[16];
data/dq-20181021/dq/dns_iptoname.c:8:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strnum[NUMTOSTR_LEN], *x;
data/dq-20181021/dq/dns_iptoname.c:35:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char staticbuf[DNS_IPTONAME_LEN];
data/dq-20181021/dq/dns_keys.c:4:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char zero[8] = {0};
data/dq-20181021/dq/dns_nonce.c:18:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char noncekey[16] = {0};
data/dq-20181021/dq/dns_nonce.c:20:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char noncemask[NSS];
data/dq-20181021/dq/dns_nonce.c:21:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char noncedata[NSS];
data/dq-20181021/dq/dns_packet.c:39:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char name[255];
data/dq-20181021/dq/dns_rcip.c:14:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int init(unsigned char ip[256]) {
data/dq-20181021/dq/dns_rcip.c:71:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char ip[256]; /* defined if ok */
data/dq-20181021/dq/dns_rcrw.c:13:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[256];
data/dq-20181021/dq/dns_resolve.c:9:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int dns_resolve(const unsigned char *q, const unsigned char qtype[2]) {
data/dq-20181021/dq/dns_resolve.c:9:56: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int dns_resolve(const unsigned char *q, const unsigned char qtype[2]) {
data/dq-20181021/dq/dns_resolve.c:12:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char servers[256];
data/dq-20181021/dq/dns_sortip.c:7:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char t[33];
data/dq-20181021/dq/dns_transmit.c:59:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce[24];
data/dq-20181021/dq/dns_transmit.c:86:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce[24];
data/dq-20181021/dq/dns_transmit.c:130:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce[24];
data/dq-20181021/dq/dns_transmit.c:132:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[16];
data/dq-20181021/dq/dns_transmit.c:197:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[12];
data/dq-20181021/dq/dns_transmit.c:206:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[12];
data/dq-20181021/dq/dns_transmit.c:218:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[12];
data/dq-20181021/dq/dns_transmit.c:267:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char port[2];
data/dq-20181021/dq/dns_transmit.c:407:66: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int dns_transmit_startext(struct dns_transmit *d, const unsigned char servers[256], int flagrecursive, int flagtcp, int flagipv4only, const unsigned char *q, const unsigned char qtype[2], const unsigned char localip[32], const unsigned char port[2], const unsigned char keys[512], const unsigned char pk[32], const unsigned char *suffix) {
data/dq-20181021/dq/dns_transmit.c:407:150: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int dns_transmit_startext(struct dns_transmit *d, const unsigned char servers[256], int flagrecursive, int flagtcp, int flagipv4only, const unsigned char *q, const unsigned char qtype[2], const unsigned char localip[32], const unsigned char port[2], const unsigned char keys[512], const unsigned char pk[32], const unsigned char *suffix) {
data/dq-20181021/dq/dns_transmit.c:407:174: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int dns_transmit_startext(struct dns_transmit *d, const unsigned char servers[256], int flagrecursive, int flagtcp, int flagipv4only, const unsigned char *q, const unsigned char qtype[2], const unsigned char localip[32], const unsigned char port[2], const unsigned char keys[512], const unsigned char pk[32], const unsigned char *suffix) {
data/dq-20181021/dq/dns_transmit.c:407:204: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int dns_transmit_startext(struct dns_transmit *d, const unsigned char servers[256], int flagrecursive, int flagtcp, int flagipv4only, const unsigned char *q, const unsigned char qtype[2], const unsigned char localip[32], const unsigned char port[2], const unsigned char keys[512], const unsigned char pk[32], const unsigned char *suffix) {
data/dq-20181021/dq/dns_transmit.c:407:237: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int dns_transmit_startext(struct dns_transmit *d, const unsigned char servers[256], int flagrecursive, int flagtcp, int flagipv4only, const unsigned char *q, const unsigned char qtype[2], const unsigned char localip[32], const unsigned char port[2], const unsigned char keys[512], const unsigned char pk[32], const unsigned char *suffix) {
data/dq-20181021/dq/dns_transmit.c:407:266: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int dns_transmit_startext(struct dns_transmit *d, const unsigned char servers[256], int flagrecursive, int flagtcp, int flagipv4only, const unsigned char *q, const unsigned char qtype[2], const unsigned char localip[32], const unsigned char port[2], const unsigned char keys[512], const unsigned char pk[32], const unsigned char *suffix) {
data/dq-20181021/dq/dns_transmit.c:407:297: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int dns_transmit_startext(struct dns_transmit *d, const unsigned char servers[256], int flagrecursive, int flagtcp, int flagipv4only, const unsigned char *q, const unsigned char qtype[2], const unsigned char localip[32], const unsigned char port[2], const unsigned char keys[512], const unsigned char pk[32], const unsigned char *suffix) {
data/dq-20181021/dq/dns_transmit.c:462:63: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int dns_transmit_start(struct dns_transmit *d, const unsigned char servers[256], int flagrecursive, const unsigned char *q, const unsigned char qtype[2], const unsigned char localip[32]) {
data/dq-20181021/dq/dns_transmit.c:462:116: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int dns_transmit_start(struct dns_transmit *d, const unsigned char servers[256], int flagrecursive, const unsigned char *q, const unsigned char qtype[2], const unsigned char localip[32]) {
data/dq-20181021/dq/dns_transmit.c:462:140: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int dns_transmit_start(struct dns_transmit *d, const unsigned char servers[256], int flagrecursive, const unsigned char *q, const unsigned char qtype[2], const unsigned char localip[32]) {
data/dq-20181021/dq/dns_transmit.c:462:170: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int dns_transmit_start(struct dns_transmit *d, const unsigned char servers[256], int flagrecursive, const unsigned char *q, const unsigned char qtype[2], const unsigned char localip[32]) {
data/dq-20181021/dq/dns_transmit.c:485:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char udpbuf[4097];
data/dq-20181021/dq/dns_transmit.c:490:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ip[16];
data/dq-20181021/dq/dns_transmit.c:491:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char port[2];
data/dq-20181021/dq/dq.c:95:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char servers[16 * NUMIP];
data/dq-20181021/dq/dq.c:96:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char keys[33 * NUMIP];
data/dq-20181021/dq/dq.c:98:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pk[32];
data/dq-20181021/dq/dq.c:99:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sk[32];
data/dq-20181021/dq/dq.c:103:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char qtype[2];
data/dq-20181021/dq/dq.c:104:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char q[256];
data/dq-20181021/dq/dq.c:115:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char port[2];
data/dq-20181021/dq/dq.c:171:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ip[16];
data/dq-20181021/dq/dqcache-makekey.c:11:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char sk[32];
data/dq-20181021/dq/dqcache-makekey.c:12:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char out[65];
data/dq-20181021/dq/dqcache.c:33:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int packetquery(unsigned char *buf, long long len, unsigned char **q, unsigned char qtype[2], unsigned char qclass[2], unsigned char id[2]) {
data/dq-20181021/dq/dqcache.c:33:68: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int packetquery(unsigned char *buf, long long len, unsigned char **q, unsigned char qtype[2], unsigned char qclass[2], unsigned char id[2]) {
data/dq-20181021/dq/dqcache.c:33:87: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int packetquery(unsigned char *buf, long long len, unsigned char **q, unsigned char qtype[2], unsigned char qclass[2], unsigned char id[2]) {
data/dq-20181021/dq/dqcache.c:33:111: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int packetquery(unsigned char *buf, long long len, unsigned char **q, unsigned char qtype[2], unsigned char qclass[2], unsigned char id[2]) {
data/dq-20181021/dq/dqcache.c:33:136: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int packetquery(unsigned char *buf, long long len, unsigned char **q, unsigned char qtype[2], unsigned char qclass[2], unsigned char id[2]) {
data/dq-20181021/dq/dqcache.c:36:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header[12];
data/dq-20181021/dq/dqcache.c:55:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char myport[2] = {0, 53};
data/dq-20181021/dq/dqcache.c:56:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char myipoutgoing[32];
data/dq-20181021/dq/dqcache.c:57:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char myipincoming[16];
data/dq-20181021/dq/dqcache.c:60:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char buf[1024];
data/dq-20181021/dq/dqcache.c:73:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ip[16];
data/dq-20181021/dq/dqcache.c:74:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char port[2];
data/dq-20181021/dq/dqcache.c:76:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char id[2];
data/dq-20181021/dq/dqcache.c:119:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char qtype[2];
data/dq-20181021/dq/dqcache.c:120:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char qclass[2];
data/dq-20181021/dq/dqcache.c:171:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ip[16]; /* send response to this address */
data/dq-20181021/dq/dqcache.c:172:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char port[2]; /* send response to this port */
data/dq-20181021/dq/dqcache.c:175:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char id[2];
data/dq-20181021/dq/dqcache.c:237:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char qtype[2];
data/dq-20181021/dq/dqcache.c:238:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char qclass[2];
data/dq-20181021/dq/dqcache.c:419:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char skseed[32];
data/dq-20181021/dq/dqcache.c:420:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char sk[32 + 16];
data/dq-20181021/dq/dqcache.c:469:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char port[2];
data/dq-20181021/dq/iptostr.c:22:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char staticbuf[IPTOSTR_LEN];
data/dq-20181021/dq/iptostr.c:35:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char staticbuf[IPTOSTR_LEN];
data/dq-20181021/dq/log.c:14:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/dq-20181021/dq/log.c:45:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void ip(const unsigned char i[16]) {
data/dq-20181021/dq/log.c:65:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void logid(const unsigned char id[2]) {
data/dq-20181021/dq/log.c:74:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void logtype(const unsigned char type[2]) {
data/dq-20181021/dq/log.c:119:52: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void log_query(crypto_uint64 *qnum, const unsigned char client[16], unsigned char port[2], const unsigned char id[2], const unsigned char *q, const unsigned char qtype[2]) {
data/dq-20181021/dq/log.c:119:78: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void log_query(crypto_uint64 *qnum, const unsigned char client[16], unsigned char port[2], const unsigned char id[2], const unsigned char *q, const unsigned char qtype[2]) {
data/dq-20181021/dq/log.c:119:107: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void log_query(crypto_uint64 *qnum, const unsigned char client[16], unsigned char port[2], const unsigned char id[2], const unsigned char *q, const unsigned char qtype[2]) {
data/dq-20181021/dq/log.c:119:134: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void log_query(crypto_uint64 *qnum, const unsigned char client[16], unsigned char port[2], const unsigned char id[2], const unsigned char *q, const unsigned char qtype[2]) {
data/dq-20181021/dq/log.c:119:158: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void log_query(crypto_uint64 *qnum, const unsigned char client[16], unsigned char port[2], const unsigned char id[2], const unsigned char *q, const unsigned char qtype[2]) {
data/dq-20181021/dq/log.c:177:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void log_tcpopen(const unsigned char client[16], unsigned char port[2]) {
data/dq-20181021/dq/log.c:177:59: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void log_tcpopen(const unsigned char client[16], unsigned char port[2]) {
data/dq-20181021/dq/log.c:183:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void log_tcpclose(const unsigned char client[16],unsigned char port[2]) {
data/dq-20181021/dq/log.c:183:59: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void log_tcpclose(const unsigned char client[16],unsigned char port[2]) {
data/dq-20181021/dq/log.c:193:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void log_tx(const unsigned char *q, const unsigned char qtype[2], const unsigned char *control, const unsigned char servers[256], const unsigned char keys[528], int flaghavekeys, unsigned int gluelessness) {
data/dq-20181021/dq/log.c:193:52: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void log_tx(const unsigned char *q, const unsigned char qtype[2], const unsigned char *control, const unsigned char servers[256], const unsigned char keys[528], int flaghavekeys, unsigned int gluelessness) {
data/dq-20181021/dq/log.c:193:82: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void log_tx(const unsigned char *q, const unsigned char qtype[2], const unsigned char *control, const unsigned char servers[256], const unsigned char keys[528], int flaghavekeys, unsigned int gluelessness) {
data/dq-20181021/dq/log.c:193:112: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void log_tx(const unsigned char *q, const unsigned char qtype[2], const unsigned char *control, const unsigned char servers[256], const unsigned char keys[528], int flaghavekeys, unsigned int gluelessness) {
data/dq-20181021/dq/log.c:193:146: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void log_tx(const unsigned char *q, const unsigned char qtype[2], const unsigned char *control, const unsigned char servers[256], const unsigned char keys[528], int flaghavekeys, unsigned int gluelessness) {
data/dq-20181021/dq/log.c:214:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void log_cachedanswer(const unsigned char *q,const unsigned char type[2])
data/dq-20181021/dq/log.c:214:61: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void log_cachedanswer(const unsigned char *q,const unsigned char type[2])
data/dq-20181021/dq/log.c:246:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void log_nodata(const unsigned char *server,const unsigned char *q,const unsigned char qtype[2],unsigned int ttl)
data/dq-20181021/dq/log.c:246:60: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void log_nodata(const unsigned char *server,const unsigned char *q,const unsigned char qtype[2],unsigned int ttl)
data/dq-20181021/dq/log.c:246:83: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void log_nodata(const unsigned char *server,const unsigned char *q,const unsigned char qtype[2],unsigned int ttl)
data/dq-20181021/dq/log.c:283:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void log_rr(const unsigned char *server,const unsigned char *q,const unsigned char type[2],const unsigned char *buf,unsigned int len,unsigned int ttl, unsigned char flagkey)
data/dq-20181021/dq/log.c:283:56: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void log_rr(const unsigned char *server,const unsigned char *q,const unsigned char type[2],const unsigned char *buf,unsigned int len,unsigned int ttl, unsigned char flagkey)
data/dq-20181021/dq/log.c:283:79: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void log_rr(const unsigned char *server,const unsigned char *q,const unsigned char type[2],const unsigned char *buf,unsigned int len,unsigned int ttl, unsigned char flagkey)
data/dq-20181021/dq/log.c:302:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char i[16];
data/dq-20181021/dq/log.c:343:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void log_rrmx(const unsigned char *server,const unsigned char *q,const unsigned char *mx,const unsigned char pref[2],unsigned int ttl, unsigned char flagkey)
data/dq-20181021/dq/log.c:343:58: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void log_rrmx(const unsigned char *server,const unsigned char *q,const unsigned char *mx,const unsigned char pref[2],unsigned int ttl, unsigned char flagkey)
data/dq-20181021/dq/log.c:343:81: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void log_rrmx(const unsigned char *server,const unsigned char *q,const unsigned char *mx,const unsigned char pref[2],unsigned int ttl, unsigned char flagkey)
data/dq-20181021/dq/log.c:343:105: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void log_rrmx(const unsigned char *server,const unsigned char *q,const unsigned char *mx,const unsigned char pref[2],unsigned int ttl, unsigned char flagkey)
data/dq-20181021/dq/log.c:354:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void log_rrsoa(const unsigned char *server,const unsigned char *q,const unsigned char *n1,const unsigned char *n2,const unsigned char misc[20],unsigned int ttl,unsigned char flagkey)
data/dq-20181021/dq/log.c:354:59: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void log_rrsoa(const unsigned char *server,const unsigned char *q,const unsigned char *n1,const unsigned char *n2,const unsigned char misc[20],unsigned int ttl,unsigned char flagkey)
data/dq-20181021/dq/log.c:354:82: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void log_rrsoa(const unsigned char *server,const unsigned char *q,const unsigned char *n1,const unsigned char *n2,const unsigned char misc[20],unsigned int ttl,unsigned char flagkey)
data/dq-20181021/dq/log.c:354:106: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void log_rrsoa(const unsigned char *server,const unsigned char *q,const unsigned char *n1,const unsigned char *n2,const unsigned char misc[20],unsigned int ttl,unsigned char flagkey)
data/dq-20181021/dq/log.c:354:130: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void log_rrsoa(const unsigned char *server,const unsigned char *q,const unsigned char *n1,const unsigned char *n2,const unsigned char misc[20],unsigned int ttl,unsigned char flagkey)
data/dq-20181021/dq/numtostr.c:18:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char staticbuf[NUMTOSTR_LEN];
data/dq-20181021/dq/okclient.c:8:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fn[4 + IPTOSTR_LEN];
data/dq-20181021/dq/open_read.c:10:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(fn,O_RDONLY | O_NONBLOCK | O_CLOEXEC);
data/dq-20181021/dq/open_read.c:12:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(fn,O_RDONLY | O_NONBLOCK);
data/dq-20181021/dq/open_trunc.c:10:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(fn,O_CREAT | O_WRONLY | O_NONBLOCK | O_TRUNC | O_CLOEXEC,0644);
data/dq-20181021/dq/open_trunc.c:12:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(fn,O_CREAT | O_WRONLY | O_NONBLOCK | O_TRUNC,0644);
data/dq-20181021/dq/porttostr.c:19:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char staticbuf[PORTTOSTR_LEN];
data/dq-20181021/dq/printpacket.c:20:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[12];
data/dq-20181021/dq/printrecord.c:11:56: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
long long printrecord_cat(stralloc *out,const unsigned char *buf,long long len,long long pos,const unsigned char *q,const unsigned char qtype[2])
data/dq-20181021/dq/printrecord.c:11:110: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
long long printrecord_cat(stralloc *out,const unsigned char *buf,long long len,long long pos,const unsigned char *q,const unsigned char qtype[2])
data/dq-20181021/dq/printrecord.c:11:133: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
long long printrecord_cat(stralloc *out,const unsigned char *buf,long long len,long long pos,const unsigned char *q,const unsigned char qtype[2])
data/dq-20181021/dq/printrecord.c:14:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char misc[20];
data/dq-20181021/dq/printrecord.c:158:52: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
long long printrecord(stralloc *out,const unsigned char *buf,long long len,long long pos,const unsigned char *q,const unsigned char qtype[2])
data/dq-20181021/dq/printrecord.c:158:105: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
long long printrecord(stralloc *out,const unsigned char *buf,long long len,long long pos,const unsigned char *q,const unsigned char qtype[2])
data/dq-20181021/dq/printrecord.c:158:128: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
long long printrecord(stralloc *out,const unsigned char *buf,long long len,long long pos,const unsigned char *q,const unsigned char qtype[2])
data/dq-20181021/dq/printrecord.h:6:63: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern long long printrecord_cat(stralloc *out,const unsigned char *buf,long long len,long long pos,const unsigned char *q,const unsigned char qtype[2]);
data/dq-20181021/dq/printrecord.h:6:117: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern long long printrecord_cat(stralloc *out,const unsigned char *buf,long long len,long long pos,const unsigned char *q,const unsigned char qtype[2]);
data/dq-20181021/dq/printrecord.h:6:140: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern long long printrecord_cat(stralloc *out,const unsigned char *buf,long long len,long long pos,const unsigned char *q,const unsigned char qtype[2]);
data/dq-20181021/dq/printrecord.h:7:59: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern long long printrecord(stralloc *out,const unsigned char *buf,long long len,long long pos,const unsigned char *q,const unsigned char qtype[2]);
data/dq-20181021/dq/printrecord.h:7:112: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern long long printrecord(stralloc *out,const unsigned char *buf,long long len,long long pos,const unsigned char *q,const unsigned char qtype[2]);
data/dq-20181021/dq/printrecord.h:7:135: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern long long printrecord(stralloc *out,const unsigned char *buf,long long len,long long pos,const unsigned char *q,const unsigned char qtype[2]);
data/dq-20181021/dq/query.c:19:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char secretkey[32];
data/dq-20181021/dq/query.c:20:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char publickey[32];
data/dq-20181021/dq/query.c:62:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char remoteport[2] = { 0, 53 };
data/dq-20181021/dq/query.c:91:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void cachegeneric(const unsigned char type[2],const unsigned char *d,const unsigned char *data,long long datalen,crypto_uint32 ttl, unsigned char flagns)
data/dq-20181021/dq/query.c:94:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[257];
data/dq-20181021/dq/query.c:106:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void cachegeneric2(const unsigned char type[2],const unsigned char dtype[2], const unsigned char *d,const unsigned char *data,long long datalen,crypto_uint32 ttl, unsigned char flagns)
data/dq-20181021/dq/query.c:106:70: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void cachegeneric2(const unsigned char type[2],const unsigned char dtype[2], const unsigned char *d,const unsigned char *data,long long datalen,crypto_uint32 ttl, unsigned char flagns)
data/dq-20181021/dq/query.c:109:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[259];
data/dq-20181021/dq/query.c:123:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char save_buf[8192];
data/dq-20181021/dq/query.c:141:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void save_finish(const unsigned char type[2],const unsigned char *d,crypto_uint32 ttl,unsigned char flagns)
data/dq-20181021/dq/query.c:147:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int typematch(const unsigned char rtype[2],const unsigned char qtype[2])
data/dq-20181021/dq/query.c:147:66: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int typematch(const unsigned char rtype[2],const unsigned char qtype[2])
data/dq-20181021/dq/query.c:152:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static long long ttlget(unsigned char buf[4])
data/dq-20181021/dq/query.c:228:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int globalip(unsigned char *d,unsigned char ip[16])
data/dq-20181021/dq/query.c:228:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int globalip(unsigned char *d,unsigned char ip[16])
data/dq-20181021/dq/query.c:231:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xbuf[100];
data/dq-20181021/dq/query.c:240:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int globalip6(unsigned char *d,unsigned char ip[16]) {
data/dq-20181021/dq/query.c:240:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int globalip6(unsigned char *d,unsigned char ip[16]) {
data/dq-20181021/dq/query.c:241:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xbuf[100];
data/dq-20181021/dq/query.c:251:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int findkey(const unsigned char *dn,unsigned char key[32])
data/dq-20181021/dq/query.c:251:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int findkey(const unsigned char *dn,unsigned char key[32])
data/dq-20181021/dq/query.c:275:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header1[12];
data/dq-20181021/dq/query.c:276:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header2[12];
data/dq-20181021/dq/query.c:346:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[259];
data/dq-20181021/dq/query.c:353:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header[16];
data/dq-20181021/dq/query.c:354:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char misc[20];
data/dq-20181021/dq/query.c:355:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pubkey[32];
data/dq-20181021/dq/query.c:910:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char type[2];
data/dq-20181021/dq/query.c:1244:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int query_start(struct query *z,unsigned char *dn,unsigned char type[2],unsigned char class[2],unsigned char localip[32])
data/dq-20181021/dq/query.c:1244:60: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int query_start(struct query *z,unsigned char *dn,unsigned char type[2],unsigned char class[2],unsigned char localip[32])
data/dq-20181021/dq/query.c:1244:82: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int query_start(struct query *z,unsigned char *dn,unsigned char type[2],unsigned char class[2],unsigned char localip[32])
data/dq-20181021/dq/query.c:1244:105: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int query_start(struct query *z,unsigned char *dn,unsigned char type[2],unsigned char class[2],unsigned char localip[32])
data/dq-20181021/dq/query.h:15:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *name[QUERY_MAXLEVEL];
data/dq-20181021/dq/query.h:16:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *control[QUERY_MAXLEVEL]; /* pointing inside name */
data/dq-20181021/dq/query.h:17:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *ns[QUERY_MAXLEVEL][QUERY_MAXNS];
data/dq-20181021/dq/query.h:18:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char servers[QUERY_MAXLEVEL][256];
data/dq-20181021/dq/query.h:19:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char keys[QUERY_MAXLEVEL][528];
data/dq-20181021/dq/query.h:22:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *alias[QUERY_MAXALIAS];
data/dq-20181021/dq/query.h:24:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char localip[32];
data/dq-20181021/dq/query.h:25:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char type[2];
data/dq-20181021/dq/query.h:26:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char class[2];
data/dq-20181021/dq/randommod.c:11:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char r[32];
data/dq-20181021/dq/response.c:7:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char response[65535];
data/dq-20181021/dq/response.c:12:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char name[NAMES][255];
data/dq-20181021/dq/response.c:29:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2];
data/dq-20181021/dq/response.c:54:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int response_query(const unsigned char *q, const unsigned char qtype[2], const unsigned char qclass[2]) {
data/dq-20181021/dq/response.c:54:59: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int response_query(const unsigned char *q, const unsigned char qtype[2], const unsigned char qclass[2]) {
data/dq-20181021/dq/response.c:54:89: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int response_query(const unsigned char *q, const unsigned char qtype[2], const unsigned char qclass[2]) {
data/dq-20181021/dq/response.c:74:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int response_rstart(const unsigned char *d, const unsigned char type[2], crypto_uint32 ttl) {
data/dq-20181021/dq/response.c:74:60: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int response_rstart(const unsigned char *d, const unsigned char type[2], crypto_uint32 ttl) {
data/dq-20181021/dq/response.c:76:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ttlstr[4];
data/dq-20181021/dq/response.c:109:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void response_id(const unsigned char id[2]) {
data/dq-20181021/dq/roots.c:46:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int roots(unsigned char servers[256], unsigned char keys[528], int *flaghavekeys, unsigned char *q) {
data/dq-20181021/dq/roots.c:46:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int roots(unsigned char servers[256], unsigned char keys[528], int *flaghavekeys, unsigned char *q) {
data/dq-20181021/dq/roots.c:68:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char servers[256];
data/dq-20181021/dq/roots.c:69:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char keys[528];
data/dq-20181021/dq/strtomultiip.c:16:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[STRTOMULTIIP_BUFSIZE];
data/dq-20181021/dq/warn.c:17:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *s[9];
data/dq-20181021/dq/warn.c:19:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/dq-20181021/sysdep/hasasmvolatilememory.h-yes.c:12:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[7] = "abcdef";
data/dq-20181021/sysdep/hasipv6.h-yes.c:22:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sa.sin6_addr, "\0\0\0\0\0\0\0\0\0\0\377\377\177\0\0\1", 16);
data/dq-20181021/sysdep/hasipv6.h-yes.c:23:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sa.sin6_port, "\1\1", 2);
data/dq-20181021/crypto-tests/randombytestest.c:27:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fd, x, xlen);
data/dq-20181021/crypto/randombytes.c:32:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
i = read(fd,x,i);
data/dq-20181021/dq/dns_transmit.c:564:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fd,&ch,1);
data/dq-20181021/dq/dns_transmit.c:577:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fd,&ch,1);
data/dq-20181021/dq/dns_transmit.c:595:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fd,d->packet + d->pos,d->packetlen - d->pos);
data/dq-20181021/dq/dqcache.c:254:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(x->tcp, &ch, 1);
data/dq-20181021/dq/dqcache.c:263:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(x->tcp, &ch, 1);
data/dq-20181021/dq/dqcache.c:277:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(x->tcp, x->buf + x->pos, x->len - x->pos);
data/dq-20181021/dq/openreadclose.c:28:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fd, sa->s + sa->len, bufsize);
data/dq-20181021/dq/xsocket_conn.c:68:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(s, &ch, 1) == -1) {}; /* sets errno */
ANALYSIS SUMMARY:
Hits = 333
Lines analyzed = 11645 in approximately 0.39 seconds (30105 lines/second)
Physical Source Lines of Code (SLOC) = 9151
Hits@level = [0] 34 [1] 10 [2] 319 [3] 1 [4] 1 [5] 2
Hits@level+ = [0+] 367 [1+] 333 [2+] 323 [3+] 4 [4+] 3 [5+] 2
Hits/KSLOC@level+ = [0+] 40.1049 [1+] 36.3895 [2+] 35.2967 [3+] 0.437111 [4+] 0.327833 [5+] 0.218555
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.